Hey everyone! I realize I haven’t posted on our blog for a while. I’m going to fill you guys in on as much as I can to make up for that. So, hang on tight and prepare for a large blog post!
For the past month or two, I have been working on rewriting the back-end for system-installer to Python. Not all of it has been re-written. Some of the back-end is still BASH scripts. This was done because it is much faster and easier to translate the back end to a different language if we don’t have to translate the whole thing. The remaining BASH scripts will be converted to Python in the future in order to provide greater speed improvements.
Incidentally, speed improvements is part of the reason I converted much of system-installer to Python. It also allowed me to fix a handful of bugs and even add features. These speed improvements are due to not just Python being inherently faster than BASH, it is also due to part of the installation procedure being multi-threaded. Thanks to multi-threading, multiple parts of the installation can be completed simultaneously, therefore taking less time to complete overall.
Thanks to one of our awesome volunteers on Telegram, we now have Simplified Chinese support in all our apps. We also have German support in the works thanks to our new contributor, Thorsten. Neither of these language packs are in our repositories yet, but will be soon.
We have a few new contributors on our Contributor page!
Mark Dougherty (cow killer) has been a contributor since the Beta 1 release of 7.5.1 in March. He’s written a few Wiki articles and blog posts — including how to install Drauger OS and explaining the new features that come with each release of the OS. He also has conducted some benchmark performance tests against Pop!_OS, edited our press materials packet and the script for our State of the Project Address, and often acts as a voice of reason in development chats. (In other words, if I have an idea that’s nearly impossible to incorporate, he talks me down.)
Thorsten Tiefenbach (Ninja San) has been a Drauger OS user and tester for several months now. He pops in and out of our Discord server, seeing what’s up and providing feedback on current events. Recently, he has been helping out by leveraging his multi-lingual skills to translate our press materials packet to German. He also is working on providing German locale support on Drauger OS by working on the German translation files needed for this support.
Thanks to not just Mark and Thorsten, but to everyone who contributes to Drauger OS! All your hard work has helped Drauger OS grow into a more substantial project than it started out as. Here’s to another two years everyone!
Yep. Now we come to the part of the blog post I personally have been dreading: we had another server breach.
The server breached did not contain our website. That server was safe. Instead, the server our apt repository is on was breached, which is arguably a much bigger issue. No tampering with the repository itself was detected, but I completely wiped it off the server and re-uploaded a fresh copy of the local back-up I have, just to be safe.
Unfortunately, the next day, the server stopped working and we had to essentially jump ship. The apt repository is now hosted on my personal server. This way we know who has been in contact with the server; it’s under constant surveillance, and any major issues will be fixed immediately. Thanks to the quick reaction of our previous server provider, and our combined teams, we were able to figure out who exactly breached the server, re-secure it, and prevent the culprit (or anyone else) from breaking into it. It took about two hours before this breach was detected. It could have been detected sooner, and we will be working on adding breach detection in the future to servers in use.
It turns out a group of people were involved with this server breach. This group came from some of the disgruntled members of the organization that controlled the server we were using. We have ensured they cannot access either my personal server, or the server the website is on in the future. Because of their actions, they violated our Terms of Service, and not only are they unable to access that server, they are also unable to download our latest beta ISO, update Drauger OS, check our documentation, or otherwise use our services/Drauger OS in a meaningful and secure way. They have, effectively, been banned from using Drauger OS from version 7.5.1 Beta 2 onwards. They cannot even access our Minetest Server (everyone else can access our Minetest server on Minetest Version 5.0 or later, at minetest.draugeros.org, port 3000).
We have taken a number of steps in order to prevent this from happening again, including changing all passwords, updating firewall rules, and more. I will not disclose everything we are doing in order to protect the server, but suffice to say we are doing more than what I have listed here. Furthermore, we are investigating potential avenues of legal recourse, either through criminal or civil charges, in order to provide our users with peace of mind. Unfortunately, the major culprits are in other countries and are minors. Therefore, what recourse can be obtained may be reduced. If any legal recourse is obtained we will be sure to share it with everyone as soon as possible.
Thanks for taking the time to read this! I’m not sure if there will be another blog post next week, but I will be sure to keep everyone updated here!