Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Comment: Can it be enabled? (Score 2) 73

by ThePhilips (#48664077) Attached to: Docker Image Insecurity

Docker's report that a downloaded image is 'verified' is based solely on the presence of a signed manifest, and Docker never verifies the image checksum from the manifest.

Can it be enabled? If yes, then I do not see a problem.

Otherwise, the signing crap is just that: crap.

It takes needlessly long time to verify the signature. (Because they are not slow! - they are so secure, so very much OMG secure.)

It is a huge risk to reconfigure a production system to use unsigned data if emergency arises. (Think recovery from a local backup.)

Developers forget to renew their certificates and suddenly, in the middle of a production, whole system goes down, because OMG the certificate has expired and data may be not secure!!!

And then, in the end, the signing keys get leaked or stolen...

Comment: Re:Forked the Debian? or the Debian? (Score 1) 183

by ThePhilips (#48659841) Attached to: Devuan Progress Report Published

GNOME demands the systemd, not just any systemd.

No. Gnome demands libpam-systemd or consolekit. libpam-systemd demands either systemd or systemd-shim.

So either work on consolekit/consolekit2 or work on systemd-shim.

I was basically quoting Debian's GNOME maintainer, from the times of the Debian's CTTE debate.

At least at the time, Debian's GNOME package had a hardcoded dependency on the systemd package, not a feature/virtual package which provides the services. And GNOME DDs were refusing to change that, because they didn't like the systemd-shim.

Comment: Re:Forked the Debian? or the Debian? (Score 2) 183

by ThePhilips (#48659819) Attached to: Devuan Progress Report Published

If it isn't a bug, why patch it?

And this is a clear systemd bias (and GNOME attitude).

If systemd says it is not a bug, then it is not. And if something doesn't work - well, somebody opened a ticket about something NOT working - then something does NOT work. And if the systemd refused to fix it - who's going to?

The whole position of systemd implementors in Debian was and probably still is: we change how the whole system works, but we are totally not responsible if something breaks, because it is, duh, mainline systemd.

The whole problem of the hairy rcS scripts was ability to workaround pretty much any software or hardware problem on spot. Here, systemd insists that they are always in right - it is the rest of the world who are wrong. The problem is that a blank statement about wrongness of the world (it never was right to begin with) doesn't solve the immediate problem users are having.

I have actually read most of them at the time, and I still think you are misrepresenting the systemd maintainers.

Frankly I do not remember. It could have been one of the adjacent tickets about the systemd breaking the systems on autoupdate.

Tollef Fog Heen was pretty clear that he is not going to do anything special for Debian. (He is (or was at the time) a Fedora user already anyway.)


If you can't tell what the hell the trivial commit does, then you are obviously not a software developer.

That was a great PR move on part of the systemd developers: to flood the mail lists with the buzz words. Users have no idea what they mean - but they sure sound cool - so systemd must be cool too.

Comment: Re:Forked the Debian? or the Debian? (Score 1) 183

by ThePhilips (#48659273) Attached to: Devuan Progress Report Published

Sure, the main branch of systemd wants to have as few distro specific patches as possible, but they do accept them if there is no other solution.

I was just quoting the (ex-)maintainer of the systemd, from his e-mails from the CTTE discussion.

Debian feedback would be submitted to mainline - but if it is rejected, he wouldn't even carry a custom Debian patch for it, because he doesn't want to deviate from the mainline. And he, as the maintainer of the systemd, would not consider it a bug. As such somebody else would have to fix somewhere else.

If you are willing to grep through the 1K emails - you would definitely find that being repeated several time.

Here is a Debian specific patch that predates Debians adoption of systemd as default init-system: http://cgit.freedesktop.org/sy...

It's obviously not Debian specific.

It is very obviously a distro specific part of systemd: Debian was added to the list where Fedora and Arch were already present.

Comment: Re:Forked the Debian? or the Debian? (Score 1) 183

by ThePhilips (#48659235) Attached to: Devuan Progress Report Published

You're talking about Debian and Devuan like it's two monolithic organizations. It's not. It's people. And and if you want "Debian" to do something then real human Debian developers will have to do the job. It doesn't matter what any committee decides if no one is interested in actually doing the work.


This very topic was laundered during the init system selection on the debian-ctte for very long time: it makes no sense to invest time into developing systemd if upstart is picked, and vice versa.

There might be people willing to do the work - but there is little more demotivational than a project declaring that they are taking a different path.

But the most demotivational is when people are told that they can't even have an alternative systemd implementation/fork - of which there are already couple - because GNOME demands the systemd, not just any systemd.

For motivation to spend your free time on something, this is as good as hitting a brick wall at full speed.

The Devuan developers are obviously up for the task. That's great. They do what they want to do. It's just too bad that they for whatever reason couldn't do it in Debian. I don't blame them. It takes an arm and a leg to get into Debian nowdays, so if it's easier for them to create a fork then maybe that says something about the Debian project too.

To me the most interesting part whether the whole fork would even take off.

Technical aspects of init system replacement are very easy - compared to the establishment of an organizational structure of the Debian.

