Inkohärentes Geschreibsel eines Late Adopters
# md5 hex encoded # SQLPasswordEncoding hex # SQLAuthTypes MD5 # SQLPasswordUserSalt name Prepend # salt == username, password == password /bin/echo -n "usernamepassword" | openssl dgst -hex -md5 d51c9a7e9353746a6020f9602d452929 # md5 HEX encoded # SQLPasswordEncoding HEX # SQLAuthTypes MD5 # SQLPasswordUserSalt name Prepend # salt == username, password == password /bin/echo -n "usernamepassword" | openssl dgst -hex -md5 | tr [:lower:] [:upper:] D51C9A7E9353746A6020F9602D452929 # sha256 base64 encoded # SQLPasswordEncoding base64 # SQLAuthTypes SHA256 # SQLPasswordUserSalt name Prepend # salt == username, password == password /bin/echo -n "usernamepassword" | openssl dgst -binary -sha256 | openssl enc -base64 vtklQtp0DL5YesRbeQEgeheiVjaAss7aMEGVonM/FL4=The other variants are similar. Two important things: you need
echo -nas that removes the newline from the echo command and if you use base64, you need the binary digest - for md5 and all the sha variants. This is somehow not needed for the hex and HEX encoded passwords. I hope someone finds this (at all and) useful.
Geschrieben um 12:07
Dass es auch anders geht, beweisen Mogwai - deren Konzerte zwischen “Grillengezirpe im Gras” und “Startende 747 in Nachbars Garten” stattfinden - ausgerechnet mit einem Live-Album. “Special Moves” ist eines der ersten Alben in letzter Zeit, die wirklich wieder sowas wie Dynamik aufweisen - und auch Mogwai hatten mit “Mr. Beast” eine enorm laute Platte im Angebot. So sieht Track 12 aus:
Na also. Geht doch. Ach ja, zwischen knapp vor vier Minuten und knapp nach fünf Minuten muss das so sein. Also laut.
Geschrieben um 13:01
Geschrieben um 23:27
Geschrieben um 23:48
This one doesn’t have my name on the cover, only on the inside, as I was the technical reviewer for this book. The CentOS Bible can be used as a reference book for many things regarding CentOS, while the Definitive Guide to CentOS is more of a solution oriented book. Both are worth having, IMHO, for personal reasons (hey, I wrote some of it) I prefer the Definitive Guide, though.
Geschrieben um 13:37
Geschrieben um 13:43
But first things first: An open letter to Lance Davis, one of the CentOS Project founders, has been published on the CentOS web site and on the main CentOS mailing list, so you might want to read that before reading further here.
Back? Good. I’ve been following the CentOS project since some time in 2004 and have been an active member of the CentOS team since 2006. Lance has been around for longer, being a founder and all. First time I met Lance was in 2007 at Fosdem in Brussels and then again at LinuxTag in Berlin. Everything seemed fine there. But from then on things seemed to deteriorate.
Lance vanished from the project some time in 2008. Everybody needs time off from projects from time to time, so there was no real need to worry about that. What there was to worry about is the following: Lance is the only one, who can make active changes to the centos.org domain, as he “owns it”. Nobody else in the team is able to add nameservers, for instance. Recently he put an anonymizing service on the domain, so that nobody from the outside can see who that domain belongs to.
The third thing - and that is the one which hurts me the most - is that Lance is the one who has access to the Google AdSense and the Paypal accounts, again without a backup. We have asked for overviews of the accounts several times now and haven’t gotten back any answers. This money was donated towards the project and could have been used for professionally made media for fairs and conventions, professionally made advertisement material for the same, hardware, community support (give out media to people who want to show off CentOS) and so on. To make it clear: Nobody in the CentOS team wants to make money off the project, we all have jobs and do CentOS in our free time.
This means that the project depends on one person in too many ways. Add to that a person who doesn’t answer calls, isn’t available as meetings, doesn’t publish things he promised to do - we have a problem. And this is unacceptable. We as a project have to be more transparent. And this is one of the things blocking this.
As Lance hasn’t answered requests regarding that over the last few months, the remaining team now has put a stop on that. For the moment all ads have been removed from website and wiki and we are not accepting any paypal donations anymore.
We still want Lance to be able to answer all of that in a good fashion, so that everything can be corrected. So the step might seem a bit drastic at the moment (but this has been lingering for quite some time now). It might also seem like our reaction has come too late. It might also mean that we will lose the centos.org domain. And all the money people have donated towards the project and not to one person. I would like to offer my apologies for that.
But either way, we will continue and get the project back on track. With your help, I hope, as I still think that CentOS is one heck of a cool project to work on.
Other people’s thoughts about this issue: Tim Verhoeven’s Blog, Karanbir Singh’s Blog and Russ Herrold’s Blog. There will also be much discussion in the mailing lists, I guess. Please partake if you want to add your opinion.
Here is the letter:
July 30, 2009 04:39 UTC
This is an Open Letter to Lance Davis from fellow CentOS Developers
It is regrettable that we are forced to send this letter but we are left with no other options. For some time now we have been attempting to resolve these problems:
You seem to have crawled into a hole … and this is not acceptable.
You have long promised a statement of CentOS project funds; to this date this has not appeared.
You hold sole control of the centos.org domain with no deputy; this is not proper.
You have, it seems, sole ‘Founders’ rights in the IRC channels with no deputy ; this is not proper.
When I (Russ) try to call the phone numbers for UK Linux, and for you individually, I get a telco intercept ‘Lines are temporarily busy’ for the last two weeks. Finally yesterday, a voicemail in your voice picked up, and I left a message urgently requesting a reply. Karanbir also reports calling and leaving messages without your reply.
Please do not kill CentOS through your fear of shared management of the project.
Clearly the project dies if all the developers walk away.
Please contact me, or any other signer of this letter at once, to arrange for the required information to keep the project alive at the ‘centos.org’ domain.
Geschrieben um 13:00
As far as we can see there has been no data or binary injected into the system or taken from the system. The machine hasn’t been used as a source for sending spam (in the widest possible meaning) either.
We have been able to identify the source of the attacks, but have not been able to find out if the files have been put there through a compromised user account in the Xoops system. Although we are fairly sure that there has been no such compromise, we have enforced a password expiry on all accounts on the system. wiki.centos.org and bugs.centos.org - though being on the same machine - have not been affected by this.
All users having an account on www.centos.org need to acquire a new password through the “lost password” system of Xoops.
We are terribly sorry for any inconvenience this might cause you and would like to apologize for that.
Geschrieben um 03:22
Geschrieben um 18:06
Geschrieben um 21:05