LWN: Comments on "BerliOS compromised" https://lwn.net/Articles/369633/ This is a special feed containing comments posted to the individual LWN article titled "BerliOS compromised". en-us Mon, 01 Sep 2025 14:28:04 +0000 Mon, 01 Sep 2025 14:28:04 +0000 https://www.rssboard.org/rss-specification lwn@lwn.net BerliOS compromised https://lwn.net/Articles/369807/ https://lwn.net/Articles/369807/ jond <div class="FormattedComment"> Yes, that gave me a chuckle :)<br> </div> Thu, 14 Jan 2010 13:31:43 +0000 BerliOS compromised https://lwn.net/Articles/369800/ https://lwn.net/Articles/369800/ dw <div class="FormattedComment"> As a Berlios user (in the developer sense), I can appreciate the sentiment of this defacement. Berlios has been flaky since at least 2004, and the only time I had reason to use it recently (about 3 weeks ago), their download server was down for several hours.<br> </div> Thu, 14 Jan 2010 12:39:43 +0000 BerliOS compromised https://lwn.net/Articles/369737/ https://lwn.net/Articles/369737/ sb Well, Jörg is certainly entitled to his opinion, whatever it is that he's talking about. But it looks like he needs to read <a href="http://www.kernel.org/pub/software/scm/git/docs/user-manual.html#recovering-from-repository-corruption">this part</a> of the git manual and maybe also <a href="http://kerneltrap.org/mailarchive/git/2008/6/10/2085274">this thread</a>. <br><br> FWIW, and from looking at the support and feature request tickets, I don't think that he's particularly involved with the day to day maintenance of BerliOS. <br><br> What I would really like to see from BerliOS is a slightly faster git server and an additional download mirror or three. I'm sure there are universities etc. that would be happy to do the mirroring, maybe some SunSITEs? :-) And Trac support would be nice too. Otherwise, we've been pretty happy. Thu, 14 Jan 2010 10:47:35 +0000 BerliOS compromised https://lwn.net/Articles/369747/ https://lwn.net/Articles/369747/ nix <div class="FormattedComment"> Hasn't he been banned from bugs.debian.org or something? (Or was he just <br> asked to go away and stop spamming it? I know *someone* was banned from <br> b.d.o but I can't remember if it was Joerg.)<br> </div> Thu, 14 Jan 2010 01:58:23 +0000 BerliOS compromised https://lwn.net/Articles/369743/ https://lwn.net/Articles/369743/ ikm <div class="FormattedComment"> So that's why I couldn't login to shell.berlios.de today! Though git.berlios.de still let me in, and /home/groups is available there as well.<br> <p> It's understandable they got pwned, their security always felt a bit lax. But it has always been a very nice and warm place. Partially it is exactly because of their security approach -- they don't cut the oxygen for all projects if there's one misbehaving. Say what you want about Jorg, but Berlios is done right.<br> </div> Thu, 14 Jan 2010 01:31:50 +0000 BerliOS compromised https://lwn.net/Articles/369739/ https://lwn.net/Articles/369739/ pabs <div class="FormattedComment"> Please no. The last thing Debian needs is any more contact or connection with this guy.<br> </div> Thu, 14 Jan 2010 01:06:18 +0000 BerliOS compromised https://lwn.net/Articles/369735/ https://lwn.net/Articles/369735/ JoeF <i>And it had git and hg support much sooner too.</i><p> From a comment by Joerg in the article's comment section, it seems that he doesn't quite like git, though: <br><a href="http://www.heise.de/security/news/foren/S-Re-hmmpf-immer-positiv-sehen/forum-172426/msg-17925786/read/">http://www.heise.de/security/news/foren/S-Re-hmmpf-immer-positiv-sehen/forum-172426/msg-17925786/read/</a> Wed, 13 Jan 2010 23:58:00 +0000 BerliOS compromised https://lwn.net/Articles/369726/ https://lwn.net/Articles/369726/ sb <div class="FormattedComment"> The BerliOS web server does run some version of Solaris, maybe it was a cdrecord development box at some point :-)<br> <p> To give some credit where it is due, BerliOS has provided our project with very good service over the last two years, with less downtime than projects hosted by a certain large and well-known "competitor" seemed to suffer, and with none of the commercial annoyances. And it had git and hg support much sooner too.