LinuxMusicians

Thanks for all the hardwork. Everyone should definitely pitch in to write an opera about these linux heroes.

Hi,

Is there a need to subscribe again to the list ?

Cheers.

jonetsu wrote:Hi,

Is there a need to subscribe again to the list ?

Cheers.

a pertinent question

though if one or everyone should have to do just that that would be really disgusting and quite frankly it would sentence the death of it all :/
from my standing pov.:
none of the LA(A|D|U) mail-lists seems to work at all; mails sent just seem to fall into the void: no bounces, no single response either;
mailist archives seem to have stopped on 29/1: no surprise here;
administrative interface seems to be up and running though;
otoh. planet.linuxaudio.org looks like is has also a huge-lot to catch-up so another question comes in: is it running/being fed at all?

byee

BlackGuyver78 wrote:Thanks for all the hardwork. Everyone should definitely pitch in to write an opera about these linux heroes.

Care must be taken when writing on opera !

"New research finds music can be used to hack smartphones, computers and cars"

" .... likened the devious possibilities of hacking the accelerometer of an electronic device to the piercing capabilities of an opera singer."

http://www.nme.com/news/music/music-can ... ch-2016930



OK, back to the more serious topic ...

THX!

A big "THANK YOU" to Autostatic (good to see you around here again!) and everyone else "behind the scenes."

Beer's on me (hitch: you have to come to Italy Milan-area to get it!) Unless I end up in "the north" some time soon...


brian

OK, so it seems to work for just about everyone with all the thanks floating around. And since there's no activity in the mailing list that I can see from the email client here whose configuration did not change, there IS a need to subscribe again.

UPDATE Nope, that's not it. The reply was:

"An attempt was made to subscribe your address to the mailing list linux-audio-user@lists.linuxaudio.org. You are already subscribed to this mailing list. Note that the list membership is not public, so it is possible that a bad person was trying to probe the list for its membership. This would be a privacy violation if we let them do this, but we didn't."

jonetsu wrote:OK, so it seems to work for just about everyone with all the thanks floating around. And since there's no activity in the mailing list that I can see from the email client here whose configuration did not change, there IS a need to subscribe again.

UPDATE Nope, that's not it. The reply was:

"An attempt was made to subscribe your address to the mailing list linux-audio-user@lists.linuxaudio.org. You are already subscribed to this mailing list. Note that the list membership is not public, so it is possible that a bad person was trying to probe the list for its membership. This would be a privacy violation if we let them do this, but we didn't."

Don't think the smtp-server is started yet on the machine. I sent a "help" to linux-audio-user-request and got a time out.

Can use more hands? Email me. I've been registered on the wiki for a while. jeb@ponderworthy.com

Back on track ! (And not Bach on track)

Dear all,

We just enabled all mail services for linuxaudio.org again. All mailing
lists are working again and mail can be sent and received for the
linuxaudio.org domain.

A short recap of what happened is that linuxaudio.org got compromised on
January 29th, probably with a compromised private SSH key or password
from an account with shell access. The attacker checked the kernel, saw
that it was vulnerable to Dirty COW¹, pulled in an exploit and got root.
This was quickly discovered by the IT department of Virginia Tech
University that disconnected the server from the internet and started a
forensic investigation procedure. As part of their IT security policy
the server had to be reinstalled and everything had to be set up from
scratch again. In the meanwhile I built an alternative setup and after
some discussion we agreed on moving linuxaudio.org away from the
Virginia Tech server.

So linuxaudio.org got a new home after 15 years at Virginia Tech². We're
very, very thankful that we could host linuxaudio.org on their servers
and we can't stress enough how grateful we are for all the work that has
been done on the side of Virginia Tech after the hack.

linuxaudio.org now lives at Fuga³, a fully open source OpenStack⁴ cloud
based in The Netherlands. Fuga is part of Cyso⁵, the company I work for.
The linuxaudio.org ecosystem now consists of three separate servers, a
web server, a mail server and a storage server. We rebuilt everything
with portability and scalability in mind with a strong focus on
security. You can never prevent passwords or SSH keys getting into the
hands of hackers but we'll try to keep the servers as up to date as we
can to narrow down the attack surface as much as possible.

A big thank you to all those who helped out! It was quite a ride but it
seems as if most part of the linuxaudio.org ecosystem is accessible
again. If you find any web pages, downloads or other bits and parts that
don't work properly then please let us know so we can take a look at it.
Many thanks in advance and also many thanks for bearing with us!

Best,

Jeremy Jongepier
root@linuxaudio.org

¹ https://dirtycow.ninja/
² https://icat.vt.edu/
³ https://fuga.cloud/
⁴ https://www.openstack.org/
⁵ https://cyso.com/en/

jonetsu wrote:Is there a need to subscribe again to the list ?

No, we restored the complete Mailman setup from the compromised server. That includes all subscriptions, no need to subscribe again.

Hi Rui,

rncbc wrote:a pertinent question

though if one or everyone should have to do just that that would be really disgusting and quite frankly it would sentence the death of it all :/
from my standing pov.:
none of the LA(A|D|U) mail-lists seems to work at all; mails sent just seem to fall into the void: no bounces, no single response either;
mailist archives seem to have stopped on 29/1: no surprise here;
administrative interface seems to be up and running though;
otoh. planet.linuxaudio.org looks like is has also a huge-lot to catch-up so another question comes in: is it running/being fed at all?

We decided to keep all mail related ports closed until we were 100% sure that all mail services functioned properly. Today we finally reached that point, we opened everything up and everything started to work again. We didn't want mail to start bouncing as that could be interpreted that the corresponding mail boxes might not exist anymore which was not the case.
Regarding planet.linuxaudo.org, I'm working on getting it to gather updates again. But bear in mind that the software we were using (planetplanet) was written in like Python 2.2 and isn't maintained anymore.

Jeremy

Once again, thanks to you and everyone who helped to get this sorted out.

https://planet.linuxaudio.org/ is pulling in updates again. The template we used doesn't seem to work at the moment but I'll fix that too.