[00:03] <ceekay> I know this isn't strcitly development-related, but it's in the topic and i get no response in #ubuntu so I'll ask here http://www.ubuntu.com/usn/usn-612-1 says that for 7.04 to get libssl0.9.8 version 0.9.8c-4ubuntu0.3 ... however packages.ubuntu.com and my nearest mirror lists 0.9.8c-4ubuntu0.2 as being the latest available... is ...ubuntu0.3 still in the works?
[00:07] <crimsun> ceekay: no, it's already available.
[00:08] <ceekay> just a mirror sync thing or something?
[00:08] <crimsun> ceekay: yes
[00:08] <crimsun> libssl0.9.8 | 0.9.8c-4ubuntu0.3 | feisty-security | amd64, i386, powerpc
[00:08] <crimsun> libssl0.9.8 | 0.9.8c-4ubuntu0.3 | feisty-updates | amd64, i386, powerpc
[00:08] <crimsun> so, you can either pull from archive.ubuntu.com or from security.ubuntu.com
[00:09] <crimsun> (sorry, I reversed that, respectively)
[00:10] <crimsun> as long as you have "Important security updates" ticked/checked in the Updates tab of System> Administration> Software Sources, you should be set.
[00:10] <ceekay> cool thx... just wanted to verify that it was actually available
[00:10] <ceekay> my repositories are set to a local mirror at work that probably just syncs nightly
[02:42] <Hobbsee> pitti: i'm no -sru'er....
[03:33] <lamont`> hrm... how do I tell network mangler to keep doing it's thing even when I'm not logged in, I wonder?
[03:51] <johanbr> lamont: for versions older than 0.7 I think the answer is "you don't".
[03:52] <ScottK> lamont: By not logging out AFAIK.
[03:52] <lamont> I see.
[03:52] <lamont> does 0.7 play well with hardy, I wonder?
[03:53] <ScottK> Dunno
[03:54] <johanbr> Not without tweaking: http://permalink.gmane.org/gmane.linux.network.networkmanager.devel/9654
[04:00] <andrew_sayers> Should I be filing wishlist bugs when I stumble over things where IPv6 is less well supported than v4?
[04:01] <andrew_sayers> (e.g. netcat6 not in main, libsocket6-perl not in main)
[07:31] <pitti> Hobbsee: ah, ok; seems I mixed that up
[07:31] <pitti> Good morning
[07:44] <YokoZar> pitti: uh oh
[08:02] <geser> good morning pitti
[08:16] <kirkland> pitti: seems my build had a problem, http://launchpadlibrarian.net/14558108/buildlog_ubuntu-intrepid-i386.ecryptfs-utils_45-1_CHROOTWAIT.txt.gz
[08:24] <geser> kirkland: looks like the buildds are broken right now :(
[08:33] <pitti> kirkland: that hit me as well yesterday; NFC, unfortunately
[08:40] <TheMuso> pitti: Ok ACKEd, will process the rest when I'm down stairs.
[08:40] <pitti> TheMuso: thanks
[08:48] <Mithrandir> pitti: why does pg_config --libs output lots of stuff like -lz?  They should be pulled in by having libpgport linked to it, should they not?
[08:50] <pitti> Mithrandir: hm, good point; can you please file a bug about it? (in Debian preferably)
[08:50] <pitti> Mithrandir: (sorry, EBUSY ATM)
[08:50] <Mithrandir> pitti: np, and will do
[08:59] <kirkland> pitti: geser: okay, thanks.  i thought this might be pervasive, but mentioned it just in case
[10:17] <Keybuk> stupid question of the day:
[10:17] <Keybuk> I always what terminals to start at 60px across
[10:17] <Keybuk> how?
[10:17] <RAOF> s/what/want/?
[10:18] <StevenK> And 60 pixels?
[10:18] <Keybuk> RAOF: yes
[10:19] <andrew_sayers> Not 60 characters?
[10:19] <RAOF> The Stupidly Configurable window managers will do this; Compiz is one, and I think you'll find the 'window rules' plugin is where you can specify this behaviour.
[10:19] <Keybuk> RAOF: I can't find a way
[10:20] <andrew_sayers> Most terminals take a --geometry attribute - the man page for the terminal will tell you more.
[10:21] <pitti> Keybuk: session management is *supposed* to do that, and it worked just fine until gutsy; too bad that hardy broke it (might be a gnome-terminal bug, though, it works for other apps)
[10:21] <RAOF> Keybuk: Advanced ... -> Window Rules -> Size rules -> New should allow you to specify that you want your gnome-terminals to be 60px wide.
[10:21] <Nafallo> Keybuk: devilspie
[10:23] <pitti> RAOF: I don't seem to be able to find an 'Advanced' thing in g-t; where is it?
[10:23] <Keybuk> RAOF: not 60px wide, as in not use the left-most 60px of the screen
[10:23] <Keybuk> Nafallo: doesn't seem to have a rule for "first terminal on an otherwise empty workspace" ?
[10:24] <Nafallo> Keybuk: ah. only the first one... not every.
