Announcement

Collapse
No announcement yet.

Vandalizing Open-Source Drivers?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • #31
    Originally posted by crazycheese View Post
    He is VERY lucky not being in some corporate entity. Sorry won't be enough - they'd claim $100 Bln compensation from him. Bad moral mood my *** (sorry).
    What are you talking about? He is one of the lead X devs for Red Hat...
    Michael Larabel
    http://www.michaellarabel.com/

    Comment


    • #32
      "I've disabled my root accounts on the fd.o machines. I don't trust me with them anymore either." (c)

      at least that is good thinking on his part or otherwise he would be eaten alive. maaan, it's a bad news, especially after Novell being dismembered by shady buyers and not bought by Vmware. we really lacking open graphic stack devs. i hope that RH will not screw him and he will stop drinking shit and take some good long sleep. several times. and be back in business, if not as maintaner but as dev, at least.
      damn, trust is your main measure of authority in community. it's bad to fuck it up.

      Comment


      • #33
        Originally posted by stikonas View Post
        The relief is at least that git is quite good at detecting this. When writing git Linus Torvalds wanted to ensure that malicious 3rd party cannot change anything but the HEAD (which is easy to spot).
        There's no magic wand shipped with git If you known the sha1 of a given commit you can check the entire history from that point back to day zero (since the IDs of the parents contribute to the hash of the commit); this basically ensure the integrity of the repository (short of a preimage attack on sha1). However this case wasn't an attempt to modify an existing commit, rather it was a "legit" commit (though on separate branch) that was only spotted by a human. Now, the message was clearly suspicious but through direct access to the repo you could sneak in a commit that looks plausible (e.g. maybe coming from another trusted developer) but contains malicious code; sure git push will warn you but you might overlook that change (for example when pulling stuff at work I don't inspect closely commits coming from trusted colleagues - though I do review stuff from interns or students).
        Morale of the story: if an untrusted party has direct access to the repo it's game over

        Comment


        • #34
          Looks like Daniel Stone was involved too.
          Michael Larabel
          http://www.michaellarabel.com/

          Comment


          • #35
            Originally posted by Michael View Post
            Looks like Daniel Stone was involved too.
            Yeah, this was most definitely not a simple prank, as some people like to claim.

            Comment


            • #36
              Originally posted by Michael View Post
              What are you talking about? He is one of the lead X devs for Red Hat...
              Sorry, I thought he was Novell employee. But why would anyone possibly do that?

              Comment


              • #37
                Originally posted by crazycheese View Post
                Sorry, I thought he was Novell employee. But why would anyone possibly do that?
                Apparently people only would do that if they worked for novell?

                Comment


                • #38
                  Originally posted by libv View Post
                  Apparently people only would do that if they worked for novell?
                  Yes they're like, the devil and stuff.

                  Comment


                  • #39
                    Originally posted by libv View Post
                    Apparently people only would do that if they worked for novell?
                    My mindflow was: company sold -> very probably fired -> bad mood -> some personal graffiti

                    But, if this is done by RH, the only thing that comes to my mind is payed sabotage by 3rd party. Someone who wishes public trust to RH, its projects, quality of its work and its employees to go down in small to mid timeframe. Perhaps being uncovered after some time was also part of the plan.

                    Personally, I cannot imagine an adult starting doing baby-fun to others just because he has bad mood. Salary, rep. as pro.(carrier) , rep. as human(friend circle) - setting all these on fire just because he had bad mood. No possible way, unless something covered his mind(drugs etc).

                    Comment


                    • #40
                      Originally posted by tettamanti View Post
                      if an untrusted party has direct access to the repo it's game over
                      Since humans are not open-source clear piece of paper, anyone can go from trusted to untrusted. I think the moral is more like: Trust does not XOR verification.

                      Comment


                      • #41
                        A simple solution, ladies and gentleman; the concept of weekly physical backup...

                        Comment


                        • #42
                          Originally posted by crazycheese View Post
                          My mindflow was: company sold -> very probably fired -> bad mood -> some personal graffiti

                          But, if this is done by RH, the only thing that comes to my mind is payed sabotage by 3rd party. Someone who wishes public trust to RH, its projects, quality of its work and its employees to go down in small to mid timeframe. Perhaps being uncovered after some time was also part of the plan.

                          Personally, I cannot imagine an adult starting doing baby-fun to others just because he has bad mood. Salary, rep. as pro.(carrier) , rep. as human(friend circle) - setting all these on fire just because he had bad mood. No possible way, unless something covered his mind(drugs etc).
                          I think he already said that a few drinks had been consumed, since i was consuming drinks at the early stage of the night with the same people.

                          Of course it would be simpler if it was some sort of Red Hat plot that is if you were an idiot. You and Luc should write a book of conspiracy theories. Mel Gibson might play you in a movie.

                          Dave.

                          Comment


                          • #43
                            So, it was an inside job, and not an exploited vulnerability.

                            The man who notified this incident made the correct thing, to notify the problem, it is like other people didn't like it to be notified.

                            This time it was not a lose of data, nor a big problem.
                            But as Luc said, how can someone now trust that their work will be save in the fd.o server? If this happened once, it can happen thousands of times.

                            It seems that some do not take this seriously. This is like vandalism, it is not like as simple as saying sorry and giving the keys back. This should in the future (and now too, if possible) have a legal consequence, like paying a fine or jail, not only revoking some admin privilegies.

                            The fd.o rules should be reviewed and improved.

                            Comment


                            • #44
                              Originally posted by crazycheese View Post
                              Personally, I cannot imagine an adult starting doing baby-fun to others just because he has bad mood. Salary, rep. as pro.(carrier) , rep. as human(friend circle) - setting all these on fire just because he had bad mood. No possible way, unless something covered his mind(drugs etc).
                              Maybe you should leave the basement and join the real world, where adults do stupid and childish things all the time for a variety of ridiculous reasons.

                              Comment


                              • #45
                                Originally posted by yesterday View Post
                                Maybe you should leave the basement and join the real world, where adults do stupid and childish things all the time for a variety of ridiculous reasons.
                                Sorry, I don't live in America.

                                Comment

                                Working...
                                X