[12:49] <usual> hi
[05:44] <bluefoxicy> Can the Ubuntu USNs be categorized and if possible quantified?
[05:45] <bluefoxicy> I have been keeping up categorization on https://www.ubuntulinux.org/wiki/JohnMoser and doing proper calculations to ratioize them
[05:45] <bluefoxicy> but I can't quantify them, because some are "Multiple vulnerabilities" with no exact numbers and type
[05:46] <bluefoxicy> it would, hovewer, be interesting to have data available to graph security flaws
[05:48] <bluefoxicy> It would also be potentially useful.  You may notice that 40% of the USNs involve buffer overflows (not counting kernel overflows), and 20% involve temp file races.  This gives insight on where focus should be placed
[10:31] <bronson> Can anybody tell me why lemon isn't in Universe or Multiverse?
[10:32] <Treenaks> lemon?
[10:33] <bronson> http://packages.debian.org/unstable/devel/lemon
[10:33] <bronson> It's great.
[10:33] <bronson> Beats the heck out of yacc.
[10:36] <bronson> This is the first time I've seen a Debian package excluded from Ubuntu's feeds.
[10:36] <bronson> I figure there's got to be a reason, right?
[10:38] <Treenaks> \how new is it
[10:39] <bronson> not new
[10:40] <bronson> I take that back.
[10:40] <bronson> Looks like Oct 2004?  Maybe Nov.
[10:42] <Treenaks> could be after the "original" import of sid, just after Warty's release
[10:42] <Treenaks> just submit a bug requesting this package and all should be well
[10:43] <bronson> okeedokey.  thanks.
[10:47] <bronson> Why is Supermirror a Ubuntu product?
[10:47] <bronson> At least that's what Ubuntu's bugzilla claims.
[10:47] <Treenaks> it's a canonical project
[10:48] <bronson> That's interesting.  Did you guys hire James Blackwell?
[10:48] <Treenaks> he has a canonical.com email address, so I think so
[10:49] <bronson> interesting.
[10:49] <bronson> Well, you sound like you are.  (that's a compliment if it's not clear  :)
[10:50] <Treenaks> :)
[10:52] <bronson> OK, it's bug 4777.
[01:11] <trulux> pi
[01:28] <trulux> anybody knows when pitti gets online?
[01:30] <Treenaks> trulux: mail him?
[01:30] <Treenaks> trulux: He should be awake by now (it's 13:30 in germany)
[01:31] <Treenaks> oh wait
[01:31] <Treenaks> today is "Fly back day" from the conference
[01:31] <trulux> Treenaks, i've just built the hardened-gcc pkgs for hoary
[01:31] <trulux> i need a good specs hacker btw
[01:31] <Kyaneos> hi
[01:32] <trulux> as i'm a nut writing gcc specs
[01:32] <trulux> hi ky
[01:32] <amu> trulux: he leaves BCN at 14:15
[01:32] <Kyaneos> i have a problem with nvidia and hoary
[01:33] <trulux> amu, thanks, then i mail him
[01:33] <Kyaneos> the xorg server sais the module version is not the same that the kernel nvidia version
[01:33] <Kyaneos> can nobody help me please?
[01:33] <trulux> Kyaneos, then get the nvidia module sources and recompile it
[01:34] <trulux> maybe it's an update problem, dunno
[01:34] <Kyaneos> in deb format??
[01:34] <sjoerd> Kyaneos: this is #ubuntu stuff btw 
[01:34] <trulux> sjoerd, right
[01:34] <trulux> heh
[01:35] <Kyaneos> thank you very much
[01:35] <trulux> Kyaneos, to recompile the nvidia module just apt-get install nvidia-kernel-source
[01:36] <trulux> and cd into its directory
[01:36] <Kyaneos> and sorry for my poor english
[01:36] <amu> Kyaneos: see http://www.ubuntulinux.org/wiki/BinaryDriverHowto/
[01:37] <Kyaneos> trulux, and what more?
[01:37] <trulux> just do make in src dir
[01:38] <trulux> and then cpy manually the .ko in /lib/modules/your2.6kernel/drivers/(subdir or whatever you like, it should be inside char i think)
[01:38] <trulux> after that just run depmod -ae
[01:38] <trulux> and modprobe nvidia
[01:39] <Kyaneos> trulux, have i write nvidia in /etc/modules???
[01:39] <trulux> is here any SELinux guy able to test a pre patch?
[01:39] <trulux> Kyaneos, right
[01:40] <Kyaneos> ok
[01:40] <Kyaneos> thank you very much
[01:41] <trulux> you're welcome, but next time try to ask *first* in #ubuntu
[01:42] <Kyaneos> i ask here because the problem is hoary, but next time i do what you say
[01:44] <trulux> ok,you don't need to sorry, it's not a big crime (by now ...)
