| LjL | meh, i was hoping kagar's link would have been something that'd let me ban him for good. | 00:02 |
|---|---|---|
| Tm_T | :( | 00:03 |
| LjL | hey, there's m0nk too now, wasn't he also an annoying fellow | 00:03 |
| Tm_T | annoyance = count(lol)^2 ? | 00:04 |
| LjL | that's a powerful but not entirely accurate estimate | 00:05 |
| Pici | !o4o | 00:08 |
| ubotu | Some things are inappropriate for #ubuntu-ops. Controversial topics, which always turn into flamewars: war, race, religion, politics (unless related to software licencing), gender, sexuality, drugs, questionable legal activities, removing of oneself from the planet (except by space or time travel) are not for here, perhaps #off-topic or ##politics. Microsoft software in ##windows (Please note Freenode Policy) - Thanks. | 00:08 |
| Tm_T | :p | 00:09 |
| Tm_T | quiet channel allright | 00:09 |
| PriceChild | Pici, erm i might not be in the best possible frame of mind... but would agree one more modding thing from m0nk deserves a warning remove? | 00:09 |
| Pici | PriceChild: yep | 00:10 |
| PriceChild | *would you | 00:10 |
| Tm_T | PriceChild: with message saying hello from me! | 00:10 |
| PriceChild | Tm_T, hmm? | 00:10 |
| Tm_T | yes | 00:11 |
| PriceChild | I concur. | 00:11 |
| Tm_T | when you remove him, do it with message saying hello from me | 00:11 |
| PriceChild | ahhhh | 00:12 |
| LjL | look, m0nk doesn't seem to have anything close to a good bantracker curriculum | 00:24 |
| LjL | and his nickname ringed a bell on me as soon as he joined | 00:24 |
| LjL | BUT | 00:24 |
| LjL | please don't push this "illegal activities" thing so much... hell, we're the ones who need to do something "illegal" in many jurisdictions just to watch DVD's on our OS | 00:24 |
| LjL | soldering the hardware you bought is NOT a questionably legal activity in my book, and i'm fed up with that nonsense | 00:25 |
| Pici | I kind of agree... but... where do we stop the conversation? | 00:26 |
| tonyyarusso | things that are both illegal and sane to be so | 00:26 |
| LjL | at *really* illegal things i say. at things that were illegal 20 years ago too not just that were made illegal by some idiot of the digital age | 00:27 |
| PriceChild | LjL, you disagree with me objecting to the hardware modding thing? | 00:27 |
| LjL | PriceChild, it probably sounds stronger than it should, but it's just that i've had this discussion before with seveas about some other "questionably legal" matter... but yeah, basically | 00:29 |
| PriceChild | LjL, hehe ok, i'll ignore it if it comes up again | 00:29 |
| LjL | i've been thinking myself of buying a PSP, just because it's cool hardware at a sane price, and if i break the stupid firmware, i can do every kind of cool things with it | 00:29 |
| LjL | that may be questionably legal in insane countries. | 00:29 |
| LjL | as is installing libdvdcss2. | 00:30 |
| LjL | PriceChild: i repeat, m0nk is probably a troll, it's just... it gets on my nerves, "it can be used for illegal things" - yeah, like anything. | 00:30 |
| PriceChild | it wasn't the best retort | 00:31 |
| PriceChild | I've not problem with people doing these things.... but I just don't like the idea of them being accepted in ubuntu culture etc. | 00:32 |
| LjL | PriceChild, then why do you accept that we have a !dvd factoid telling people where to get libdvdcss2? that's as DMCA protected as modifying your (own) hardware. | 00:32 |
| LjL | before we even notice, we'll have a TC chip in our computers and it will be illegal to even try to bypass it. | 00:33 |
| LjL | i don't want *that* to be taken as "just" and granted in the ubuntu community | 00:33 |
| LjL | because it isn't | 00:33 |
| Tm_T | interesting | 00:33 |
| Pici | Good point. | 00:34 |
| Pici | Especially because we were talking about jailbreaking the iphone a few minutes before the xbox discussion | 00:34 |
| LjL | you can "mod" a console or a phone or whatever in order to install pirated stuff on it | 00:34 |
| LjL | *and* you can "mod" it because you want to install linux, or for that matter your own kernel that you've wrote, or a nice hack that does something novel, on it | 00:35 |
| Pici | Right, if the discussion strays into piracy, its in the questionably legal part. | 00:35 |
| LjL | illegal should be installing pirated stuff, not modding per se | 00:35 |
| jdong | LjL: and if the manufacturer prohibits modding? | 00:35 |
| jdong | i.e. the last I heard iPhone jailbreaking in the USA does constitute EULA violation | 00:35 |
| elkbuntu | piracy is probably the lower level of 'questionably legal' | 00:35 |
| LjL | jdong: i usually don't buy *hardware* on a license. | 00:35 |
| LjL | and if i do, that license may not be valid anyway | 00:36 |
| LjL | and we're not lawyers | 00:36 |
| jdong | LjL: you must modify (in fact, compromise) the software in order to jailbreak | 00:36 |
| LjL | and we're not located in any given country, this is an IRC network | 00:36 |
| LjL | so what laws apply here? none, really, only what we decide to allow | 00:36 |
| jdong | LjL: ok, agreed :) | 00:36 |
| LjL | and i think we should decide to allow sane discussions about putting software on hardware | 00:36 |
| Seeker` | LjL: whatever laws apply in the country the server is located in? | 00:37 |
| PriceChild | LjL, sorry for late reply... "double standards" :P | 00:37 |
| jdong | LjL: I'm all for educational talking about piracy, software vulnerabilities, etc | 00:37 |
| Pici | Unfortunately, I think that this might be one of those "I'll know it when I see it" type of things. | 00:37 |
| jdong | LjL: just at times I worry about who is listening. | 00:37 |
| LjL | Seeker`: freenode has several servers, located in several countries, and messages may or may not be repeated to a given server depending on whether there is a user from that server in the channel. | 00:37 |
| Seeker` | LjL: And surely if a message that is illegal in country X reaches a server in that country, the law has been broken? | 00:38 |
| LjL | PriceChild, double standards is something we can't avoid. *anything* is going to be illegal in at least one of the 200-something countries there are in the world, really. we cannot prohibit everything, so we should find a line *we* find reasonable. | 00:39 |
| LjL | Seeker`: it would depend on what that country's law says about breaking laws in other countries while affecting the affected country. | 00:40 |
| Tm_T | LjL: true there | 00:40 |
| Pici | Hardware modding = okay, hacking = okay, cracking = not okay, piracy = not okay | 00:40 |
| jdong | Pici: how do you draw the border between all 4 though.... | 00:40 |
| Tm_T | hacking = fiddling with technology | 00:40 |
| jdong | they're virtually the same thing | 00:40 |
| Pici | jdong: nope. I dont. | 00:40 |
| elkbuntu | Pici, the problem is hacking and cracking is the media induced ambiguity | 00:40 |
| Pici | Well, I do, but its a fine line. | 00:40 |
| Tm_T | hacking itself has nothing illegal, its just matter of using technology | 00:40 |