[10:26] <andrew_sayers> Keybuk: I'm a but rusty with my geometry, but I think you want something like --geometry 60x?+0+0
[10:26] <andrew_sayers> (Where "?" is the height of your screen)
[10:26] <Keybuk> yeah you can do something like that
[10:26] <Keybuk> but that's annoying
[10:26] <pitti> no, rather +60+0
[10:26] <pitti> + is the offset, AxB the size
[10:31]  * Ng wonders why keybuk wants that, although the only hack I can think of right now would force all windows on all workspaces to start at +60 ;/
[10:32] <RAOF> Hm.  You can set the place plugin to manually start terminals at +60+0.
[10:32] <RAOF> But that's going to start _all_ terminals at the same place.
[10:33] <Ng> depending on how you arrange your terminals, you could go for a terminal program which keeps them all in one window and just have that window start at +60 :D
[10:33] <Keybuk> Ng: because with the size of the terminals, I can fit two on the screen
[10:33] <Keybuk> with 60px either side
[10:33] <Keybuk> which looks nice and balanced
[10:34] <Ng> ah
[10:35] <Ng> are you determined to keep 80x24? I rather like having 4 120x35 terms :)
[10:36] <RAOF> You could get compiz's put plugin to bind a key to "move this terminal to +60+0"; that's the best I can think of.
[10:42] <andrew_sayers> Keybuk: you might want to consider using screen, and splitting the screen into regions.
[11:19] <TheMuso> pitti: Ok I think I have got all of the ones that remained.
[11:50] <emgent> heya
[12:52] <Hobbsee> pitti: mp
[13:16] <Hobbsee> pitti: ping-a-ling
[13:18] <jdstrand> kees: what do you think of:
[13:18] <jdstrand> $ sudo ufw limit ssh/tcp
[13:18] <jdstrand> limit is an 'allow' but with rate limiting
[13:18] <jdstrand> (I'm still not here)
[13:19] <jdstrand> s/is an/just like/
[13:34] <lucas> where's the source code behind http://patches.ubuntu.com/?
[13:45] <Amaranth> lucas: Someone else runs that. *shrug*
[13:47] <mvo> lucas: Scott will know
[13:51] <pitti> TheMuso: thanks for the SRU acks; can you please take a look at bug 175536 as well?
[13:51] <TheMuso> pitti: I'm on it.
[13:51] <Hobbsee> pitti: tis borken :(
[13:51] <Hobbsee> pitti: https://launchpad.net/bugs/231236
[13:52] <pitti> TheMuso: thanks
[13:53] <pitti> Hobbsee: oh argh, thanks for pointing out
[13:53] <Hobbsee> pitti: may be worth adding to the doc, or something, not to do that.
[13:53] <pitti> Hobbsee: we can't update evo yet; I guess we need to do a direct -updates upload with a rebuild
[13:54] <Hobbsee> pitti: presumably, yeah.
[13:54] <Keybuk> lucas: http://launchpad.net/merge-o-matic
[13:58] <seb128> Hobbsee: rebuild uploaded to hardy-updates now, thanks for mentionning
[13:58] <Hobbsee> seb128: thanks
[13:59] <seb128> Hobbsee: it's not as easy as migrating all the rdepends, evolution-data-server is still buggy and not ready to migrate to updates
[13:59] <Hobbsee> seb128: which means it all isn't, or you should do as you're doing now, with the rebuild, just in case.
[13:59] <Hobbsee> (unless you have some easy way of seeing if all the deps get satisfied, with it in -updates.
[13:59] <seb128> right, it was an oversight
[14:00] <Hobbsee> yes, same as last time :)
[14:05] <StevenK> I wonder if I can brutalise quilt to add a patch only on one arch
[14:05] <azeem> series.$arch
[14:05] <StevenK> Sweet
[14:05] <azeem> StevenK: glibc does that on Debian at least, AFAIK
[14:05] <azeem> least*
[14:13] <kirkland> cjwatson: I would like to talk to you about the automatically generated/updated repository of ubuntu manpages and such.  Would you like to do this offline/in-the-halls, in a fosscamp session, or next week during UDS?
[15:09] <marmadeoli> Como eu posso ajudar no desenvolvimento de algum pacote ubuntu? (How can I help to develop any ubuntu package?)
[15:53] <mpt> Keybuk, what's the meaning of blue, pink, and white?
[16:05] <Keybuk> mpt: ?
[16:07] <mpt> cody-somerville: reported as bug 231403
[16:07] <mpt> Keybuk, in the UDS schedule
[16:07] <cody-somerville> mpt, thanks.
[16:12] <Riddell> there's a UDS schedule?
[16:26] <tseliot> Riddell: I'm not sure about this but have a look at this link: http://bazaar.launchpad.net/~ubuntu-drivers/uds-intrepid/trunk/files
[16:30] <Riddell> was hoping for something more readable :)
[16:32] <tseliot> ﻿Riddell: me too... :-(
[16:34] <munckfish> that's got to be the ultimate techy web UI no? :D
[16:34] <munckfish> all in XML
[16:34] <munckfish> all in source control
[16:35] <tseliot> XML is the global language. It will soon replace the English language too (which is deprecated) ;)
[16:38] <pitti> <answer type="agreement" value="no" />
[16:41] <cody-somerville> Thats not even the latest
[16:52] <tseliot> ﻿pitti: hehehe
[17:33] <McRib> I am just curious about the status of Bug #228044.  I submitted it a few days ago and it's listed as being fixed in -proposed, but I can't install it.
