Re: Respository vandalism by r...@...fd.o
On 11/24/2010 01:24 AM, Adam Jackson wrote: > On Tue, 2010-11-23 at 13:32 +0100, Luc Verhaegen wrote: > >> Radeonhd repo: >> http://cgit.freedesktop.org/xorg/driver/xf86-video-radeonhd/commit/?h=spigot >> >> author SPIGOT 2010-11-02 04:21:14 (GMT) >> committerSPIGOT 2010-11-02 04:21:14 (GMT) >> commit 231683e2f111bb064125f64f2da797d744cde7fa (patch) >> ... >> PERHAPS BONGHITS WILL FIX MY MAKEFILE >> Signed-off-by: SPIGOT >> >> Very funny, but the person responsible forgot that maybe, this puts the >> whole trust in anything on fd.o at risk. >> > That was me. Serious lapse in judgement on my part. I pretty much did > it to get a rise out of Luc; looks like I succeeded. But it's > indefensible, and I apologize. I'm kind of in a bad place emotionally > and I should know better than to act that out in public. > > I've disabled my root accounts on the fd.o machines. I don't trust me > with them anymore either. > > - ajax > > > > ___ > xorg@lists.freedesktop.org: X.Org support > Archives: http://lists.freedesktop.org/archives/xorg > Info: http://lists.freedesktop.org/mailman/listinfo/xorg > Your subscription address: fr...@fransdb.nl Thanks Adam, Because of my unfamiliarity with the people involved with xorg, can anybody verify the claim Adam made? If it was just a misplaced competition effort, I can continue to rely on the xorg code. Also, if it turns out to be a validated claim Adam made, accept it as is and continue. Hopefully Adam has learned his lesson. But also Freedesktop.org should have it's act together. Do check the access rights and allow only trusted persons root access. Hopefully Adam was NOT one of them they trusted explicitly and he has only access due to historical reasons. Frans. ___ xorg@lists.freedesktop.org: X.Org support Archives: http://lists.freedesktop.org/archives/xorg Info: http://lists.freedesktop.org/mailman/listinfo/xorg Your subscription address: arch...@mail-archive.com
Re: Respository vandalism by r...@...fd.o
On 11/24/2010 01:04 AM, Alan Coopersmith wrote: > Frans de Boer wrote: > >> On 11/24/2010 12:40 AM, Alan Coopersmith wrote: >> >>> Frans de Boer wrote: >>> >>> >>>> Just like to inquire whether the observed behavior was a real security >>>> breach - someone introducing (maybe over time) a backdoor or the like - >>>> or just sloppy behavior. In other words, can we still trust the xorg >>>> repositories or are they compromised in some way? >>>> >>>> People and companies depend on xorg functionality without backdoors or >>>> the like. At the first sign of xorg repositories being compromised, I >>>> have to pull the plug on systems relying on xorg functionality. Please >>>> make sure what really happened and then inform the community. this >>>> thread only give rise to fears without - so it seems - verified facts. >>>> >>>> >>> Yes, the original poster's announcement to the list in general and directly >>> to phoronix without notifying the developers or admins first seems to have >>> been designed to do exactly that - raise fears without facts. >>> >>> >>> >> Hm, are you willing to put both your hands in the fire for this claim? I >> just note that you use the word "seems", which indicates to me that you >> are not sure either. >> > My only claim was about the method in which the issue was announced to > drum up maximum attention before investigation could be held. > > >> Assumptions might bring only more fear and/or uncertainly about the >> integrity of the xorg code. >> > I have already stated that we need the freedesktop.org admins to investigate. > I am not going to hinder their investigation or waste anyone's time second > guessing them in public. > > Sorry, my email crossed yours I noticed. Please don't feel attacked or the like. I just sit still and await any further 'real' news for now. Frans. ___ xorg@lists.freedesktop.org: X.Org support Archives: http://lists.freedesktop.org/archives/xorg Info: http://lists.freedesktop.org/mailman/listinfo/xorg Your subscription address: arch...@mail-archive.com
Re: Respository vandalism by r...@...fd.o