| PriceChild | elkbuntu, LjL, choose a date/time! :) | 00:41 |
| jdong | in the words of Mako as we were jailbreaking the iPhone and extracting a tarball, and he say libreadline4.dynlib pop up.... "Hey! that's a GPL violation!" | 00:41 |
| jdong | :D | 00:41 |
| Pici | PriceChild: I was just thinking that :) | 00:41 |
| LjL | Pici: i agree, although those are just specimens and not a general line. perhaps a general line is hard to find, for that matter. but, perhaps a good thing to ask is: "does this law negatively affect distribution of otherwise and previously *legal* open source software that will be useful to normal Ubuntu users?" - if yes, then it's a law we should be wary of. | 00:41 |
| LjL | PriceChild: you want to put this in the meeting too? brr scary. what about we just fight over it in here informally :P | 00:42 |
| * Pici looks for the irc council wiki page | 00:42 | |
| PriceChild | LjL, as I've mentioned, I'm not in the best frame of mind to make real decisions so ask me again tomorrow ;) | 00:43 |
| LjL | okay | 00:43 |
| PriceChild | hmmm decss convo in -offtopic :) | 00:44 |
| elkbuntu | PriceChild, sometime between utc midnight and utc 2pm | 00:44 |
| LjL | anyway i'd rather we just settled on what line to keep about legality informally and avoided it being in the meetings log | 00:44 |
| LjL | PriceChild: for that matter they've started with the illegal prime number just while i started this discussion | 00:44 |
| LjL | !dvd | 00:44 |
| ubotu | For playing DVD, see http://help.ubuntu.com/ubuntu/desktopguide/C/video.html - "libdvdcss2" can be found at !Medibuntu or (for Feisty and earlier) http://wiki.ubuntu.com/SeveasPackages - Try k9copy (available in !Universe) for backing up DVDs | 00:44 |
| PriceChild | LjL, what time suits you best in that range? | 00:45 |
| LjL | how are we going to disallow decss convos when we have that factoid? shall we remove that factoid? (i don't think so) | 00:45 |
| PriceChild | 00:00 - 14:00 utc | 00:45 |
| Seeker` | how can a number be illegal? | 00:45 |
| LjL | PriceChild, 0:00 | 00:45 |
| PriceChild | LjL, really? | 00:45 |
| LjL | PriceChild: yeah, i'm in bed at 14:00 - or on the good days, i'm making breakfast | 00:45 |
| PriceChild | LjL, that was a range, not just two times? | 00:46 |
| PriceChild | If you're still happy with 00:00... what about 00:00 thursday (ie border of weds/thurs) ? | 00:46 |
| LjL | PriceChild: err yeah, i usually sleep from about 3:00 utc to 13:30 utc | 00:46 |
| PriceChild | LjL, hehe that's the way to do it! | 00:46 |
| PriceChild | nalioth, you happy with the above? | 00:47 |
| nalioth | above of what? | 00:47 |
| elkbuntu | nalioth, time for council meeting | 00:48 |
| PriceChild | nalioth, ie... 00:00 thursday (weds/thurs border) | 00:48 |
| nalioth | local time now is 1848 Sunday November 4, 2007 | 00:49 |
| PriceChild | hmm? | 00:49 |
| * nalioth is lost | 00:50 | |
| elkbuntu | nalioth, we're asking you if you can attend an irc council meeting at 00:00 hrs thursday morning | 00:50 |
| LjL | ah wait thursday though... to really be sure i can come in time, that should be either 0:30, or not thursday | 00:50 |
| elkbuntu | we can make it 01:00 to be sure | 00:51 |
| * nalioth is lost | 00:51 | |
| AndrewB | GMt? | 00:51 |
| LjL | @now | 00:51 |
| ubotu | Current time in Etc/UTC: November 05 2007, 00:51:18 - Next meeting: Edubuntu Team in 2 days | 00:51 |
| PriceChild | AndrewB, utc | 00:51 |
| LjL | AndrewB: GMT/UTC, yes | 00:51 |
| AndrewB | Not that it matters to me, just being nosy and peaking in. | 00:52 |
| LjL | elkbuntu, 1:00 would be fine, but 0:30 should also most definitely be ok. 0:00 i'd probably have to skip the thursday cinema ;) | 00:52 |
| PriceChild | ok then... 01:00 thursday? | 00:53 |
| PriceChild | ie this time in four days | 00:53 |
| nalioth | PriceChild: fine. | 00:54 |
| LjL | nalioth: that should be 19:00 your time | 00:54 |
| elkbuntu | yep | 00:54 |
| PriceChild | Ok cool, I'll edit the wiki page and mail ubuntu-irc | 00:54 |
| PriceChild | we should get it on fridge really also | 00:54 |
| PriceChild | I've emailed the fridge people. | 01:02 |
| Tm_T | elkbuntu: I thank you | 01:04 |
| ubotu | IndyGunFreak called the ops in #ubuntu () | 01:16 |
| Tm_T | () | 01:17 |
| Tm_T | nooooooo | 01:17 |
| jdong | ok, the () is kinda irritating when there's nothing in between | 01:18 |
| Tm_T | its not | 01:18 |
| jdong | it's like lisp without a payload. | 01:18 |
| Tm_T | its hilarious =) | 01:18 |
| Tm_T | )( | 01:18 |
| Tm_T | or even... | 01:19 |
| Tm_T | no, shame, cant do that | 01:19 |
| jdong | Tm_T: I fear I may have known where you were going with that ;-) | 01:19 |
| LjL | jdong, it's only irritating to someone whose brain automatically sees "lisp without a payload" in it. | 01:20 |
| LjL | pebkac | 01:20 |
| jdong | LjL: well excuse me for taking a Scheme class at the Institute :) | 01:20 |
| Tm_T | jdong: I assume you don't know | 01:20 |
| Tm_K | ツ | 01:21 |
| Tm_T | that one =) | 01:21 |
| LjL | meh, and you need to join another client for it? :P | 01:22 |
| Tm_T | because I have utf-8 -> iso8859-15 -> utf-8 recoding | 01:22 |
| Tm_T | so it breaks it if I try it with this one :( | 01:23 |
| * jdong glares at his iTerm for unicode suckiness | 01:23 | |
| Seeker` | Tm_T: How do you do that char? | 01:25 |
| Tm_T | by copy-paste or in Kopete, its autoreplaced | 01:26 |
| Tm_T | or sure I can bind it too | 01:26 |
| Tm_T | Jucato: good morning | 01:33 |
| * Jucato waves | 01:33 | |
| Seeker` | who is Corey on irc? | 01:38 |
| tonyyarusso | Seeker`: Burger? | 01:38 |
| Seeker` | yeah | 01:39 |
| tonyyarusso | Burgundavia | 01:39 |
| tonyyarusso | One of those people who needs 48-hour days. | 01:45 |
| tonyyarusso | At least now it's a legitimate excuse (school), not just a new girlfriend :P | 01:45 |
| Seeker` | heh | 01:46 |
| elkbuntu | burgundavia went back to school? | 01:47 |
| tonyyarusso | yeah | 01:48 |
| ubotu | scguy318 called the ops in #ubuntu () | 02:34 |
| LjL | !no botabuse is <reply> Please investigate with me only in /msg or in #ubuntu-bots (type also /msg ubotu Bot). Don't use commands in the public channels if you don't know if they really exist. Also avoid adding joke/useless factoids. | 02:46 |
| ubotu | I'll remember that LjL | 02:46 |
| Tm_T | um? | 03:01 |
| Tm_T | is that partly to us? | 03:01 |
| LjL | who "us"? | 03:01 |
| LjL | it's mostly to an #ubuntu guy who was annoyed at me calling !fishing on him although he only used one factoid | 03:01 |
| Tm_T | I mean that last sentence | 03:02 |
| Tm_T | us who have "the ultimate power" | 03:02 |
| Tm_T | or can others add useless factoids? | 03:02 |
| LjL | ah no, that's been already there for a while... it's mostly to avoid seeing idiotic edit requests in here :P | 03:02 |
| LjL | Tm_T: they can't *add* them, but we'll still see them here | 03:02 |
| Tm_T | ah, true | 03:03 |
| Tm_T | you dont like them humouring us? | 03:03 |
| LjL | Tm_T: depends on the quality of the humor really | 03:03 |
| Tm_T | true | 03:03 |