Comment: Re:Forked the Debian? or the Debian? (Score 1) 183

by ThePhilips (#48658869) Attached to: Devuan Progress Report Published

I do not know the answer for the Debian, but if you did RTFA, you would notice that it is precisely what the Devuan is doing: creating and packaging software which provide the interface of systemd services without the systemd itself.

The (retorical) question which I have already asked on difference occasions here is whether the Debian is a good place to do such development.

One strong undertone from the CTTE's init system selection debate was that Debian doesn't want to do the development and wants to maximize the reuse of the code from the other distros. This turned into a weird attitude when systemd vs. upstart was evaluated. The upstart devs and maintainers have committed themselves to implement whatever Debian needs. The systemd devs and maintainers committed to literally to nothing, basically saying "if it is good for Fedora is should do the job for Debian too; no Debian specific patches are going to be accepted even into the Debian systemd package". And that was later respun by a couple of CTTE members as "upstart still needs development while systemd doesn't".

That is also why I raise the question about changes to the Debian organization in Devuan: How could Devuan be more software developer friendlier? At the moment the barrier to entry is very high, leaving developers at mercy of the respective Debian packager. Or leaving the developer basically out if it has something to do with the low-level stuff like init system.

Comment: Forked the Debian? or the Debian? (Score 1) 183

by ThePhilips (#48658599) Attached to: Devuan Progress Report Published

The larger question is: what Devuan is really forking?

Do they fork a distro?

Or do they fork an organization?

With some work, one can fork a distro. But to fork the organization, one need to win over the people. I doubt that they will win over many (Debian) people without actually changing something in the forked organization.

Though many see the "systemd vs world" as the dividing force, in reality there is IMO problem with Debian organization. I have followed the debate for some time, and IMO, the problem is that there is too much democracy in the Debian. Public debate is a good thing. But too much of it simply prevents the organization from doing its work. That is IMO what has happened during the Debian's init system selection process.

Comment: Re:Why hyphenation in an e-text? (Score 2) 291

by ThePhilips (#48653111) Attached to: Amazon "Suppresses" Book With Too Many Hyphens

There is a unicode character known as a soft hyphen. The soft hyphen indicates where to break a word if it doesn't all fit on a line. This character should be used instead of a hard hyphen most of the time.

Too bad eBook readers are very inconsistent in their support for that. Some readers display an icon indicating an unknown glyph, many fail to insert the hyphen....


That soft hyphen would have been a blessing for the German e-books. Some texts are flush with the overly long words, making them very hard to read.

But Kindle (last time I checked) doesn't support it.

Neither the Calibre and few other e-book viewers/editors I have tried in the past.

In other words, in my experience the support is uniform and consistent: no support whatsoever, sadly.

P.S. On top of it, the Kindle devices I have, also have the rendering and text selection bugs when displaying/selecting the text around words (even if they are hyphenated) which are longer than the single visible line.

+ - Serious flaws in NTP (the application, not the protocol) need to be patched 3

Submitted by hawkinspeter
hawkinspeter (831501) writes "A new set of vulnerabilities with the most common NTP daemon have been discovered by Google security researchers. There exist public exploits that target these flaws, so it's recommended to patch to version 4.2.8 (or switch to openntp which doesn't have the same issues) immediately. This is especially problematic for those systems that run ntpd with root privileges as a single carefully crafted packet can allow access at the privilege level of the process. This was reported by ZDNet a few days ago and I have yet to see the Ubuntu patches for this, but it looks like Red Hat are on top of things."

Comment: Re:Never could get into Star Trek (Score 1) 106

by ThePhilips (#48644439) Attached to: Behind the Scenes With the Star Trek Fan Reboot

3. Badly done aliens, with a lame explanation.

After watching the Japanese "Fafner" TV animation, I was quite intrigued by the whole "assimilation" idea. Tried to watch the Star Trek version of it - and was largely disappointed.

The "Q" are one hell of a plothole - but still pretty much the only "true" aliens in the Start Trek.

Comment: More of the same (Score 1) 106

by ThePhilips (#48644425) Attached to: Behind the Scenes With the Star Trek Fan Reboot

intent on keeping true to the spirit of Gene Roddenberry's television show.

That's just another way of saying "more of the same".

I can understand why the entertainment industry is so obsessed with the canons: to not dilute value of the original.

But I still can't grasp the why the fans are so obsessed with the "more of the same"?

P.S. I like how Japanese animes often parody and make fun of themselves. I like how they sometimes shuffle the roles and characters. Occasionally the shenanigans are way too transparent and shallow - but sometimes very brilliant and deeps ideas come out of it.

Comment: Re:BitTorrent Maelstrom (Score 1) 86

by ThePhilips (#48641069) Attached to: Tor Network May Be Attacked, Says Project Leader


Dismantling the centralized institutions one by one - DNS, IANA/RIRs, hosting providers - whatever Maelstrom is capable of - is a step in the right direction.

If sufficient number of decentralized alternatives appears, one can try to nest them like a russian dolls. More layers of the nested services - higher the privacy (at the potential cost of reliability).

What this country needs is a good five dollar plasma weapon.