What happened at devuan.org?

cynwulf · 2019-04-03 08:09:32

In my opinion he doesn't need to go. He might need a talking to, but to me it's not really clear as to who was actually responsible. To me at least it appears that the (three?) main devs knew about this prank and are now being rather silent. I personally don't use/read twitter, don't care about twitter - the apology, the explanation even, for this just needs to be an announcement on the project's main page. Clear up the confusion - "we were not 'hacked', it was an April fools joke which backfired", etc. Hoping it just blows over is insulting, it feeds the trolls and damages the project's reputation even more. £0.02

It reminds me of the kernel.org breach of 2011 (one of the the incidents which led me on the path of abandoning Linux altogether). Rather than an entirely transparent and honest approach, there was what could be called a "cover up" or a "whitewash", coupled with a period of "radio silence". The people ordinary running Linux, in many cases, running a business or running something mission critical on it were simply shut out, while the kernel devs hastily cleaned up their mess behind closed doors.

That's not the example to follow.

MiyoLinux · 2019-04-03 09:03:47

Dear dev1ners,

Let us not forget that none of us...NONE OF US...are perfect. We are human and make mistakes...whether intentionally or not. Just look at my own personal latest nervous-jerkdown as an example... . I completely blew Miyo out of the water. I lost trust. Yet...there were folks who understood.

With this latest situation, I quickly realized that it was an April Fool's joke after seeing that my "report" of a hack wasn't responded to by an administrator...whom I knew had seen my report. Does that negate the problem that was created? No.

...but we are all human, and we all make mistakes.

Let's not forget that there are real people (who work behind the scenes) to bring us a non-systemd distro...and VERY often, their tireless efforts are without acknowledgment...while things are going good.

I work in water treatment...

No one has anything to say when the water is nice and clear...but let something happen that causes a problem, and they're all over that! LOL! I work holidays and weekends so that folks can have safe water to drink. I think that I've had a total of 3 Christmas days off in the last 25 years (not to mention other holidays and weekends)...but people don't think about that while they're celebrating the holidays with their family...that there is someone working to provide them with a service on a holiday that they're enjoying...or a weekend that they're enjoying...but that guy is having to work...and is missing time with HIS family.

I don't know all of the particulars regarding this incident...but one thing I do know...there are folks who make Devuan available for us, and they rarely receive any fanfare for their efforts and time. They work to provide us a service...much like I do.

We all make mistakes...please cut them/him some slack. Please?

siva · 2019-04-03 12:44:27

pulsar wrote:

For what it's worth, I knew virtually nothing about Devuan until I saw an article referencing the "pwned" page and it prompted me to research the project. Now I have a registered account on the project forum...Just flashed ascii release to usb.

Talking heads aside, can we take a second and appreciate this post?
All press is good press. Any serious project gets dumped on from time to time. That should be a good sign.

@pulsar, welcome to the madhouse.

Last edited by siva (2019-04-03 12:57:21)

SmartDuck · 2019-04-03 13:45:22

Great 1 april joke, enjoy the discussion on Dyne. I can imagine that some people got worried.

ChuangTzu · 2019-04-03 19:37:22

MiyoLinux wrote:

Dear dev1ners,
Let us not forget that none of us...NONE OF US...are perfect. We are human and make mistakes...whether intentionally or not. Just look at my own personal latest nervous-jerkdown as an example... . I completely blew Miyo out of the water. I lost trust. Yet...there were folks who understood.
With this latest situation, I quickly realized that it was an April Fool's joke after seeing that my "report" of a hack wasn't responded to by an administrator...whom I knew had seen my report. Does that negate the problem that was created? No.
...but we are all human, and we all make mistakes.
Let's not forget that there are real people (who work behind the scenes) to bring us a non-systemd distro...and VERY often, their tireless efforts are without acknowledgment...while things are going good.
I work in water treatment...
No one has anything to say when the water is nice and clear...but let something happen that causes a problem, and they're all over that! LOL! I work holidays and weekends so that folks can have safe water to drink. I think that I've had a total of 3 Christmas days off in the last 25 years (not to mention other holidays and weekends)...but people don't think about that while they're celebrating the holidays with their family...that there is someone working to provide them with a service on a holiday that they're enjoying...or a weekend that they're enjoying...but that guy is having to work...and is missing time with HIS family.
I don't know all of the particulars regarding this incident...but one thing I do know...there are folks who make Devuan available for us, and they rarely receive any fanfare for their efforts and time. They work to provide us a service...much like I do.
We all make mistakes...please cut them/him some slack. Please?