<br> <p> </div> Wed, 13 Jan 2010 23:19:47 +0000 BerliOS compromised https://lwn.net/Articles/369724/ https://lwn.net/Articles/369724/ nix <div class="FormattedComment"> Why isn't he running OpenSolaris, anyway? :)<br> <p> </div> Wed, 13 Jan 2010 22:21:35 +0000 BerliOS compromised https://lwn.net/Articles/369712/ https://lwn.net/Articles/369712/ amacater <div class="FormattedComment"> Five year old kernel - that presumably supports SCSI properly and is<br> therefore able to render proper support to cdrecord.<br> <p> Joerg has a down on Linux distributions: this sort of thing is _PRECISELY_<br> why Linux distributions provide security updates and suggest that you apply<br> them. Something with a security team, an openness on bugs and a commitment<br> to long term support, meeting the needs of users and Free software _and_<br> multi-platform? I really suggest Joerg re-assess Debian :)<br> </div> Wed, 13 Jan 2010 20:09:52 +0000 BerliOS compromised https://lwn.net/Articles/369711/ https://lwn.net/Articles/369711/ proski sheep.berlios.de runs a five years old kernel:<p> Linux sheep 2.4.21-303-smp4G #1 SMP Tue Dec 6 12:33:10 UTC 2005 i686 i686 i386 GNU/Linux Wed, 13 Jan 2010 19:55:14 +0000 Well he seems sure it's OK, he's not even telling the users... https://lwn.net/Articles/369705/ https://lwn.net/Articles/369705/ kirkengaard <div class="FormattedComment"> &lt;sarcasm&gt; Everyone knows only maliciously exploited security flaws require warnings ... or policy/practice changes. This is apparently not one; it must be a feature. &lt;/sarcasm&gt;<br> </div> Wed, 13 Jan 2010 19:12:22 +0000 BerliOS compromised https://lwn.net/Articles/369689/ https://lwn.net/Articles/369689/ jordi <div class="FormattedComment"> Ah, no wonder that image was ringing a bell...<br> </div> Wed, 13 Jan 2010 18:13:02 +0000 BerliOS compromised https://lwn.net/Articles/369684/ https://lwn.net/Articles/369684/ joey <div class="FormattedComment"> For anyone who wants to fully appreciate the screenshot: <br> <p> <a href="http://mako.cc/copyrighteous/20070919-00">http://mako.cc/copyrighteous/20070919-00</a><br> </div> Wed, 13 Jan 2010 18:00:51 +0000 Well he seems sure it's OK, he's not even telling the users... https://lwn.net/Articles/369675/ https://lwn.net/Articles/369675/ alex <div class="FormattedComment"> From the (translated article): "So far it but I can discover no traces of <br> intrusion to the changed data. "I therefore see no reason at present to a <br> warning," said Jörg Schilling,"<br> </div> Wed, 13 Jan 2010 17:46:31 +0000 BerliOS compromised https://lwn.net/Articles/369671/ https://lwn.net/Articles/369671/ smurf <div class="FormattedComment"> Not only distributed, but also integrity-checked. SVN is neither.<br> </div> Wed, 13 Jan 2010 17:25:08 +0000 Poor Jörg https://lwn.net/Articles/369643/ https://lwn.net/Articles/369643/ clugstj <div class="FormattedComment"> I'm not sure his ego could be harmed.<br> </div> Wed, 13 Jan 2010 17:08:47 +0000 Poor Jörg https://lwn.net/Articles/369642/ https://lwn.net/Articles/369642/ xav <div class="FormattedComment"> Poor Jörg.<br> I wonder if his immense ego will withstand the shame ?<br> </div> Wed, 13 Jan 2010 17:01:00 +0000 BerliOS compromised https://lwn.net/Articles/369635/ https://lwn.net/Articles/369635/ drag <div class="FormattedComment"> Sucks for people that depend on BerliOS. Although it looks like the defacers <br> had a point.<br> <p> Also it points out another good reason why people should use a distributed <br> version control system like git.<br> <p> </div> Wed, 13 Jan 2010 16:25:20 +0000