Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×

Submission + - Devuan beta released (devuan.org)

An anonymous reader writes: Following up the debianfork declaration and progress during the past 2 years, Devuan releases its beta. IRC channels full of people, new website, a web forum and installers for many platforms, including cloud. Several professionals report using it in production, making claims on its stability and performance when compared to Debian systemd. Was this all fuzz really behind the birth of a new base distro?

Submission + - Apple settles a $347M fine with Italian authorities for tax evasion

jaromil writes: Apple Italy, a subsidiary of Apple Sales International based in Ireland, has managed for years the company's sales on the Italian Peninsula. As Italian tax authorities noticed the company did not file any income tax declarations between 2008 and 2013, they opened a court case for an estimated debt of €880M. Apple Italy has now settled for a fine of €318M, while three managers involved in the tax fraud still need to face court.

Comment Re:OT on Devuan (was Re:NSA?) (Score 2) 114

Read again. I said you were involved with extremists. Not that you were one of them. They damage the credibility of anyone with genuine problems with systemd.

ACK and agree. I'm sure you understand that to transform a years old flame into a decent discussion is quite a hell of a process.
Apologies for overreacting, I recognize you do have legitimate observations, but really I've been through the systemd-grinder enough to quickly put up defenses.

That posting of the "financial reports" is the first time you' ve published any information about business registration. Where is the posted information about dyne.org? Where are all those certified accounts available? Why doesn't Archive.org have them?

Man, we are paying taxes to the Netherlands, not to Archive.org. I think you have a different idea of transparency... we are producing all the documentation needed for the institutions and organizations that require them, including the EU commission for some projects. However in case of donors you are right, more work must be done towards transparency...

And no, that's not transparent accounting. I have no reason to believe you are engaging in fraud - or even paying yourself to design logos. Transparent "accounting" is when expenditures are detailed (show where the money went - not on what) and are certified by a registered accountant as being true and complete, and made public. You've only done the last part.

SFI is a registered non-profit. Debian is a registered non-profit funded by SFI, and other organisations. All display that information as required by law and produce annual returns certified by registered accountants. Just as gnu.org does.

...and we'll check these aspects out. Its a good advice to see how other long-standing good examples are operating and we'll certainly need to extend our team to include someone that is proficient with this side of things. This is a growth process and its not easy, yet at Dyne.org we are determined to not blow it up with a VC, but to have a rhythm of growth that is slow and organic. We are just opening an office in Amsterdam, after some years of difficulties, and this will help a lot.

Comment OT on Devuan (was Re:NSA?) (Score 1) 114

Curious about your manipulation of to the Devuan project passing via a personal attack against me.

BTW are you Kevin McCurley of Digicrime, based in San Jose?

Isn't this game boring? Yet I have to reply because your claims about Devuan are false:

1- we don't demand no-one else should be able to use systemd. We clearly demand our own rights in choosing to not use systemd and have engaged in an honest quest developing a base system that is alternative to Debian and does not depends from the web of dependencies of systemd, including the init and the device manager.

2- our fund-raise is accountable, the financial responsibility is taken up by a non-profit organization registered since more than 10 years, our financial report is public and reasonably detailed http://devuan.org/donate


Comment Re:On LUKS (Score 1) 114

cryptsetup has luksHeaderBackup and luksHeaderRestore commands.

We have an issue open on github, thinkering on how to avoid bit-rot here https://github.com/dyne/Tomb/i...
The LUKS header recovery comes handy, a single corrupted bit in the header of a Tomb could be fatal, so there are plans to backup the header also inside the key, perhaps starting from the next major version of Tomb.
To fight bit-rot a filesystem like ZFS is pretty effective, but then that must be the "outer" FS, used by the storage support hosting the tomb.

Comment Re:Nope. (Score 1) 114

Prominently stated in Tomb's documentation is the goal of separating the physical locations where keys and volumes are stored.
This is explicitly to address cases of stolen laptop, phone, etc.
The fact that is easy to use gpg encrypted keys from a remote ssh shell, a phone over NFC or bluetooth or a usb stick is addressing human-behavior as a vulnerability much more than actual encryption technology, which we assume to be fairly advanced and reliable today at least in case of dm-crypt.

Submission + - Tomb, a successor to TrueCrypt for Linux geeks (well, dm-crypt, basically...) (dyne.org)

jaromil writes: Last day we released Tomb version 2.1 with improvements to stability, documentation and translations. Tomb is just a ZSh script wrapping around cryptsetup, gpg and other tools to facilitate the creation and management of LUKS encrypted volumes with features like key separation, steganography, off-line search, QRcode paper backups etc. In designing Tomb we struggle for minimalism and readability, convinced that the increasing complexity of personal technology is the root of many vulnerabilities the world is witnessing today — and this approach turns out to be very successful, judging from the wide adoption, appreciation and contributions our project has received especially after the demise of TrueCrypt.
As maintainer of the software I wonder what Slashdot readers think about what we are doing, how we are doing it and more in general about the need for simplicity in secure systems, a debate I perceive as transversal to many other GNU/Linux/BSD projects and their evolution. Given the increasing responsibility in maintaining such a software, considering the human-interface side of things is an easy to reach surface of attack, I can certainly use some advice and criticism.

Submission + - The Veteran Unix Admins give up on systemd (dyne.org)

jaromil writes: Following the "Debianfork declaration" last year, the anonymous collective "Veteran Unix Admins" has engaged the creation of a new distribution called Devuan, basically consisting in a Debian Jessie without systemd. Despite some relevant achievements on their plan and the considerable amount of donations they have received, today the VUA collective has declared they give up on this effort and accept the advent of systemd. Looks like it was a short but intense life for Devuan.

Submission + - Removing libsystemd0 from a live-running Debian system (lkcl.net) 1

lkcl writes: The introduction of systemd has unilaterally created a polarisation of the GNU/Linux community that is remarkably similar to the monopolistic power position wielded by Microsoft in the late 1990s. Choices were stark: use Windows (with SMB/CIFS Services), or use UNIX (with NFS and NIS). Only the introduction of fully-compatible reverse-engineered NT Domains services corrected the situation. Instructions on how to remove systemd include dire warnings that "all dependent packages will be removed", rendering a normal Debian Desktop system flat-out impossible to achieve. It was therefore necessary to demonstrate that it is actually possible to run a Debian Desktop GUI system (albeit an unusual one: fvwm) with libsystemd0 removed. The reason for doing so: it doesn't matter how good systemd is believed to be or in fact actually is: the reason for removing it is, apart from the alarm at how extensive systemd is becoming (including interfering with firewall rules), it's the way that it's been introduced in a blatantly cavalier fashion as a polarised all-or-nothing option, forcing people to consider abandoning the GNU/Linux of their choice and to seriously consider using FreeBSD or any other distro that properly respects the Software Freedom principle of the right to choose what software to run. We aren't all "good at coding", or paid to work on Software Libre: that means that those people who are need to be much more responsible, and to start — finally — to listen to what people are saying. Developing a thick skin is a good way to abdicate responsibility and, as a result, place people into untenable positions.

Slashdot Top Deals

Any programming language is at its best before it is implemented and used.