Ros-general April 2014

ros-general@reactos.org

4 participants
3 discussions

Re: [ros-general] Indiegogo Campaign
by mueller6723＠twc.com 12 Apr '14

12 Apr '14

---- Geoff Shang <geoff(a)QuiteLikely.com> wrote: > On Wed, 9 Apr 2014, mueller6723(a)twc.com wrote: > >> As some of you know the ReactOS Project recently launched an Indiegogo campaign (https://www.indiegogo.com/projects/reactos-community-edition) to fund development of a Community Edition where backers get a say in priority for software and hardware support. The project has been going strong but we're still a long way from the finish goal. > > That www.indiegogo.com URL was invalid when I just clicked on it. > Worked for me. > Geoff. I made the URL work indirectly from the webmail interface by copying and pasting with the mouse. Maybe the URL that failed was the webmail-doctored version, which was http://webmail.twc.com/do/redirect?url=https%253A%252F%252Fwww.indiegogo.co… One annoying feature of webmail is messing up the web links. Tom

2 2

Indiegogo Campaign
by Ziliang Guo 10 Apr '14

10 Apr '14

As some of you know the ReactOS Project recently launched an Indiegogo campaign (https://www.indiegogo.com/projects/reactos-community-edition) to fund development of a Community Edition where backers get a say in priority for software and hardware support. The project has been going strong but we're still a long way from the finish goal. Backers can choose from a range of rewards from votes for their desired hardware or software to collectables like USB sticks, shirts, and the elusive Hackbunny of yore to even getting your name embedded into the Community Edition. Who knows, depending on how well we do, there might even be cake. So come on by and show your support. Together we can make the dream that is ReactOS a reality.

3 2

Heartbleed issue on the ReactOS infrastructure
by Pierre Schweitzer 09 Apr '14

09 Apr '14

Dear all, In case you don't use SSL/TLS on our infrastructure (web sites - drupal, jira, fisheye), skip reading (and reconsider your choices about such non-usage). As you may (should?) have heard recently, OpenSSL has suffered a critical security vulnerability (CVE-2014-0160), known as Heartbleed Bug (http://heartbleed.com/). Most of our services were using an affected release of OpenSSL, with heartbeat feature activated. Be it, mails services, web services (Drupal, Jira). We reacted quickly passed the public announcement, and the availability of the fix to apply it on our infrastructure to limit the risks. Anyway, this might have been enough (actually, the issue has been here for two years!) to allow potentials attackers to, for instance, steal our SSL private keys. So, we took the decision to renew all our certificates and private keys to guarantee safe infrastructure usage. Due to the nature of the security issue, we don't know what may have been compromised in the infrastructure and in the user database. Hence our drastic measures. What does it mean for you? It means that your account information (username + password) might have been compromised, and your account itself could have been compromised (cookie stealth with the attack). We highly recommend you to change your passwords and check that everything is fine on your account. I shall remind you that password change can take up to 6h to propagate to Fisheye & Jira. As a side note, we enabled a while ago Perfect Forward Secrecy on our infrastructure that should ensure that even if our private keys leaked, your past communications (so, login on the infrastructure, for instance) can't be deciphered. Unless your session ticket leaked as well... We are really sorry for the caused inconvenience. I'm available by email or on IRC to answer your questions and clear your doubts. With my best regards, -- Pierre Schweitzer<pierre at reactos.org> System Administrator ReactOS Foundation

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

Ros-general April 2014