LWN: Comments on "BerliOS compromised"

BerliOS compromised

jond — Thu, 14 Jan 2010 13:31:43 +0000

Yes, that gave me a chuckle :)

BerliOS compromised

dw — Thu, 14 Jan 2010 12:39:43 +0000

As a Berlios user (in the developer sense), I can appreciate the sentiment of this defacement. Berlios has been flaky since at least 2004, and the only time I had reason to use it recently (about 3 weeks ago), their download server was down for several hours.

BerliOS compromised

sb — Thu, 14 Jan 2010 10:47:35 +0000

Well, Jörg is certainly entitled to his opinion, whatever it is that he's talking about. But it looks like he needs to read this part of the git manual and maybe also this thread.

FWIW, and from looking at the support and feature request tickets, I don't think that he's particularly involved with the day to day maintenance of BerliOS.

What I would really like to see from BerliOS is a slightly faster git server and an additional download mirror or three. I'm sure there are universities etc. that would be happy to do the mirroring, maybe some SunSITEs? :-) And Trac support would be nice too. Otherwise, we've been pretty happy.

BerliOS compromised

nix — Thu, 14 Jan 2010 01:58:23 +0000

Hasn't he been banned from bugs.debian.org or something? (Or was he just
asked to go away and stop spamming it? I know *someone* was banned from
b.d.o but I can't remember if it was Joerg.)

BerliOS compromised

ikm — Thu, 14 Jan 2010 01:31:50 +0000

So that's why I couldn't login to shell.berlios.de today! Though git.berlios.de still let me in, and /home/groups is available there as well.

It's understandable they got pwned, their security always felt a bit lax. But it has always been a very nice and warm place. Partially it is exactly because of their security approach -- they don't cut the oxygen for all projects if there's one misbehaving. Say what you want about Jorg, but Berlios is done right.

BerliOS compromised

pabs — Thu, 14 Jan 2010 01:06:18 +0000

Please no. The last thing Debian needs is any more contact or connection with this guy.

BerliOS compromised

JoeF — Wed, 13 Jan 2010 23:58:00 +0000

And it had git and hg support much sooner too.

From a comment by Joerg in the article's comment section, it seems that he doesn't quite like git, though:
http://www.heise.de/security/news/foren/S-Re-hmmpf-immer-positiv-sehen/forum-172426/msg-17925786/read/

BerliOS compromised

sb — Wed, 13 Jan 2010 23:19:47 +0000

The BerliOS web server does run some version of Solaris, maybe it was a cdrecord development box at some point :-)

To give some credit where it is due, BerliOS has provided our project with very good service over the last two years, with less downtime than projects hosted by a certain large and well-known "competitor" seemed to suffer, and with none of the commercial annoyances. And it had git and hg support much sooner too.

BerliOS compromised

nix — Wed, 13 Jan 2010 22:21:35 +0000

Why isn't he running OpenSolaris, anyway? :)

BerliOS compromised

amacater — Wed, 13 Jan 2010 20:09:52 +0000

Five year old kernel - that presumably supports SCSI properly and is
therefore able to render proper support to cdrecord.

Joerg has a down on Linux distributions: this sort of thing is _PRECISELY_
why Linux distributions provide security updates and suggest that you apply
them. Something with a security team, an openness on bugs and a commitment
to long term support, meeting the needs of users and Free software _and_
multi-platform? I really suggest Joerg re-assess Debian :)

BerliOS compromised

proski — Wed, 13 Jan 2010 19:55:14 +0000

sheep.berlios.de runs a five years old kernel:

Linux sheep 2.4.21-303-smp4G #1 SMP Tue Dec 6 12:33:10 UTC 2005 i686 i686 i386 GNU/Linux

Well he seems sure it's OK, he's not even telling the users...

kirkengaard — Wed, 13 Jan 2010 19:12:22 +0000

<sarcasm> Everyone knows only maliciously exploited security flaws require warnings ... or policy/practice changes. This is apparently not one; it must be a feature. </sarcasm>

BerliOS compromised

jordi — Wed, 13 Jan 2010 18:13:02 +0000

Ah, no wonder that image was ringing a bell...

BerliOS compromised

joey — Wed, 13 Jan 2010 18:00:51 +0000

For anyone who wants to fully appreciate the screenshot:

http://mako.cc/copyrighteous/20070919-00

Well he seems sure it's OK, he's not even telling the users...

alex — Wed, 13 Jan 2010 17:46:31 +0000

From the (translated article): "So far it but I can discover no traces of
intrusion to the changed data. "I therefore see no reason at present to a
warning," said Jörg Schilling,"

BerliOS compromised

smurf — Wed, 13 Jan 2010 17:25:08 +0000

Not only distributed, but also integrity-checked. SVN is neither.

Poor Jörg

clugstj — Wed, 13 Jan 2010 17:08:47 +0000

I'm not sure his ego could be harmed.

Poor Jörg

xav — Wed, 13 Jan 2010 17:01:00 +0000

Poor Jörg.
I wonder if his immense ego will withstand the shame ?

BerliOS compromised

drag — Wed, 13 Jan 2010 16:25:20 +0000

Sucks for people that depend on BerliOS. Although it looks like the defacers
had a point.

Also it points out another good reason why people should use a distributed
version control system like git.