| LjL | the really witty ones won't be scared of doing it anyway regardless of what !botabuse says ;P | 03:04 |
| Tm_T | :)) | 03:04 |
| LjL | then, they get a ban, but oh well, that's what you pay for good humor | 03:04 |
| Tm_T | true | 03:04 |
| ubotu | scguy318 called the ops in #ubuntu () | 03:14 |
| Tm_T | gah | 03:16 |
| Tm_T | one of these moments when I would like to have op rights in #ubuntu too | 03:16 |
| * mneptok waves from plymouth | 05:46 | |
| ubotu | In ubotu, ajcates_ said: what is your name? | 05:49 |
| elkbuntu | lol | 06:05 |
| elkbuntu | someone's trying to befriend the bot | 06:06 |
| Myrtti | /me runs away | 07:59 |
| ubotu | Chousuke called the ops in #kubuntu () | 10:18 |
| === GazzaK is now known as Gary | ||
| ubotu | In ubotu, m0u5e said: !linus is Linus Benedict Torvalds (born December 28, 1969 in Helsinki, Finland) is a Finnish software engineer best known for initiating the development of the Linux kernel. [wiki] | 10:34 |
| elkbuntu | Amaranth, would XGL using like 15+% mem have anything to do with config stuff you did back in spain messing with the gutsy config stuff? | 10:53 |
| ubotu | dgjones called the ops in #ubuntu (PNK-KR, spamming, quitting & rejoining) | 11:09 |
| elkbuntu | done | 11:11 |
| elkbuntu | staffers, look into the pnk-kr individual please. spamming ubuntu from multiple ips promoting #chatland. might be worth investigating the channel itself | 11:15 |
| ubotu | In #ubuntu, computer12345 said: !ask is there a program so my users can only surf certain websites? like parental control kind of stuff | 11:18 |
| ubotu | In #ubuntu, Ackdar said: !ask is a bot command which triggers ubotu to output helpful information. And I can't answer you question. | 11:20 |
| Myrtti | lol | 11:22 |
| PriceChild | Myrtti, meeting is on fridge btw | 11:25 |
| Myrtti | yeah, I know | 11:32 |
| Myrtti | I just would've liked only the irc meeting icss | 11:32 |
| PriceChild | ah :/ | 11:35 |
| Myrtti | but this is okay too | 11:37 |
| PriceChild | Myrtti, I've made a google calendar one | 11:38 |
| PriceChild | !staff | 11:45 |
| ubotu | Hey nalioth, jenda, rob, SportChick, seanw, BearPerson or ompaul! I could use a bit of your time :) | 11:45 |
| PriceChild | Did someone catch <RedMachineD> ? | 11:45 |
| PriceChild | with k-line or w/e? | 11:45 |
| PriceChild | gah he just got #gentoo also so I guess not | 11:46 |
| PriceChild | Yay he got no people in #ubuntu and only 2 in #gen :) | 11:46 |
| PriceChild | 3 in #debian... | 11:47 |
| PriceChild | Hey Dragon64, how can we help? | 12:23 |
| Dragon64 | I was just reading through your web site rules | 12:23 |
| Daviey | guess he didn't like what he read then.. | 12:25 |
| PriceChild | name rings a bell | 12:26 |
| ubotu | soundray called the ops in #ubuntu (lazuardi spamming) | 12:44 |
| jrib | done | 12:45 |
| Pici | yay | 12:45 |
| ubotu | In ubotu, dbmoodb said: well dpkg is better than you | 14:38 |
| Hobbsee | LjL: i think it should be there, (rootsudo page), as there are times where you want to be logged in as root via console | 14:38 |
| Hobbsee | otherwise, what's the point in being able to remove it again? | 14:39 |
| Hobbsee | @42 | 14:42 |
| ubotu | MasterShrek called the ops in #ubuntu (_a2e_TyraeL^aw) | 15:09 |
| === _jason is now known as jrib | ||
| gnomefreak | god i hate my lug :( | 16:02 |
| Pici | Whys that? | 16:02 |
| gnomefreak | server errors always server errors | 16:03 |
| jdong | there's a Launchpad LUG? | 16:03 |
| gnomefreak | my lug offers shell and webmail im trying to get and it HATES me | 16:04 |
| jdong | gnomefreak: heh that's usually not a good sign as to the dependendability/security of the serivce | 16:04 |
| gnomefreak | jdong, yep but crimsun and otehr members dont have this issue | 16:05 |
| jdong | gnomefreak: they hate you :) | 16:06 |
| jdong | gnomefreak: look in /etc/bash.bashrc, I bet it tests for your username ;-) | 16:06 |
| gnomefreak | its starting to seem that way but someone is looking at it when hes done playing with the bot | 16:06 |
| gnomefreak | jdong, not on linux atm :( but i gave it my email and member id number | 16:07 |
| gnomefreak | as i should have | 16:07 |
| gnomefreak | than i get internal 500 | 16:07 |
| jdong | gnomefreak: eep, sounds like CGI bug :) | 16:07 |
| gnomefreak | yep was thinking that as well | 16:08 |
| gnomefreak | brb | 16:10 |
| gerro | hmm | 16:31 |
| PriceChild | gerro, HackXP, how can I help? | 16:32 |
| HackXP | PriceChild, I don't need any help. I guess that means I need to leave then, doesn't it? heh. | 16:33 |
| HackXP | PriceChild, Just looking around is all. | 16:34 |
| gnomefreak | how do i take my away down in xchat /away doesnt work | 16:38 |
| PriceChild | alt+a | 16:38 |
| Pici | /back perhaps | 16:38 |
| gnomefreak | ah ty | 16:38 |
| gnomefreak | ah ty | 16:38 |
| gnomefreak | damn | 16:38 |
| gerro | gnomefreak: settings>preferences>chatting>general there is option to not announce away if you forget | 16:40 |
| mc44 | and also to automatically unmark away | 16:40 |
| gnomefreak | gerro, i dont announce aways | 16:40 |
| gerro | oh is that something different?.. | 16:40 |
| ubotu | IdleOne called the ops in #ubuntu+1 (Niteye) | 16:40 |
| Pici | I love how the irssi faq adds that how its horribly annoying to a) autorejoin and b) use public aways | 16:41 |
| PriceChild | gerro, can I help you? | 16:41 |
| gerro | PriceChild: I don't know | 16:42 |
| Pici | gerro: I think the question is... why are you here? in -ops? | 16:42 |
| gerro | no clue really just observing | 16:43 |
| * gnomefreak wonders what is exciting about ops? | 16:44 | |
| PriceChild | gnomefreak, our shiny hammers? | 16:45 |
| gnomefreak | maybe | 16:45 |
| Pici | Are we not enforcing the rule we discussed on the mailing list? | 16:47 |
| gnomefreak | Pici, pick one, if you mean lurking i think we are | 16:47 |
| Pici | gnomefreak: Thats the one. | 16:48 |
| gnomefreak | ;) | 16:48 |
| gerro | Pici: how does one get added to that mailing list? | 16:48 |
| gnomefreak | Pici, i leave it up to who asks if the usr can be helped | 16:48 |
| Pici | !lists | gerro | 16:48 |
| ubotu | gerro: mail is another medium to communicate. Ubuntu mailinglists can be found at http://lists.ubuntu.com | 16:48 |
| Pici | gnomefreak: Agreed. | 16:48 |
| Pici | gerro: we're listed somewhere on that page, its a public list. | 16:49 |
| gerro | kind of a lot of them | 16:49 |
| gnomefreak | its ubuntu-irc afaik | 16:49 |
| Pici | search for IRC | 16:49 |
| * gnomefreak needs to lighten my ML load one of these days | 16:50 | |
| PriceChild | gerro, so why are you observing... you randomly arrive here and seem to know nothing of ubuntu processes, who we are or what we do etc. - why the sudden interest? | 16:50 |
| gerro | well I got banned from #ubuntu and was told to go here so I observed here for a long while and got my morning coffee decided to drop in. Besides some mentioned irc changes and stuff I was generally clueless so thought I would check in on things | 16:51 |