Miyo, I understand where you are coming from, however, imagine if at your water treatment plant you guys decided to post a warning on your company website that

"the water was poisoned, this is a very serious situation, however, we are working on it, we are not sure if we have control of the pumps or how they got in, but we are working on it, updates will be provided...etc..."

Then people go on the companies social media sites and see the same message, go to the CEO's twitter page and see the same message.

Irresponsible. How would you feel if your bank said "we were hacked today etc..." then announced just kidding a day later. Your Dr. says, you have cancer...nah just yanking your chain.

There comes a time when people need to grow up, its not about being frat boys and sorority girls anymore. The dev's need to stop hiding behind some false hacker ethos to shrug off poor judgement. Big difference between honest mistakes and poor judgement.

Last edited by ChuangTzu (2019-04-03 19:37:59)

ChuangTzu · 2019-04-03 19:42:10

siva wrote:

pulsar wrote:
For what it's worth, I knew virtually nothing about Devuan until I saw an article referencing the "pwned" page and it prompted me to research the project. Now I have a registered account on the project forum...Just flashed ascii release to usb.
Talking heads aside, can we take a second and appreciate this post?
All press is good press. Any serious project gets dumped on from time to time. That should be a good sign.
@pulsar, welcome to the madhouse.

Any press is good press, seriously? https://www.thebalancesmb.com/myth-any- … ss-2295839
https://ereleases.com/pr-fuel/biggest-pr-myth-of-all/

siva · 2019-04-03 22:15:17

I get that tensions are high. Talking heads are going to talk. People who would never have used devuan are going to use it as a speaking point. The devuan team has acknowledged the issue, and many people here who use it are going to keep using it.

That leaves a substantial potential member base.

And, as evidenced by the new members here, I'm pretty sure it's not the end of the world.

Or the project.

Give it time.

Last edited by siva (2019-04-03 22:17:10)

Ron · 2019-04-03 23:19:46

ChuangTzu wrote:
How would you feel if your bank said "we were hacked today etc..." then announced just kidding a day later. Your Dr. says, you have cancer...nah just yanking your chain.
There comes a time when people need to grow up, its not about being frat boys and sorority girls anymore. The dev's need to stop hiding behind some false hacker ethos to shrug off poor judgement. Big difference between honest mistakes and poor judgement.

Nicely put. And so true.

dxrobertson · 2019-04-03 23:36:22

Its now April 3rd. Can we move on away from this poison?

Somewhere in the past, a fellow provided some very good common sense philosophy.

catprints wrote:

I guess being grateful for Devuan goes out the window if they fall prey to human error?

UnixRocks · 2019-04-03 23:58:57

Lysander wrote:

I personally find this puerile. There are some people [seasoned *nixers among them] who don't view Devuan as a serious project, this doesn't help.
Something subtle would have been better.

I am a seasoned *nixer, if you consider 30+ years seasoned, and I take Devuan seriously. I also thought the joke was hilarious. The gopher stuff was what made it funny to me. Especially that gopher actually worked! Ingenious!

Head_on_a_Stick · 2019-04-04 16:41:05

TotallyDoneWithLinuxNow wrote:

Puffy and I have been making each other’s acquaintances and I’m now comfortable enough to switch over completely.

Be warned that the OpenBSD devs also have a wicked sense of humour: when sudo was included in the base system it had insults enabled by default

Awesome operating system though, good choice.

FWIW I reckon the Devuan devs just didn't think anybody would be stupid enough to think the joke was real.

Ron · 2019-04-04 19:13:21

Head_on_a_Stick
I reckon the Devuan devs just didn't think anybody would be stupid enough to think the joke was real.

Making your own website looked hacked, that's the real stupidity.

siva · 2019-04-04 19:16:46

TotallyDoneWithLinuxNow wrote:

How do I know that other “jokes” aren’t lurking in my system?