[17:34] <crimsun> what do you mean by "can't install it"?  Are the maintainer scripts failing?  Also, you want to migrate this discussion to #ubuntu-motu.
[17:36] <McRib> crimsun: What I mean is that it still depends on firefox-3.0... does not accept firefox-2
[17:36] <crimsun> McRib: dpkg -l mozilla-mplayer|grep ^ii
[17:37] <crimsun> McRib: and please, this belongs in -motu
[17:37] <McRib> crimsun: Alright, I'll take it there... I was referred here first, though.
[19:32] <bud32> Hi, once Ubuntu 8.04 installed, there was some file left with GID 999 throughout the file system. I fixed it with "sudo find / -nogroup -exec chgrp root {} \;"
[20:40] <hwilde> so how compromised are the keys really
[20:40] <hwilde> true randomness is not theoretically achievable by state machines
[20:41] <hwilde> so how can the new algorithm be that much better than the old one?
[20:46] <jdong> hwilde: err, very compromised.
[20:46] <jdong> hwilde: metasploit has a 10MB tarball of id_rsa's that you can use to log into any affected machine.
[20:46] <jdong> reportedly it took 3 hours to generate
[20:46] <Chipzz> hwilde: there's only 32.000 something keys now
[20:47] <jdong> if you ran ssh-keygen for 15 minutes you'd probably end up with a bunch of duplicate private keys :)
[20:47] <hwilde> and the new algorithm is better how
[20:48] <jdong> hwilde: the old one forgot to seed the random number generator.
[20:48] <hwilde> holy shit
[20:48] <jdong> hwilde: rather, it seeded ONLY by the PID of the ssh-keygen generator.
[20:48] <jdong> hwilde: which makes your key one of 32,767 predictable sequences :)
[20:48] <jdong> yeah.
[20:49] <jdong> that was my reaction waking up that morning
[20:49] <hwilde> that can't be true...
[20:49] <hwilde> the internet would not still be up
[20:49] <jdong> hwilde: I wish it weren't.
[20:49]  * hwilde wonders how many rejected login attemps my servers allow 
[20:49] <jdong> hwilde: but alas, you can try the metasploit proof of concept with a VM.... it works shockingly well
[20:51] <hwilde> and what exactly does it mean when ssh-vulnkey says COMPROMISED
[20:51] <desrt> hwilde; it means that someone else _definitely_ has a copy of your private key
[20:51] <jdong> hwilde: that means your key is DEFINITELY in http://sugar.metasploit.com/debian_ssh_rsa_2048_x86.tar.bz2
[20:51] <jdong> ;-)
[20:52] <jdong> lol
[20:53]  * Chipzz wonders why this wasn't embargo'd for longer
[20:54] <jdong> Chipzz: not sure that would've been any more helpful.
[20:54] <Chipzz> jdong: well, when the embargo was lifted there only was an openssl update
[20:54] <Chipzz> no openssh update yet
[20:55] <Chipzz> I had to do a lot of manual key regeneration
[20:55] <Chipzz> this left a whole lot of people who didn't know how to regenerate their keys vulnerable for a couple of hours/a day
[20:56] <Chipzz> s/keys vulnerable/vulnerable keys/
[20:56] <jdong> ssh and ssl services were completely disabled on my system the moment I read the advisory, until I could figure out what was necessary
[20:56] <jdong> definitely the first few hours were not well handled in terms of publishing the security update informatively.
[20:56] <Chipzz> jdong: yes, on your system maybe. but there are a lot of less knowledgable people out there
[20:56] <jdong> even the DSA pointed to a dead link
[20:56] <jdong> Chipzz: I'm agreeing with you here...
[20:57] <Chipzz> it should have been as simple as apt-get install openssh-server
[20:57] <Chipzz> which it wasn't at first
[20:57] <Chipzz> also
[20:58] <Chipzz> there wouldn't have been an excuse to have a metasploit "plugin" then
[20:58] <Chipzz> since you could easily check just running apt-get install openssh-server
[21:50] <ipkaf> hi
[23:06] <Mez> cjwatson, ping. Im using ssh-vulnkey, and its showing me some entries that i cant find in files anywhere, but seem suspicious
[23:06] <Mez> any idea how to find out what files they're coming from?
[23:07] <StevenK> strace? :-P
[23:44] <gnomefreak> Mez: it doesnt give you something like /home/gnomefreak/.ssh/id_rsa.pub
[23:45] <Mez> nope. was giving me root@domain.i.dont.know
[23:45] <Mez> (replacing domain.i.dont.know
[23:45] <Mez> as the comment
[23:45] <Mez> appears it was my host keys as generated somwhere else
[23:45] <Mez> which I've now re-generated anyways
[23:51] <gnomefreak> Mez: ah