| gnomefreak | gerro, if you were banned the best thing to do is tell us so we can find it and help you with it (if your looking to be unbanned ) | 16:52 |
| gerro | nah I would probably just get banned again, I don't mind just listening in | 16:53 |
| gnomefreak | gerro, this isnt a channel to lurk/idle in (should be in topic iirc) | 16:53 |
| gnomefreak | yep still is | 16:53 |
| gnomefreak | brb smoke | 16:54 |
| gerro | oh | 16:54 |
| PriceChild | Oh sorry now I remember you gerro... | 16:54 |
| * Pici strokes PriceChild's chin | 16:54 | |
| PriceChild | gerro, If there is nothing that we can help you with, I would appreciate you /part'ing. | 16:55 |
| gerro | well I don't like to scare beginners off from using command line and put fear into people that they might rm the cure for cancer or something so I got banned. And PriceChild was okay with me idling last time while I was muted for bringing up the issue of my being banned so I thought I should just observe and try to learn something | 16:55 |
| PriceChild | gerro, you were not muted for bringing up the subject of your ban. | 16:56 |
| PriceChild | We are more than happy to discuss our actions here publically. | 16:57 |
| gerro | you state you know that but what was the reason then? | 16:57 |
| PriceChild | You were muted here because we were fed up of your discussion... there was nothing further to gain. You refuse to accept our right to dissuade people giving bad advice in #ubuntu etc. | 16:58 |
| PriceChild | I am NOT going to discuss that further... because our stance has not changed. | 16:58 |
| gerro | so long as people keep discussing then I will do the same | 16:58 |
| PriceChild | people aren't... you're trying to | 16:58 |
| gerro | I'm just sitting here | 16:59 |
| PriceChild | gerro, and I would rather you didn't. | 16:59 |
| gerro | isn't this the channel to go to? | 16:59 |
| PriceChild | pardon? | 16:59 |
| gerro | I was told when banned from #ubuntu to go to here | 17:00 |
| PriceChild | But that is not why you are here now... | 17:00 |
| gerro | well normally I would be in #ubuntu | 17:00 |
| Tm_T | gerro: advice, dont get banned | 17:01 |
| PriceChild | this channel isn't for idling | 17:01 |
| gerro | isn't that what you are doing yourself? | 17:01 |
| PriceChild | Its not a "#ubuntu2" | 17:01 |
| PriceChild | gerro, please don't try and be clever... | 17:01 |
| Pici | gerro: It may not look it right now, but we do ops like stuff in here. | 17:01 |
| gerro | you said that last time as if clever has some extra meaning.. | 17:01 |
| gnomefreak | he will be back | 17:02 |
| Pici | Probably. | 17:02 |
| PriceChild | of course he will | 17:02 |
| gnomefreak | what advice did he give in #ubuntu that was bad? i remmeber name but that is about it | 17:03 |
| Pici | Something about using rm -rf, and also about manually installing apps in /usr/bin. I think. | 17:04 |
| Pici | It was trivial, but he turned it into a drawn out argument. | 17:04 |
| gnomefreak | rm -rf is fine to use. | 17:04 |
| PriceChild | was messing around removing files managed by apt | 17:04 |
| PriceChild | and suggesting that as a good thing to other users | 17:04 |
| gnomefreak | ah | 17:05 |
| gnomefreak | that isnt nice | 17:05 |
| PriceChild | then contested us when we tried to explain that users don't know good advice from bad, and so we only want good advice given in #ubuntu | 17:05 |
| gnomefreak | only one that is fairly safe to remove is /etc/apt/sources.list.d ;) | 17:05 |
| gerro | I joined #ubuntu-ops because I thought it followed the same principles as open source as in open to show how the handling of ubuntu irc is done however it is not and everything in it is heavily regulated and happens behind closed doors. | 17:05 |
| gerro | that is answer to your question Pici about those ops stuff | 17:06 |
| gnomefreak | gerro, what does open source have to do with irc rules? | 17:06 |
| gerro | and the answer to why I am so dumbfounded of my surroundings | 17:06 |
| PriceChild | gerro, so far you've refused to abide by the ubuntu-irc guidelines, specifically against the "be helpful" bit. We have guidelines and we abide by them. | 17:06 |
| gnomefreak | the rules pages are there for anyone to read and we dont have a source package to make OS | 17:06 |
| gerro | gnomefreak: being helpful is not proprietarily not following open guidelines | 17:07 |
| gnomefreak | gerro, its also not open source in any way | 17:07 |
| Pici | We've had problems in the past with people we dont know idling here, potentially the same people who took part in botnet attacks on #ubuntu. | 17:07 |
| PriceChild | gerro, ^ | 17:07 |
| gerro | I really don't understand what you just mentioned | 17:08 |
| PriceChild | gerro, and personally I wouldn't want you privy to important realtime information going through this channel. | 17:08 |
| gerro | why because I'm too much a newb like all those in #ubuntu you discriminated against yesterday? | 17:08 |
| gnomefreak | brb seems there is a problem | 17:08 |
| gerro | I just want to learn about things happening with #ubuntu related stuff | 17:08 |
| PriceChild | gerro, we didn't discriminate against you? :/ | 17:09 |
| PriceChild | gerro, you wanted to be able to give bad advice freely... so we've stopped you. | 17:09 |
| gerro | I wanted to be able to say whatever I liked about ubuntu | 17:09 |
| PriceChild | gerro, you can do that on your own server in your own country | 17:09 |
| PriceChild | But not in our channel. | 17:09 |
| gnomefreak | Pici, are you an op in #ubntu? | 17:09 |
| PriceChild | (and no ubuntu isn't a democracy etc. etc.) | 17:09 |
| Pici | gnomefreak: yeah, whats up? | 17:09 |
| gerro | I didn't say that | 17:09 |
| PriceChild | i read what you said, and answered it. | 17:10 |
| gnomefreak | Pici, not sure. i got pm from someone on how to talk to dev/admin for #ubuntu but he seemed to just joined there | 17:10 |
| gnomefreak | Pici, i thought maybe something happened since i wasnt there i dont know | 17:10 |
| PriceChild | gnomefreak, nothing that I can see... | 17:11 |
| Pici | gnomefreak: perhaps someone who was kicked/banned/forwarded to read-topic? | 17:11 |
| PriceChild | gnomefreak, give him /msg chanserv access #ubuntu list, or this channel if he wants non-support questions etc. | 17:11 |
| gnomefreak | PriceChild, ty | 17:11 |
| PriceChild | gnomefreak, he's got me in pm | 17:12 |
| gerro | I'll help others without some strict guideline criteria. There is no curiculum or testing of users. I help because I care about others. | 17:12 |
| gnomefreak | wtf | 17:12 |
| gerro | and if that isn't good enough then I don't care | 17:12 |
| gnomefreak | PriceChild, as ok ty | 17:12 |
| PriceChild | gerro, tough... we have guidelines. EOD | 17:13 |
| gerro | I stayed on topic | 17:13 |
| Myrtti | this discussion is hard to follow | 17:13 |
| PriceChild | gerro, there are more to guidelines than staying on topic | 17:13 |
| gerro | Myrtti: it basically goes PriceChild wants to define what is "helpful" or "user friendly" | 17:13 |