I know what you mean. I went to compile the 5.0.6 kernel the other day and found the entirety of Louis C.K. stand-up videos encoded in base64 in a patch file. Naturally I beat it repeatedly with a hammer and incinerated it in a large firepit. It really makes you wonder what's on your system. #totallydonewithlinuxnow #spectredoesntexist #alsoopenbsdhasitsownsetofbugssoiwouldrecommendkeepingupwiththeirmailinglists

Last edited by siva (2019-04-04 19:17:34)

Head_on_a_Stick · 2019-04-04 19:23:06

Ron wrote:

Making your own website looked hacked, that's the real stupidity.

Why would genuine hackers change the home page if they wanted to plant malware? Think about it...

MiyoLinux · 2019-04-04 23:55:09

True story...

After looking at all of that green on the page, it made me want a pickle.

ChuangTzu · 2019-04-05 00:12:52

Head_on_a_Stick wrote:

Ron wrote:
Making your own website looked hacked, that's the real stupidity.
Why would genuine hackers change the home page if they wanted to plant malware? Think about it...

Why would anyone want to pretend their website was hacked, and then go on for several hours via social media, irc and the forum, pretending and reinforcing that it was hacked?

ChuangTzu · 2019-04-05 00:14:12

MiyoLinux wrote:

True story...
After looking at all of that green on the page, it made me want a pickle.

Deli, Dill, Garlic, gherkin?

MiyoLinux · 2019-04-05 04:09:24

ChuangTzu wrote:

MiyoLinux wrote:
True story...
After looking at all of that green on the page, it made me want a pickle.
Deli, Dill, Garlic, gherkin?

Dill...all others are just wannabe's...

Head_on_a_Stick · 2019-04-05 05:54:10

ChuangTzu wrote:

Why would anyone want to pretend their website was hacked, and then go on for several hours via social media, irc and the forum, pretending and reinforcing that it was hacked?

Because they were laughing at the clueless idiots, perhaps?

I may have my head on a stick but you folks seem to have a stick up your arse, please get over this and move on.

Lysander · 2019-04-05 09:37:29

I think it's fine to move on as long as lessons are learned.

It should be noted that in spite of what used to go on in development teams, the Linux userbase has drastically changed in the last few years. Now there are many people who are newer to the game and who do not understand this older style of *nix humour and for which a hacking prank would be a serious concern, myself included. Saying words to the effect of, "it's an old-style joke" is not sufficient. Things change, social climates change, userbases change. Some of what we could say 50 years ago, or even ten years ago, is now no longer acceptable. Some of it can get one into serious trouble. I am all for free speech and detest this new climate of 'hate speech' and 'offence' but I also acknowledge that attitudes and perceptions change along with the generations.

We can all move on from this with the knowledge that it was not the best prank to pull. It was something appreciated by some of the older devs but for many others the joke misfired was totally inappropriate. Devuan is still a fledgling distro and though they are running an old, pure Debian-style distro of the '90/2000s it's advisable to keep their attitudes towards their userbase fresh and respectful.

Last edited by Lysander (2019-04-05 10:03:16)

cynwulf · 2019-04-05 10:54:44

It would seem that some here haven't seen many "pwned" sites, nor that many such sites are cracked by so called "script kiddies"...

There are a few notable issues with this: Just because it's April 1st, doesn't mean a website which appears to have been cracked on that date hasn't actually been cracked and that simply because it appears to be an April 1st hoax, doesn't mean that it automatically is one, simply by virtue of it being April 1st.

Social engineering, i.e. lulling victims into a false sense of security or simply playing to their greed, arrogance / self importance are all more important in stealing data than the actual exploits / tools used.

I don't see the main problem as being with the prank page, but in how the whole prank was perpetuated on the project's mailing lists, at the expense of many of those around the world who may not see the significance of April 1st.

aut0exec · 2019-04-05 11:29:13

cynwulf wrote:

There are a few notable issues with this: Just because it's April 1st, doesn't mean a website which appears to have been cracked on that date hasn't actually been cracked and that simply because it appears to be an April 1st hoax, doesn't mean that it automatically is one, simply by virtue of it being April 1st.
Social engineering, i.e. lulling victims into a false sense of security or simply playing to their greed, arrogance / self importance are all more important in stealing data than the actual exploits / tools used.
I don't see the main problem as being with the prank page, but in how the whole prank was perpetuated on the project's mailing lists, at the expense of many of those around the world who may not see the significance of April 1st.