On 11/24/2010 12:40 AM, Alan Coopersmith wrote: > Frans de Boer wrote: > >> Just like to inquire whether the observed behavior was a real security >> breach - someone introducing (maybe over time) a backdoor or the like - >> or just sloppy behavior. In other words, can we still trust the xorg >> repositories or are they compromised in some way? >> >> People and companies depend on xorg functionality without backdoors or >> the like. At the first sign of xorg repositories being compromised, I >> have to pull the plug on systems relying on xorg functionality. Please >> make sure what really happened and then inform the community. this >> thread only give rise to fears without - so it seems - verified facts. >> > Yes, the original poster's announcement to the list in general and directly > to phoronix without notifying the developers or admins first seems to have > been designed to do exactly that - raise fears without facts. > > Hm, are you willing to put both your hands in the fire for this claim? I just note that you use the word "seems", which indicates to me that you are not sure either. Maybe just scrutinize the repository for integrity reasons and notify freedesktop.org of an assumed (but not yet confirmed) breach (if not done already). Also, ask developers to cross reference their code with the repository on freedesktop.org. Assumptions might bring only more fear and/or uncertainly about the integrity of the xorg code. Frans. ___ xorg@lists.freedesktop.org: X.Org support Archives: http://lists.freedesktop.org/archives/xorg Info: http://lists.freedesktop.org/mailman/listinfo/xorg Your subscription address: arch...@mail-archive.com
Re: Respository vandalism by r...@...fd.o
On 11/23/2010 11:56 PM, Alan Cox wrote: >> It's on a separate branch, not master. (Doesn't mean it's right, just >> that it's not actually going to cripple anything or waste time for anyone >> who doesn't ask for it.) >> > And how many other un-noticed commits did this person make ? Until you > know that you have to assume a complete compromise. > > Alan > ___ > xorg@lists.freedesktop.org: X.Org support > Archives: http://lists.freedesktop.org/archives/xorg > Info: http://lists.freedesktop.org/mailman/listinfo/xorg > Your subscription address: fr...@fransdb.nl > Just like to inquire whether the observed behavior was a real security breach - someone introducing (maybe over time) a backdoor or the like - or just sloppy behavior. In other words, can we still trust the xorg repositories or are they compromised in some way? People and companies depend on xorg functionality without backdoors or the like. At the first sign of xorg repositories being compromised, I have to pull the plug on systems relying on xorg functionality. Please make sure what really happened and then inform the community. this thread only give rise to fears without - so it seems - verified facts. Frans. ___ xorg@lists.freedesktop.org: X.Org support Archives: http://lists.freedesktop.org/archives/xorg Info: http://lists.freedesktop.org/mailman/listinfo/xorg Your subscription address: arch...@mail-archive.com
Re: X regression
On 08/11/2010 05:28 PM, Joel Feiner wrote: > KDE has a pretty spiffy screen configuration utility that can do > per-screen resolution, layout configuration, etc. It uses randr > behind the scenes, of course. > > On Wed, Aug 11, 2010 at 4:50 AM, Frans de Boer <mailto:fr...@fransdb.nl>> wrote: > > Dear Reader, > > The automatic configuration of the X server is a good step ahead. > Alas, > there are some issues involving the user experience. To name just two: > - Easy per desktop resolution setting with or without panning is > missing. > - Easy definition of virtual screen and on the fly screen resolution > changes using the ctrl+alt+-/+ keys are missing. > > Yes, you have the xrandr CLI utility, but in a graphical world using a > CLI utility which is not intuitive too?? > The above remarks can be overcome by manually creating/editing the > xorg.conf file. But be honest, normal end users can do that? > > As it stands now, the X (7.5) experience has less features then before > making Windows and Mac interesting again because they offer per screen > resolution setting using a GUI and if the driver supports it, panning > too. Alas, they don't offer fast (using the keyboard) resolution > changes > as the X 7.4 and before versions did. > > So - lacking a feature request function - I like to see: > - Previous resolution changes using a key sequence on a virtual > canvas > being restored. > - Easy per screen resolution setting with optional panning being > restored. > - Offer a GUI for the xrandr utility with intuitive settings (so none > technical people can use it too). > > People before me have suggested to send a bug report, but since > removal > of these features have been done by design, it can't be a bug since it > is a feature (or lack of). > > Frans. > I tried that before but: 1) It does not preserve the settings between sessions. 