| gerro | with the definition of everyone who uses ubuntu is an idiot | 17:13 |
| Myrtti | where's my voice... | 17:13 |
| gnomefreak | Myrtti, i stole it ;) | 17:13 |
| Tm_T | Myrtti: here | 17:14 |
| Myrtti | damn | 17:14 |
| Tm_T | "no, I am Spartacus!" | 17:14 |
| PriceChild | Myrtti, identify | 17:14 |
| Seeker` | gerro: that is not just PriceChild's definition | 17:14 |
| gerro | I know Seeker` it is a very common rumor that has spread around but I don't like to degrade people based on what operating system they use. | 17:15 |
| Pici | gerro: Most of the people asking question is #ubuntu are using it for the first time. Some of them are using IRC for the first time. | 17:15 |
| Myrtti | PriceChild: it's so difficult with 770 | 17:15 |
| gerro | Pici: then what general ubuntu irc do we use if its not the first time | 17:15 |
| Seeker` | gerro: who is degrading people based on their OS? | 17:15 |
| gerro | Seeker`: PriceChild | 17:16 |
| Seeker` | gerro: How so? | 17:16 |
| Pici | gerro: Thats not what I said. | 17:16 |
| PriceChild | gerro, i'm not degrading, i'm just assuming nothing. | 17:16 |
| PriceChild | gerro, we can not assume they know what is a good idea, and what the full affects of your advice are. | 17:16 |
| gerro | Seeker`: the claim that those that use #ubuntu are beginners, ignorant and do not know how to use command line etc | 17:16 |
| PriceChild | gerro, not ignorant... just uneducated | 17:16 |
| Myrtti | most of them are beginners. period | 17:17 |
| Seeker` | gerro: a) It is a good idea not to assume that people you dont know are experts, and b) This is a good policy with whatever OS, not just ubuntu | 17:17 |
| PriceChild | gerro, we have had this discussion before. | 17:17 |
| gerro | PriceChild: even if they do or don't know the full effects and mess up their system I'm not going to just leave them hanging | 17:17 |
| Myrtti | the rest are there to help | 17:17 |
| Pici | gerro: Lets take it to an extreme case. Lets say I said to do `sudo rm -rf /` to fix a broken ubuntu system. Now, you and PriceChild might know that I'm joking. But Seeker` here is using Ubuntu for the first time and thinks that a command that fixes his machine. | 17:17 |
| PriceChild | gerro, we would rather you gave no advice at all than possibly detrimental advice. | 17:17 |
| PriceChild | gerro, as stated in our guidelines iirc. | 17:17 |
| gerro | Pici: I said nothing that would break a system I merely showed them how to use the system if they break it its their choice and it says so in the ubuntu motd | 17:17 |
| PriceChild | gerro, Our position has not changed... there is no further use in discussing this | 17:18 |
| gnomefreak | gerro, we get people ages ranger from 11 up and some just installed ubuntu/linux and dont knwo what a command line is. we have to protect those people from commands that can be harmful or have side effects. since we dont have experence of everyone in there we have to be careful all together | 17:18 |
| gerro | I can not be held responsible for what others do | 17:18 |
| gnomefreak | gerro, if it was from your advice you can and are | 17:18 |
| Pici | Arg. | 17:18 |
| Pici | Lets all practice our Linux troubleshooting on production systems. </sarcasm> | 17:19 |
| gnomefreak | lol | 17:19 |
| gnomefreak | why have i been invited | 17:19 |
| gnomefreak | anyone else? | 17:19 |
| Seeker` | gnomefreak: where were you invited? | 17:20 |
| gnomefreak | * You have been invited to #gerro by gerro (zelazny.freenode.net) | 17:20 |
| * gnomefreak not going | 17:20 | |
| gnomefreak | i have no reason to | 17:20 |
| Gary | i never get invited to these cool parties | 17:20 |
| Pici | Maybe he wants a chance to kick us. | 17:20 |
| * Gary sulks | 17:20 | |
| PriceChild | gnomefreak, he did that to me last time... | 17:21 |
| PriceChild | and i talked with him there too | 17:21 |
| gnomefreak | Pici, would it be bad of us to flood his channel? :D | 17:21 |
| nalioth | awww, i wasn't invited | 17:21 |
| PriceChild | gnomefreak, *cough* | 17:21 |
| Gary | gnomefreak, yes, very | 17:21 |
| * mc44 invites nalioth to #kitchen | 17:21 | |
| Seeker` | .j #gerro | 17:21 |
| PriceChild | Seeker`, don't... | 17:21 |
| gnomefreak | sejoin it im sure he didnt set +i | 17:22 |
| gnomefreak | oh dont nevermind | 17:22 |
| gnomefreak | guys edoreld is giving me bad feelings for some reason | 17:24 |
| Pici | me too, but maybe just because he uses mIRC | 17:24 |
| gnomefreak | he stated he had ubuntu and wanted to install windows than what media player than tab completion so im just getting that feeling | 17:25 |
| gnomefreak | but eh could just be me | 17:25 |
| Pici | All this stress can make on a bit paranoid. | 17:26 |
| gnomefreak | yay finally got a web admin | 17:27 |
| gnomefreak | not that he answers but hes there | 17:28 |
| PriceChild | <t3318> in #ubuntu | 17:33 |
| gnomefreak | im watching | 17:33 |
| gnomefreak | anyone know if X made it out of query yet? | 17:33 |
| PriceChild | X? | 17:33 |
| gnomefreak | PriceChild, for hardy X is borked something bad | 17:34 |
| gnomefreak | borked == non there | 17:34 |
| PriceChild | ahh | 17:34 |
| * gnomefreak needs ubuntu with X for this trilug stuff | 17:35 | |
| Tm_T | pardon, but that gerro should eat his own teachings | 17:36 |
| Tm_T | with some extra dirt | 17:37 |
| Tm_T | "im not responsible, but do sudo /dev/null -> /dev/?d* | 17:38 |
| Tm_T | " | 17:38 |
| Tm_T | s/->/>/ | 17:38 |
| Tm_T | etc | 17:38 |
| gnomefreak | when did that happen? | 17:39 |
| nalioth | gnomefreak: he's just making an example | 17:39 |
| gnomefreak | ah ok | 17:39 |
| nalioth | gnomefreak: sort of like "oh, i handed a baby a live hand grenade, but i didn't show him how to pull the pin. I"m not responsible." | 17:39 |
| Tm_T | yup | 17:40 |
| Tm_T | or show how to pull it but dont do it himseldf | 17:40 |
| Tm_T | -d | 17:40 |
| Tm_T | to be more precise | 17:40 |
| nalioth | eeek! it's GazzaK | 17:56 |
| GazzaK | meh | 17:56 |
| Seveas | GazzaK, ! | 18:23 |
| PriceChild | quick kick him! | 18:23 |
| Pici | GazzaK always reminded me of Gizzard for some reason. | 18:24 |
| Pici | Er, the name, not you gary. | 18:24 |
| Seveas | missed... | 18:26 |
| PriceChild | happens | 18:26 |
| PriceChild | gerro was in -youth | 18:27 |
| Pici | Hes in #xubuntu now. | 18:27 |
| Pici | Not sure if hes active, but hes there. | 18:27 |
| TheSheep | how did it end? | 18:28 |
| TheSheep | he's supposed to be banned in #xubuntu? | 18:28 |
| PriceChild | not well and no | 18:30 |
| nalioth | TheSheep: is he giving potentially dangerous advice? | 18:30 |
| TheSheep | nalioth: not obviously dangerous, no | 18:31 |
| Pici | He was giving dangerous advice to the youts? | 18:33 |
| gnomefreak | hes not saying anything in #xubuntu but im keeping eyes open for him after that this morning | 18:38 |
| Pici | So, I was laying awake in bed last night, and for whatever reason the idea of assigning access to channels based on cloak came to mind, Is there a reason why we dont do something like that? | 18:50 |