I'm over the whole situation at this point but this post is where my head was. It wasn't actually April 1st when I tried to visit the website. It was around 1900 on March 31st. Sort of assumed it was a joke but still took precautions just in case (after the Linux Mint fiasco a few years ago, I didn't want to risk it.)

End of the day, Thanks Devuan Devs, still loving the distro and started converting my Pi's over to Devuan as well!

Last edited by aut0exec (2019-04-05 11:29:48)

ChuangTzu · 2019-04-05 21:11:44

Head_on_a_Stick wrote:

ChuangTzu wrote:
Why would anyone want to pretend their website was hacked, and then go on for several hours via social media, irc and the forum, pretending and reinforcing that it was hacked?
Because they were laughing at the clueless idiots, perhaps?
I may have my head on a stick but you folks seem to have a stick up your arse, please get over this and move on.

I see you brought the same level of maturity to Dev1 that you display at FDN.

ChuangTzu · 2019-04-05 21:16:33

cynwulf wrote:

It would seem that some here haven't seen many "pwned" sites, nor that many such sites are cracked by so called "script kiddies"...
There are a few notable issues with this: Just because it's April 1st, doesn't mean a website which appears to have been cracked on that date hasn't actually been cracked and that simply because it appears to be an April 1st hoax, doesn't mean that it automatically is one, simply by virtue of it being April 1st.
Social engineering, i.e. lulling victims into a false sense of security or simply playing to their greed, arrogance / self importance are all more important in stealing data than the actual exploits / tools used.
I don't see the main problem as being with the prank page, but in how the whole prank was perpetuated on the project's mailing lists, at the expense of many of those around the world who may not see the significance of April 1st.

Exactly, the prank page was one level, the major issue, however, were the three D's (denial, deceit, delusion) that was exhibited via social media, irc and the forum. Once the issue was raised it could have been handled as "Happy April Fools from Devuan dev's". They could have even offered a Devuan edition of a "Green Hat" for purchase/donation, USB with Devuan installed that has a faux gopher tail attached etc....

Live and learn, I've been around long enough to know that.....Time for another cup of tea (Moroccan mint green tea is brewing....)

Head_on_a_Stick · 2019-04-05 21:55:19

ChuangTzu wrote:

I see you brought the same level of maturity to Dev1 that you display at FDN.

And I see you bring the same level of noise...

The officially official Devuan Forum!

#51 2019-04-03 08:09:32

Re: What happened at devuan.org?

#52 2019-04-03 09:03:47

Re: What happened at devuan.org?

#53 2019-04-03 12:44:27

Re: What happened at devuan.org?

#54 2019-04-03 13:45:22

Re: What happened at devuan.org?

#55 2019-04-03 19:37:22

Re: What happened at devuan.org?

#56 2019-04-03 19:42:10

Re: What happened at devuan.org?

#57 2019-04-03 22:15:17

Re: What happened at devuan.org?

#58 2019-04-03 23:19:46

Re: What happened at devuan.org?

#59 2019-04-03 23:36:22

Re: What happened at devuan.org?

#60 2019-04-03 23:58:57

Re: What happened at devuan.org?

#61 2019-04-04 16:41:05

Re: What happened at devuan.org?

#62 2019-04-04 19:13:21

Re: What happened at devuan.org?

#63 2019-04-04 19:16:46

Re: What happened at devuan.org?

#64 2019-04-04 19:23:06

Re: What happened at devuan.org?

#65 2019-04-04 23:55:09

Re: What happened at devuan.org?

#66 2019-04-05 00:12:52

Re: What happened at devuan.org?

#67 2019-04-05 00:14:12

Re: What happened at devuan.org?

#68 2019-04-05 04:09:24

Re: What happened at devuan.org?

#69 2019-04-05 05:54:10

Re: What happened at devuan.org?

#70 2019-04-05 09:37:29

Re: What happened at devuan.org?

#71 2019-04-05 10:54:44

Re: What happened at devuan.org?

#72 2019-04-05 11:29:13

Re: What happened at devuan.org?

#73 2019-04-05 21:11:44

Re: What happened at devuan.org?

#74 2019-04-05 21:16:33

Re: What happened at devuan.org?

#75 2019-04-05 21:55:19

Re: What happened at devuan.org?

Board footer