2) I see no panning enabled! 3) If I want to zoom in quickly while doing some work, what works more convenient: a keyboard shortcut using ctrl+alt+-/+ or starting a utility? 4) using the keyboard shortcut keeps the place where the mouse pointer is focused. Once having zoomed in, you have to move the mouse pointer (using panning) to find the applet again to restore the previous resolution or switch to another resolution. Then try to find your exact position before back again. 5) not everybody is working with KDE. ___ xorg@lists.freedesktop.org: X.Org support Archives: http://lists.freedesktop.org/archives/xorg Info: http://lists.freedesktop.org/mailman/listinfo/xorg Your subscription address: arch...@mail-archive.com
Re: X regression
On 08/11/2010 04:35 PM, Andre Majorel wrote: > On 2010-08-11 10:50 +0200, Frans de Boer wrote: > > >> The automatic configuration of the X server is a good step ahead. Alas, >> there are some issues involving the user experience. To name just two: >> - Easy per desktop resolution setting with or without panning is missing. >> - Easy definition of virtual screen and on the fly screen resolution >> changes using the ctrl+alt+-/+ keys are missing. >> [...] >> The above remarks can be overcome by manually creating/editing the >> xorg.conf file. But be honest, normal end users can do that? >> > There is a way to get ctrl-alt-[+] and ctrl-alt-[-] back ? > Please share. I've mentioned them not working several times on > different mailing lists and NEVER got an answer. > > In the section Screen you can add the next lines: Section Screen SubSection "Display" Depth 24 Modes "1680x1050" "1600x1024" "1600x1000" "1400x1050" "1600x900" "1280x10 24" "1440x900" "1280x960" "1366x768" "1360x768" "1280x800" etc. EndSubSection Hopes this helps. Frans. ___ xorg@lists.freedesktop.org: X.Org support Archives: http://lists.freedesktop.org/archives/xorg Info: http://lists.freedesktop.org/mailman/listinfo/xorg Your subscription address: arch...@mail-archive.com
X regression
Dear Reader, The automatic configuration of the X server is a good step ahead. Alas, there are some issues involving the user experience. To name just two: - Easy per desktop resolution setting with or without panning is missing. - Easy definition of virtual screen and on the fly screen resolution changes using the ctrl+alt+-/+ keys are missing. Yes, you have the xrandr CLI utility, but in a graphical world using a CLI utility which is not intuitive too?? The above remarks can be overcome by manually creating/editing the xorg.conf file. But be honest, normal end users can do that? As it stands now, the X (7.5) experience has less features then before making Windows and Mac interesting again because they offer per screen resolution setting using a GUI and if the driver supports it, panning too. Alas, they don't offer fast (using the keyboard) resolution changes as the X 7.4 and before versions did. So - lacking a feature request function - I like to see: - Previous resolution changes using a key sequence on a virtual canvas being restored. - Easy per screen resolution setting with optional panning being restored. - Offer a GUI for the xrandr utility with intuitive settings (so none technical people can use it too). People before me have suggested to send a bug report, but since removal of these features have been done by design, it can't be a bug since it is a feature (or lack of). Frans. ___ xorg@lists.freedesktop.org: X.Org support Archives: http://lists.freedesktop.org/archives/xorg Info: http://lists.freedesktop.org/mailman/listinfo/xorg Your subscription address: arch...@mail-archive.com