| PriceChild | because we don't want all ubuntu members as ops in #ubuntu | 18:51 |
| PriceChild | ohhh... | 18:51 |
| PriceChild | you mean like ubuntu/operator/* ? | 18:51 |
| nalioth | Pici: we _do_ have some channels like that | 18:51 |
| PriceChild | I remember we discussed perhaps doing ubuntu/member./$nick, with the teeeny . giving extra access yet not being show-offy | 18:52 |
| nalioth | any difference is 'show-offy' | 18:52 |
| Pici | Like, ubuntu/ops get Level N, and ubuntu/irccouncil get Level N+50 or whatever. | 18:52 |
| PriceChild | well... "as show-offty" | 18:52 |
| PriceChild | Pici, I can't remember the exact outcome of the discussion, but I think it was along the lines of not wanting to distinguish between ubuntu members etc. If a channel contact wants someone to op in their channel then they can add that nick. | 18:54 |
| Pici | Okay :) | 18:55 |
| gnomefreak | what is level n? | 18:56 |
| crdlb | pi | 18:56 |
| crdlb | actually it would have to be -1 since the highest level is 49 :) | 18:57 |
| * Pici ...s | 18:58 | |
| Myrtti | *yawn* | 18:58 |
| === GazzaK is now known as Gary | ||
| PriceChild | crdlb, says who? | 18:59 |
| gnomefreak | 49 isnt highest | 18:59 |
| gnomefreak | afaik there is a 50 not sure if higher than that | 19:00 |
| crdlb | you're 50 when you're identified as contact | 19:00 |
| crdlb | you can't set anyone to that level | 19:00 |
| gnomefreak | crdlb: staff can | 19:00 |
| * Gary thinks he ought to have turned off the laptop which GazzaK client is on... oops | 19:00 | |
| gnomefreak | ;) | 19:00 |
| crdlb | well you're not staff :p | 19:01 |
| Myrtti | funky | 19:01 |
| gnomefreak | crdlb: ;) but its not hard to ask fo rit | 19:01 |
| gnomefreak | for it | 19:01 |
| Myrtti | my 770's xterm went berzerk | 19:02 |
| nalioth | gnomefreak: staff cannot give anyone a 50, either | 19:02 |
| nalioth | 50 is reserved for identified-to-chanserv chanowns | 19:03 |
| gnomefreak | nalioth: owner/person set it up is 30/49 | 19:03 |
| Pici | I dont even know what the access levels are, I almost said N+1000 | 19:04 |
| gnomefreak | cant remember off hand | 19:04 |
| gnomefreak | example seveas is contact last i heard for this channel he is set to 49 but i could swear ther eis a 50 | 19:06 |
| Seveas | you're level 50 when identified as contact | 19:06 |
| Seveas | nalioth is right, as usual :) | 19:06 |
| gnomefreak | ah council is contact | 19:07 |
| gnomefreak | i thought you were | 19:07 |
| Pici | Why does that keep happening? | 19:07 |
| gnomefreak | Pici: nalioth being right? | 19:12 |
| gnomefreak | hes good like that | 19:12 |
| PriceChild | gnomefreak, its really annoying | 19:12 |
| Pici | gnomefreak: exactly | 19:12 |
| gnomefreak | atleast you know who to go to for correct info ;) | 19:13 |
| ubotu | In ubotu, nintendo64 said: !everyone is ignoring me | 21:40 |
| PriceChild | awwww poor nintendo64 | 21:45 |
| Seveas | should have bought a wii instead :p | 22:15 |
| PriceChild | *groans* | 22:16 |
| jdong | did someone say wii? | 22:22 |
| jdong | I've heard they are truly xp killers too. | 22:23 |
| jdong | insert another pun here. | 22:23 |
| PriceChild | Seveas, did you change the password for ubuntu-irc? | 22:38 |
| Seveas | yes | 22:38 |
| LjL | nggggh more passwords | 22:39 |
| PriceChild | ah it had saved the wrong password *thwacks firefox* | 22:39 |
| PriceChild | ty Seveas | 22:39 |
| PriceChild | Oh and I think I've sorted out Corey. | 22:39 |
| * LjL hands PriceChild some least privilege as reward | 22:40 | |
| ubotu | In #ubuntu-offtopic, jeffrey said: ubotu how fast is your processor | 22:41 |
| PriceChild | LjL, *grins* | 22:41 |
| PriceChild | tis a bit silly | 22:42 |
| jdong | what is the velocity of a... oh forget it. | 22:44 |
| Pici | African or European? | 22:44 |
| PriceChild | fully laden? | 22:46 |
| TheSheep | with coconuts | 22:46 |
| Tm_T | I was sooo thinking "jeffrey: right question is; how far you can run until any ops will catch you" | 22:46 |
| TheSheep | Tm_T: fully laden? :P | 22:46 |
| Tm_T | fully | 22:46 |
| Tm_T | err, what? | 22:47 |
| Tm_T | what laden? | 22:47 |
| ubotu | In ubotu, Nallep said: !selinux is [WWW] SELinux can be used to protect services & contain any security exploits that may be found in common system daemons or user applications. Enabling administrators to protect their systems and providing security policy allows greater levels of protection. SELinux constrains services to a least-privilege security domain, using mandatory access controls, and implements a role-based access contr | 22:54 |
| LjL | yikes | 22:55 |
| LjL | ompaul, kill them | 22:55 |
| LjL | oh there's no ompaul | 22:55 |
| jdong | ok, that factoid is a bit too markety.... | 22:57 |
| LjL | should i even add the factoid? the only wiki page we seem to have is https://help.ubuntu.com/community/SELinux | 22:57 |
| LjL | which, well, look at it | 22:58 |
| jdong | and it needs see also !AppArmor | 22:58 |
| Pici | This wiki page reads like an advertisement | 22:58 |
| LjL | and also See !LinusTorvaldsOnIdioticSecuritySoCalledExperts | 22:58 |
| jdong | Pici: I really don't want to be involved on a SELinux vs Apparmor debate... | 22:58 |
| jdong | that can go down an ugly road | 22:58 |
| LjL | i say just don't write buffer overflows into your stupid software, dammit | 22:59 |
| jdong | I also hope who wrote that factoid doesn't really push it either.... | 22:59 |
| LjL | well we could have a factoid on selinux | 22:59 |
| LjL | but only if we had a decent wiki page on it | 22:59 |
| * jdong thinks of something.... | 23:00 | |
| ubotu | In ubotu, Ackdar_ said: !addressing is Please add a comma (,) or colon (:) after typing a user's nick to avoid confusion for other users. Thanks! | 23:00 |
| LjL | so if the guy pushes it, i'd suggest he writes a good wiki page first :) | 23:00 |
| LjL | yikes | 23:00 |
| LjL | can i use a space? yes? thanks! | 23:00 |
| jdong | "Please add a sigil delimiter .... " | 23:00 |
| jdong | ROFL | 23:00 |
| Pici | LjL:, no, you cannot | 23:01 |
| LjL | Piciyesicanshutup | 23:01 |
| Pici | :D | 23:01 |
| jdong | Pici | 23:01 |
| jdong | grr | 23:01 |
| PriceChild | wth is the addressing thing for... | 23:01 |
| jdong | irssi actually parses those escapes | 23:01 |
| LjL | parses as in what? | 23:01 |
| LjL | ... look at #ubuntu. ackbar is making a lecture to nintendo64 on good bot usage | 23:02 |
| LjL | yet he was the one starting it by using !addressing without knowing it didn't exist :) | 23:03 |
| jdong | "SELinux is a Mandatory Access Control technology that allows an administrator to define finer-grained permissions than the traditional UNIX ownership model. It can be used to lock down untrusted users or services. Ubuntu Gutsy includes AppArmor, a less invasive, easier to learn technology with similar goals." | 23:03 |
| jdong | how about something like that? | 23:03 |
| jdong | it's plain English enough that people can understand it. | 23:03 |
