Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Comment Re:OT on Devuan (was Re:NSA?) (Score 2) 114

Read again. I said you were involved with extremists. Not that you were one of them. They damage the credibility of anyone with genuine problems with systemd.

ACK and agree. I'm sure you understand that to transform a years old flame into a decent discussion is quite a hell of a process.
Apologies for overreacting, I recognize you do have legitimate observations, but really I've been through the systemd-grinder enough to quickly put up defenses.

That posting of the "financial reports" is the first time you' ve published any information about business registration. Where is the posted information about dyne.org? Where are all those certified accounts available? Why doesn't Archive.org have them?

Man, we are paying taxes to the Netherlands, not to Archive.org. I think you have a different idea of transparency... we are producing all the documentation needed for the institutions and organizations that require them, including the EU commission for some projects. However in case of donors you are right, more work must be done towards transparency...

And no, that's not transparent accounting. I have no reason to believe you are engaging in fraud - or even paying yourself to design logos. Transparent "accounting" is when expenditures are detailed (show where the money went - not on what) and are certified by a registered accountant as being true and complete, and made public. You've only done the last part.

SFI is a registered non-profit. Debian is a registered non-profit funded by SFI, and other organisations. All display that information as required by law and produce annual returns certified by registered accountants. Just as gnu.org does.

...and we'll check these aspects out. Its a good advice to see how other long-standing good examples are operating and we'll certainly need to extend our team to include someone that is proficient with this side of things. This is a growth process and its not easy, yet at Dyne.org we are determined to not blow it up with a VC, but to have a rhythm of growth that is slow and organic. We are just opening an office in Amsterdam, after some years of difficulties, and this will help a lot.

Comment OT on Devuan (was Re:NSA?) (Score 1) 114

Curious about your manipulation of to the Devuan project passing via a personal attack against me.

BTW are you Kevin McCurley of Digicrime, based in San Jose?

Isn't this game boring? Yet I have to reply because your claims about Devuan are false:

1- we don't demand no-one else should be able to use systemd. We clearly demand our own rights in choosing to not use systemd and have engaged in an honest quest developing a base system that is alternative to Debian and does not depends from the web of dependencies of systemd, including the init and the device manager.

2- our fund-raise is accountable, the financial responsibility is taken up by a non-profit organization registered since more than 10 years, our financial report is public and reasonably detailed http://devuan.org/donate


Comment Re:On LUKS (Score 1) 114

cryptsetup has luksHeaderBackup and luksHeaderRestore commands.

We have an issue open on github, thinkering on how to avoid bit-rot here https://github.com/dyne/Tomb/i...
The LUKS header recovery comes handy, a single corrupted bit in the header of a Tomb could be fatal, so there are plans to backup the header also inside the key, perhaps starting from the next major version of Tomb.
To fight bit-rot a filesystem like ZFS is pretty effective, but then that must be the "outer" FS, used by the storage support hosting the tomb.

Comment Re:Nope. (Score 1) 114

Prominently stated in Tomb's documentation is the goal of separating the physical locations where keys and volumes are stored.
This is explicitly to address cases of stolen laptop, phone, etc.
The fact that is easy to use gpg encrypted keys from a remote ssh shell, a phone over NFC or bluetooth or a usb stick is addressing human-behavior as a vulnerability much more than actual encryption technology, which we assume to be fairly advanced and reliable today at least in case of dm-crypt.

Submission Tomb, a successor to TrueCrypt for Linux geeks (well, dm-crypt, basically...)->

jaromil writes: Last day we released Tomb version 2.1 with improvements to stability, documentation and translations. Tomb is just a ZSh script wrapping around cryptsetup, gpg and other tools to facilitate the creation and management of LUKS encrypted volumes with features like key separation, steganography, off-line search, QRcode paper backups etc. In designing Tomb we struggle for minimalism and readability, convinced that the increasing complexity of personal technology is the root of many vulnerabilities the world is witnessing today — and this approach turns out to be very successful, judging from the wide adoption, appreciation and contributions our project has received especially after the demise of TrueCrypt.
As maintainer of the software I wonder what Slashdot readers think about what we are doing, how we are doing it and more in general about the need for simplicity in secure systems, a debate I perceive as transversal to many other GNU/Linux/BSD projects and their evolution. Given the increasing responsibility in maintaining such a software, considering the human-interface side of things is an easy to reach surface of attack, I can certainly use some advice and criticism.