[01:44] <trulux> ;P
[01:45] <Kyaneos> xD
[01:48] <Kyaneos> trulux, what is the directory??
[01:49] <Kyaneos> please
[01:53] <trulux> it should be on /usr/src/
[01:54] <Kyaneos> have i untar it??
[01:55] <trulux> yes
[01:55] <Kyaneos> *** Unable to determine the target kernel version. ***
[01:56] <Kyaneos> make: *** [select_makefile]  Error 1
[01:56] <Kyaneos> root@nabucodonosor:/usr/src/modules/nvidia-kernel/nv #
[01:56] <trulux> nvidia-kernel-source.tar.gz
[01:56] <Kyaneos> yes
[01:56] <Kyaneos> i had utared it
[01:56] <Kyaneos> and i had enter the directory
[01:57] <trulux> lorenzo@estila:~/kernel/selinux/linux-2.4.28-selinux/security/selinux $ ls /usr/src/modules/nvidia-kernel/nv/
[01:57] <Kyaneos> trulux, are you Spanish?
[01:57] <trulux> read the file which says READ ME!
[01:57] <trulux> yes
[01:57] <Kyaneos> jue
[01:58] <Kyaneos> y yo aqu chapurreando ingls
[01:58] <Kyaneos> xDD
[01:58] <trulux> Kyaneos, just for respect others in the channel, talk in english
[01:58] <sjoerd> Kyaneos: maybe there is an ubuntu-es if you want spanish support :)
[01:59] <trulux> most of the people can not understand us talking in Spanish and sure you can lost the possibility of gathering attention from someone who wants to help you
[01:59] <Kyaneos> this problem with the nvidia driver only can be solved on this mode??
[01:59] <trulux> sjoerd, that's the point
[01:59] <Kyaneos> ok ok
[01:59] <trulux> Kyaneos, yes
[01:59] <sjoerd> trulux: there isn't one ? 
[01:59] <Kyaneos> can it be solved with an apt-get dist-upgrade in future time??
[02:00] <trulux> sjoerd, no idea, i don't use them so often, i prefer devel channels before support ones which are many times mad houses
[02:00] <trulux> Kyaneos, dunno, we are talking about a ko, kernel module, which needs to be copied manually
[02:01] <trulux> so, possibly you will get it dumped out when updating the kernel pkgs
[02:01] <Kyaneos> i did not need to copy it manually before
[02:01] <trulux> dunno, just check if it builds the fscking deb pkg
[02:02] <trulux> debuild
[02:02] <trulux> run it on top dir
[02:02] <Kyaneos> in /?
[02:02] <trulux> top dir means top dir of nvidia-kernel-source
[02:03] <trulux> not root
[02:03] <Kyaneos> ok
[02:03] <Kyaneos> but i do not want to create a deb file
[02:04] <Kyaneos> i have not this command
[02:04] <trulux> Kyaneos, i'm moving to #ubuntu, wanna help you there if you want
[02:07] <Kyaneos> thx
[02:15] <ferryh> hi all, would it be possible to upgrade to hoary now with all that python stuff going on?
[02:24] <trukulo> fabbione, u there?
[05:11] <Qerub> Anyone file like uploading a PO template of gnome-panel to Rosetta?
[05:14] <Treenaks> try #launchpad
[05:44] <sladen> or #rosetta
[05:45] <Treenaks> sladen: oh that exists?
[05:46] <Treenaks> no DMA on harddisks = baaaad
[05:51] <gsuveg> re
[05:52] <Treenaks> wb?
[05:56] <gsuveg> ?
[05:59] <Treenaks> wb mako
[06:00] <trulux> is james troup here?
[06:00] <Treenaks> trulux: he's away
[06:01] <trulux> what's his nick
[06:02] <Treenaks> elmo_away :)
[06:02] <trulux> i've reported a bug report for binutils about a security enhancement for hoary
[06:02] <Treenaks> enhancement or bug?
[06:02] <trulux> enhancement
[06:03] <Treenaks> what kind?
[06:03] <trulux> PT_PAX_FLAGS marking support
[06:04] <trulux> bluefoxicy, hey, i'm talking about the pt_pax_flags patch for binutils
[06:04] <trulux> Treenaks, let me show you the link to the report with the details
[06:04] <Treenaks> I'm a binutils noob, what is it? :)
[06:04] <bluefoxicy> I think I should move most of the contents of my personal wiki entry to another page on the wiki.  The entry is https://www.ubuntulinux.org/wiki/JohnMoser and is mostly an analysis of the USNs and the classes of bugs/exploits they show, and how to prevent future incident
[06:05] <bluefoxicy> any suggestions for an entry to move this data to?