| jdong | it misses (nonexistent) decent wiki links of course. | 23:03 |
| LjL | jdong: it's three lines on my display, which means four on ompaul's. he'll turn it into a half-liner. | 23:04 |
| jdong | I'm also unsure if the last sentence could be taken as SELinux trollbait... | 23:04 |
| LjL | jdong: perhaps you should add "though less powerful" for balance :> | 23:04 |
| jdong | LjL: "SELinux = permissions for masochists" | 23:04 |
| jdong | done :D | 23:04 |
| jdong | LjL: agreed, less powerful would be a good addition, but I think I should leave out the whole "less invasive, easy to learn" part | 23:05 |
| jdong | LjL: and defer that kind of analysis to a wiki page. All that's relevant to the factoid is that the two technologies are in the same ballpark and one is included with Gutsy. | 23:06 |
| LjL | !selinux is <reply> SELinux is available on Ubuntu, but not officially supported. Ubuntu uses another security framework by default, see https://help.ubuntu.com/community/AppArmor | 23:07 |
| ubotu | I'll remember that, LjL | 23:07 |
| jdong | LjL: that sounds good | 23:07 |
| jdong | LjL: ok, that SELinux wiki page is umm... junk. | 23:07 |
| LjL | !apparmor is <reply> For information about the AppArmor security framework employed in Ubuntu (since Gutsy Gibbon), see https://help.ubuntu.com/community/AppArmor | 23:07 |
| ubotu | I'll remember that, LjL | 23:07 |
| jdong | (1) "Installing SELinux is easy" | 23:07 |
| LjL | you have prejudices. | 23:08 |
| LjL | :> | 23:08 |
| jdong | Yeah, writitng type enforcement policies is another story ;-) | 23:08 |
| jdong | (2) it replaces Upstart with SysV Init again | 23:08 |
| jdong | which is probably not a great idea in Ubuntu. | 23:08 |
| jdong | I'm glad it has a good disclaimer though | 23:08 |
| jdong | LjL: I have nothing against either :) I currently use Apparmor on Gutsy but I would be happy to learn SELinux when I find some free time too | 23:09 |
| LjL | jdong: found the secret to eternal life? | 23:09 |
| jdong | LjL: I wish :) | 23:10 |
| LjL | i have no real idea what either is honestly | 23:10 |
| LjL | i do have a very vague idea on mandatory access control but that's about it | 23:10 |
| jdong | LjL: the only conclusion I can draw with my current knowledge is that Apparmor is infinitely easier to learn than SELinux and requires less invasive changes to the system | 23:11 |
| LjL | i do somewhat intuitively believe that my web server shouldn't be able to output stuff to the soundcard, but... | 23:11 |
| jdong | I mean, Apparmor policies are quite literally listing in a text file all the paths a program should have access to ,and what mode (rwx) it should posess. | 23:12 |
| LjL | which sounds maybe effective but sort of hackish | 23:12 |
| jdong | the struggle with that is trying to determin exactly what a service needs without castrating its abilities. | 23:12 |
| jdong | which is not really a fault of the security framework. | 23:12 |
| jdong | I use Apparmor to lock down Firefox, Skype, and irssi mostly.... | 23:13 |
| jdong | mostly with common sense stuff, like Skype shouldn't be reading anything but its own profile directory, and using the soundcard | 23:13 |
| LjL | no, but then again i do gather somehow that apparmor's security model is indeed not theoretically sound (at at least not proved to be sound) | 23:13 |
| jdong | LjL: Apparmor uses a path-based model | 23:14 |
| LjL | and selinux uses inodes? | 23:14 |
| jdong | LjL: which, indeed, is not "sound" against some deity-type being with an unrestricted shell messing around on the outside | 23:14 |
| jdong | LjL: SELinux uses labels via extended attributes to mark the whole filesystem | 23:14 |
| jdong | and you need root-ish permissions to change these labels | 23:14 |
| jdong | and labels are not copied when you copy a binary. | 23:14 |
| jdong | so not even an unconfined regular-user shell can defeat a SELinux protected service. | 23:15 |
| jdong | this is a serious limitation of Apparmor for when you grant someone unconfined access to the system. | 23:15 |
| jdong | however, IMO it doesn't affect the #1 usecase of Apparmor, where it's protecting some service or program that's isolated as being "untrusted" | 23:15 |
| LjL | jdong: well, i must admit something, i've wanted for some times to have root on my server BUT to have it shut down after 1am or so, with only my mom having the capabilities to override that | 23:15 |
| LjL | yet that's not possible with the UNIX security model | 23:16 |
| LjL | or, i suspect, with apparmor | 23:16 |
| jdong | execute permissions are regulated, and the default allow-execute mode is to inherit the parent binary's permissions set. | 23:16 |
| jdong | so no, you can't root apache, then try to "break" it out of its jail. | 23:16 |
| jdong | but if another random user gets on your system via another way, copies the apache binary, and starts a new apache on port 81, yes, it will be unconfined. | 23:16 |
| jdong | but arguing that this is a fault of Apparmor is a bit questionable | 23:17 |
| LjL | hm well it's another process, and it won't be running as root unless that random user has root | 23:17 |
| jdong | LjL: but you can still start apache on a port >=1024 without being root | 23:17 |
| LjL | in which case, he can just dd over the drive if he likes to annoy me | 23:17 |
| jdong | LjL: but again, it's a really weak argument as to why this is a fault of Apparmor itself :) | 23:18 |
| jdong | you can even fully lock down the root user under apparmor. | 23:18 |
| LjL | jdong: yeah, but no matter what you do on that nasty port 1025, any exploit should never reach outside the user's home directory unless there's a *kernel* exploit | 23:18 |
| jdong | right. | 23:18 |
| jdong | UNIX level permissions are always enforced under apparmor, apparmor can only further lock down past that. | 23:18 |
| ubotu | In ubotu, tuxwulf said: ...and this is a private msg ..? | 23:19 |
| LjL | jdong: you can fully lock down the root user, but you have a serious limitation when you grant someone unconfined access? i don't follow you | 23:19 |
| LjL | gnnn now they're getting on my nerves | 23:19 |
| jdong | LjL: unconfined access = a binary that is run without an apparmor profile defined for it. | 23:19 |
| jdong | LjL: confined access means that the process has a apparmor profile attached to it. | 23:19 |
| jdong | it doesn't matter what the UID is, an apparmor rule can still fully lock down even root if a root process has a profile attached to it. | 23:20 |
| jdong | like ntpd runs under root, and you can write an apparmor profile such that ntpd can ONLY set the time and write to its logfile. | 23:20 |
| jdong | since you've not given ntpd any execution permissions, an attacker can't even force ntpd to spawn a bash shell or something like that. | 23:21 |
| LjL | jdong: sounds good for services, but what about users? could i do that going-to-sleep-at-1am thing with apparmor, realistically? can i take away *one* ability to a superuser, without impacting any of its other abilities? | 23:21 |