Link to Original Source

Submission The Veteran Unix Admins give up on systemd->

jaromil writes: Following the "Debianfork declaration" last year, the anonymous collective "Veteran Unix Admins" has engaged the creation of a new distribution called Devuan, basically consisting in a Debian Jessie without systemd. Despite some relevant achievements on their plan and the considerable amount of donations they have received, today the VUA collective has declared they give up on this effort and accept the advent of systemd. Looks like it was a short but intense life for Devuan.
Link to Original Source

Submission Removing libsystemd0 from a live-running Debian system-> 1

lkcl writes: The introduction of systemd has unilaterally created a polarisation of the GNU/Linux community that is remarkably similar to the monopolistic power position wielded by Microsoft in the late 1990s. Choices were stark: use Windows (with SMB/CIFS Services), or use UNIX (with NFS and NIS). Only the introduction of fully-compatible reverse-engineered NT Domains services corrected the situation. Instructions on how to remove systemd include dire warnings that "all dependent packages will be removed", rendering a normal Debian Desktop system flat-out impossible to achieve. It was therefore necessary to demonstrate that it is actually possible to run a Debian Desktop GUI system (albeit an unusual one: fvwm) with libsystemd0 removed. The reason for doing so: it doesn't matter how good systemd is believed to be or in fact actually is: the reason for removing it is, apart from the alarm at how extensive systemd is becoming (including interfering with firewall rules), it's the way that it's been introduced in a blatantly cavalier fashion as a polarised all-or-nothing option, forcing people to consider abandoning the GNU/Linux of their choice and to seriously consider using FreeBSD or any other distro that properly respects the Software Freedom principle of the right to choose what software to run. We aren't all "good at coding", or paid to work on Software Libre: that means that those people who are need to be much more responsible, and to start — finally — to listen to what people are saying. Developing a thick skin is a good way to abdicate responsibility and, as a result, place people into untenable positions.
Link to Original Source

Submission Another community gets split by systemd: Devuan is "forking" Debian->

jaromil writes: The so called "Veteran Unix Admin" collective announces that the "fork" of Debian will proceed as a result of the recent systemd debacle. The reasons put forward are not just technical, included is a letter of endorsement by Debian Developer Roger Leigh mentioning that "people rely on Debian for their jobs and businesses, their research and their hobbies. It's not a playground for such radical experimentation."
The fork is called "Devuan", pronounced "DevOne". A website is up on https://devuan.org/ with more information.

Link to Original Source

Comment TAZ (Score 1) 51

Yes, get a TAZ! :)


I've done a lot of things to make sure that the company stays free & open. Firstly, by making myself the final word (for now). Per our bylaws, I can only be removed from the company by court order. :)

The board of directors is me, Steven (long time employee, very much for free/open), and Bdale Garbee (very hardcore netgod of free software development). We will only have people on the board that are already 100% on board with free software. So we have another layer of protection there.

The non-libre folks that are very technically savvy that we have on board have influence in how things are done, but they don't have the final say. Though they are still on board with us running a libre company. Even if they earned their chops during the 80s (or earlier), they can see the huge growth in open systems. They just don't have direct experience in free software.

Then ultimately who gets to say what a company does is the owners. Most high tech high growth companies are angling to get bought out, get a lot of venture capital, and/or go public. This is usually the founders' "exit", where they get the pile of cash. When that happens, the company is likely to absorb the traditional non-libre practices of the parent company.

We are taking a different approach. If we can pull this all together, the idea is to convert Aleph Objects, Inc. into an ESOP (employee stock ownership plan). This means we don't have to be beholden to outsiders. It also allows the current owners an exit, in that they sell their stock to the ESOP. There are a lot of other advantages to ESOPs. The earliest we can decide whether to go for it or not would be December 2015, which we could make retroactive to January 2015. ESOPs are complicated.

I used to hack on the N900 too...

Comment delegation (Score 2) 51

Np, I can handle trolls. This thread has been surprisingly lucid, actually. ;)

Colorado's 2nd Congressional district is represented by Congressman Jared Polis. This district includes Boulder, Fort Collins, and Loveland (where we are). Polis and his family started bluemountain.com and made out with hundreds of millions of dollars during the 1990s dotcom boom. So he's probably the only dotcom millionaire in Congress and probably the only congressman that could set up Apache. ;) He is well informed on patent issues, is actively trying to find a solution to the present conundrum, and is more than happy to listen to the free/libre/open crowd.

I haven't spoken to the other Congressmen about patents yet, but I will likely speak with Cory Gardner of the 4th district in the next couple months if I get the chance (we'll be at some of the same meetings).

I spoke to two of Polis' potential election challengers. Neither of them knew particularly much about free/libre/open as far as I could tell, but they both seemed more than happy to learn about it. I will try to get them to visit our facility and give them the full show. They are definitely for reforming the system though--they can see it is broken. My brief argument is that we're stuck with a 19th century system in the 21st century. Plus I hammer home that even if we follow strict patent rules, the rest of the world isn't (e.g. China), so we're just hamstringing American companies by holding back their innovation with patents. That line of argument is a huge winner with politicians, btw...

We warn the reader in advance that the proof presented here depends on a clever but highly unmotivated trick. -- Howard Anton, "Elementary Linear Algebra"