[06:05] <Treenaks> bluefoxicy: https://www.ubuntulinux.org/wiki/USNAnalysis ?
[06:05] <trulux> Treenaks, it adds native support for PaX flags marking on binaries, -z relro option and softmode support
 :)
[06:05] <Treenaks> trulux: ok, but what's PaX? like NX?
[06:06] <bluefoxicy> Treenaks:  Binutils is gas and ld.  A modified binutils will spit out binaries with a PT_PAX_FLAGS header so that paxctl can use a proper field to do its job
[06:06] <bluefoxicy> Treenaks: http://en.wikipedia.org/wiki/PaX
[06:06] <trulux> bluefoxicy, you forget that it enableds native support for soft mode
[06:06] <bluefoxicy> http://en.wikipedia.org/wiki/NX_bit#Functional_comparison_of_technologies  comparison of PaX vs ES
[06:07] <bluefoxicy> trulux:  ah yes, important if you want to go for the perfect-compatibility route, which I don't really suggest
[06:07] <Treenaks> ah, so PaX uses NX if it's available :)
[06:07] <trulux> Treenaks, it uses anyway
[06:07] <trulux> but it can emulate it per-page
[06:07] <bluefoxicy> (very few things actually break because of PaX, and they can all be marked and/or fixed.  It's worth more to force those vendors to mark/fix their code than to leave us open to attacks on ALL 3rd party software)
[06:08] <trulux> or use hardware support
[06:08] <Treenaks> trulux: yes, but with the hardware bit it's faster
[06:08] <trulux> of course
[06:08] <bluefoxicy> Treenaks:  slightly :)
[06:08] <trulux> ;D
[06:08] <Treenaks> bluefoxicy: hey at least it's not slower with the bit than without ;)
[06:08] <bluefoxicy> 0.7% just about with SEGMEXEC emulation, versus 0.0% with NX bit in hardware
[06:09] <trulux> btw, any guy here playing around SELinux?
[06:10] <trulux> any good kernel hacker also?
[06:10] <Treenaks> trulux: why? why not make the 2.6 one work on the machine you use 2.4 on?
[06:11] <trulux> Treenaks, think on this: most enterpriuses still use 2.4 because it's more stable, migration to 2.6 when using special stuff is painful, development for 2.6 requires full time attention to source changes, etc
[06:12] <trulux> also because you don't need to move to 2.6 if you don't use SMP with more than 4 CPU
[06:12] <Treenaks> yet
[06:12] <trulux> i've talked about this with sarnold from Immunix and we think it's worthy, so, i do it
[06:12] <Treenaks> one day 2.4 will be unsupported :)
[06:12] <trulux> Treenaks, as 2.2?
[06:12] <Treenaks> and 2.0, and 1.3
[06:12] <trulux> one day we wouldn't exist
[06:13] <Treenaks> try finding a shop still running 1.3
[06:13] <trulux> ;)
[06:13] <trulux> 2.4 will get unsupported after 2.7 gets started and that wouldn't happen in a reasonable time manner
[06:13] <trulux> Amen.
[06:13] <trulux> ;-)
[06:18] <bluefoxicy> there.  https://www.ubuntulinux.org/wiki/USNAnalysis created.
[06:23] <gsuveg> can i ask from (me importan) features ?
[06:24] <bluefoxicy> ?
[06:24] <gsuveg> can i use pptp with ppp_mppe_mppc
[06:24] <gsuveg> ?
[06:26] <trulux> bluefoxicy, just listening to NY radio
[06:26] <trulux> pure fun
[06:26] <trulux> a girl talking "ever++"
[06:28] <Treenaks> gsuveg: what are those? kernel modules?
[06:29] <gsuveg> Treenaks: yes. kernel module for ms vpn
[06:29] <gsuveg> pptpclient
[06:30] <gsuveg> hmm?
[06:30] <Treenaks> gsuveg: are they not included in ubuntu?
[06:30] <Treenaks> (you might want to move to #ubuntu if they are -- this is not really a "support" channel)
[06:31] <gsuveg> Treenaks: now idont use ubuntu - im actualy under gentoo
[06:31] <Treenaks> gsuveg: hmm. OK :) well what's with the kernel modules?
[06:31] <gsuveg> but my new asus notebook works better with ubuntu
[06:32] <gsuveg> i this help, im registered in rosetta ;)
[06:32] <gsuveg> Treenaks: pptpclient is in ubuntu repo ?
[06:33] <Treenaks> gsuveg: pptp-linux - Point-to-Point Tunneling Protocol (PPTP) Client
[06:33] <gsuveg> Treenaks: thanks
[06:33] <Treenaks> the mpppe kernel modules are as well
[06:33] <Treenaks> uh mppe
[06:33] <gsuveg> cool
[06:33] <gsuveg> thanks
[06:33] <gsuveg> jdk ?