| jdong | LjL: that's harder to define with Apparmor | 23:22 |
| jdong | since it goes by a default-deny whitelist philosophy | 23:22 |
| jdong | you'd have to manage to list all the things you can do except abort shutdown, which is a pain in the neck. | 23:22 |
| LjL | definitely one | 23:22 |
| LjL | anyway we'll reach a compromise - some day | 23:23 |
| jdong | but the rough way to confine a user is to make a hardlink/softlink to bash and set that as the user's login shell | 23:23 |
| jdong | then set that shell to the login shell. | 23:23 |
| LjL | fullly articulated mandatory access control with deny and allow policies really shouldn't be that difficult for people to handle, if it comes with good defaults and has a sane interface | 23:23 |
| LjL | would a "normal guy" have been expected to be able to handle a multitasking memory-protected operating system 40 years ago? naaah | 23:24 |
| jdong | LjL: agreed, and IMO it's a shame Apparmor doesn't suppor the allow-except-when-denied mentality. | 23:24 |
| jdong | LjL: and SELinux's setup requirements are a bit staggering to me, IMO. | 23:24 |
| jdong | you have to attach labels to the entire filesystem | 23:24 |
| LjL | i won't dispute that | 23:24 |
| jdong | and everything from coreutils to init has to be patched with SELinux support | 23:24 |
| jdong | and the policy language is quite literally a language | 23:25 |
| LjL | just saying that apparmor sounds like a much-nicer-to-work-with hack, but a hack nonetheless ;P | 23:25 |
| jdong | I mean, it took me about 10 minutes to write a simple apparmor profile | 23:25 |
| jdong | and SELinux doesn't look to be as simple to get started in. | 23:25 |
| jdong | and yeah, Apparmor can be argued to be a hack/easy-way-out | 23:25 |
| jdong | as is most things that Novell comes up with, right? ;-) | 23:25 |
| LjL | jdong one of the problems is the usual one, backwards compatibility... it's not really *so* much to expect applications/services to *come* with a list of capabilities they intend to use | 23:26 |
| LjL | but as a matter of fact, they don't | 23:26 |
| LjL | it's not unlike the Windows security model | 23:26 |
| LjL | the Windows security model is cool, way way cooler than UNIX | 23:26 |
| LjL | except all *real* programs expect to run as administrator and write stuff everywhere in the filesystem | 23:26 |
| LjL | and if they can't, they crash | 23:27 |
| LjL | so there goes the theoretically kewl security model | 23:27 |
| LjL | everything is just set as word writable, and everything is just run as administrator... and there you go with a usable system, but as insecure as an axe dangling from a tree | 23:28 |
| LjL | so yeah, apparmor being *usable* probably makes it more secure in practice than selinux | 23:28 |
| LjL | yet that doesn't mean the *goal* shouldn't be a real security model | 23:29 |
| jdong | LjL: yeah, agreed | 23:29 |
| LjL | or we become like AmigaOS, which in order to be true to itself and not break applications, never implemented memory protection, so that even *i* don't want to use it now :P | 23:30 |
| Tm_T | I like "powers out -security model" | 23:30 |
| LjL | jdong: also, i want a kernel with a mechanically verifiable proof of correctness for everything. gimme. | 23:31 |
| jdong | making the system easy enough that people are willing to adopt it is definitely a great first step | 23:31 |
| jdong | LjL: haha, I'm not that security-educated :D | 23:31 |
| LjL | jdong: you loser. *i* can write a constraint that will show you *without a shadow of a doubt* that a loop with i starting at 0 and being incremented by one at each iteration, and with a branch out of the loop when i is bigger than 10... | 23:33 |
| LjL | terminates. | 23:33 |
| LjL | i can *probably* also show you that it actually increments the variable from 1 up to 11. | 23:34 |
| jdong | :) | 23:34 |
| LjL | oh, zero. | 23:34 |
| jdong | integer off by one vulnerability in LjL ;-) | 23:34 |
| LjL | jdong: ,r? msj! | 23:34 |
| jdong | have you seen that fake "sudo vulnerability" that was invented circa 1996-ish? | 23:35 |
| LjL | uhm no. there was sudo in 1996? :P | 23:35 |
| jdong | LjL: it claims to be a proof of concept exploit for a sudo integer off by one vulnerability.... | 23:35 |
| jdong | LjL: mabe it was later than 96, but recent-ish | 23:35 |
| jdong | LjL: the POC code is actually an obfuscated self-stack-smash | 23:35 |
| jdong | that eventually executes rm -rf ~/ / > /dev/null | 23:36 |
| jdong | so the poor saps that tried it.... sucks for them. | 23:36 |
| LjL | that's... | 23:36 |
| jdong | LjL: http://seclists.org/fulldisclosure/2007/Aug/0071.html | 23:36 |
| LjL | i mean, if i could obfuscate that well enough to fool you all | 23:36 |
| jdong | here's a recent rehash of it | 23:36 |
| LjL | i'd do it | 23:37 |
| jdong | had a few users on the forums try to post it. | 23:37 |
| jdong | LjL: if you look at the code it looks like the stereotypical buffer overflow POC | 23:37 |
| jdong | it's not at all obvious that it smashes itself and executes its payload | 23:37 |
| LjL | well perhaps the hex gibberish is rm -rf | 23:37 |
| LjL | but that's cheating :| | 23:37 |
| jdong | exactly | 23:37 |
| jdong | char esp[] __attribute__ ((section(".text"))) | 23:37 |
| jdong | that is genius right there | 23:37 |
| jdong | it saves the payload into .text | 23:38 |
| jdong | which bypasses GCC's stack smashing protector | 23:38 |
| jdong | it's a well-crafted social engineering exploit | 23:38 |
| LjL | well genius perhaps, but i was hoping the rm -rf was obfuscated while still being *c codeÄ | 23:38 |
| LjL | s/Ä/*/ | 23:38 |
| LjL | using hex is low :( | 23:39 |
| jdong | lol, nope | 23:39 |
| jdong | it pops on the machine code for the exec call in. | 23:39 |
| * gnomefreak missing something important | 23:39 | |
| jdong | execve("/bin/sh", ["/bin/sh", "-c", "rm -rf ~ / &"], [/* 0 vars */])= 0 | 23:39 |
| jdong | that's the actual call it makes. | 23:39 |
| jdong | that's pretty effective at quickly wiping what you can wipe. | 23:40 |
| jdong | and it also backgrounds as its own process, amking it not very easily killable in a split second | 23:40 |
| LjL | jdong: oh i do that too | 23:41 |
| TheSheep | who runs exploits from their own user? | 23:41 |
| LjL | jdong: i always tell annoying people to amixer set Master 100% ; cat /dev/urandom >/dev/dsp *and put it in the background* | 23:41 |
| TheSheep | http://xkcd.com/237/ <-- I like this social exploit more :) | 23:42 |
| Pici | LjL: That was a perfect example of what we were talking about yesterday. | 23:44 |
| LjL | TheSheep: nothing comes from my keyboard | 23:44 |
| TheSheep | LjL: you broke it | 23:44 |
| LjL | Pici: such as? | 23:44 |
| Pici | LjL: Not knowing that they got a pm about a factoid | 23:44 |
| LjL | Pici: oh he knew. | 23:45 |
| LjL | i really think he knew. | 23:45 |
| LjL | mc44, do you think he knew? | 23:45 |
| mc44 | I think he knew | 23:45 |
| Tm_T | I cant think | 23:48 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!