[06:34] <gsuveg> maybe can i see packages list ?
[06:34] <Treenaks> jdk is not included by default, but a good howto is on the wiki (http://www.ubuntulinux.org/wiki/)
[06:34] <Treenaks> there is no simple web-based package-list yet, but you can assume most Debian software (at least) is in there
[06:34] <gsuveg> how many packages in repo ?
[06:35] <gsuveg> i dont use debian years ago
[06:37] <Treenaks> gsuveg: try packages.debian.org
[06:37] <Treenaks> tenthousands :)
[06:37] <trulux> Treenaks, without counting unofficial ones
[06:38] <trulux> and hardened debian ones which are a good couple
[06:38] <trulux> bluefoxicy, ;-)
[06:39] <gsuveg> Treenaks: good. thats avaliably in ubuntu repo ?
[06:39] <gsuveg> le
[06:39] <Treenaks> gsuveg: most are, only the really weird ones, and those that didn't build aren't available
[06:39] <gsuveg> good
[06:40] <gsuveg> Treenaks: then the next: im start translate in rosetta
[06:40] <gsuveg> yesterday im made a small part
[06:41] <gsuveg> the installer come from debian ?
[06:41] <Treenaks> gsuveg: yes, everything comes from debian
[06:43] <gsuveg> Treenaks: then, ub. is fork, or next releases uses debian codes ?
[06:43] <trulux> btw, who manages the ubuntu planet?
[06:57] <AndyFitz> any aussies awake ?
[06:58] <AndyFitz> I very much doubt it. :P   ah wells .  looks like I'll be going to linuxconf.au
[06:59] <bluefoxicy> hmm
[06:59] <bluefoxicy> hey
[06:59] <bluefoxicy> blackdown-jdk (and every other jre/jdk) isn't in debian or ubuntu is it
[07:00] <bluefoxicy> this leaves both without any control over 'em
[07:00] <bluefoxicy> hr.
[07:00] <bluefoxicy> First deployment of PaX is 100% guaranteed to break Java
[07:00] <bluefoxicy> maybe it'll be enough of a boot to the head to get blackdown/sun/IBM to use chpax at least to mark 'em (if not rebuild with PT_PAX_FLAGS and mark with paxctl)
[07:01] <trulux> bluefoxicy, you didn't read my whitepaper about debian hardening....
[07:01] <bluefoxicy> trulux:  nope
[07:01] <bluefoxicy> you had one?
[07:01] <trulux> flags for Java related binaries are known and java works well with them
[07:01] <bluefoxicy> yes
[07:01] <trulux> bluefoxicy, of course
[07:01] <trulux> 42 pages
[07:01] <trulux> unfinished
[07:01] <bluefoxicy> but I mean, if the binaries come pre-marked
[07:01] <bluefoxicy> and aren't post-marked from a database
[07:02] <trulux> yeah, i'm building a database
[07:02] <bluefoxicy> then we're only concerned with what's in ubuntu/debian's world
[07:02] <trulux> but don't say it, it's secret ;D
[07:02] <bluefoxicy> which doesn't include java :P
[07:02] <trulux> ;D
[07:02] <bluefoxicy> personally I think a kick in the head will be good for the third party packagers
[07:02] <trulux> or in the ass
[07:03] <bluefoxicy> they might actually wake up and figure out that something's different :P
[07:03] <trulux> a bloody ass makes wonderful things
[07:03] <bluefoxicy> heh
[07:03] <trulux> bluefoxicy, anyway is our responsability to get them in the rid <- this sounds worst than any other thing i've heard on an irc channel
[07:04] <bluefoxicy> o.o
[07:04] <bluefoxicy> heh
[07:26] <trulux> bluefoxicy, btw, still using hardened gentoo?
[09:17] <trulux> pitti, hey!!
[09:18] <pitti> hi trulux
[09:18] <trulux> is it pitti is it really? it's pitti!
[09:18] <trulux> ;D
[09:18] <pitti> night
[09:18] <trulux> pitti, i've uploaded the hoary gcc pkgs
[09:18] <trulux> tested also
[09:18] <pitti> later, please
[09:18] <trulux> work fast and smooth
[09:18] <trulux> pitti, kay
[09:21] <sjoerd> trulux: he is pretending to be tired ;)
[09:29] <trulux> sjoerd, heh
[09:29] <trulux> sjoerd, for test the security of the forthcoming changes i'm finishing a regression test suite
[09:30] <trulux> we will be able to see what's failing in security terms with the new packages
[09:31] <bluefoxicy> trulux:  yes, still on hardened gentoo amd64
[09:35] <trulux> bluefoxicy, why?
[09:37] <bluefoxicy> ahh fucking bright
[10:19] <trulux> heh