[02:03] <NashaK> Hello all, could anyone tell me why, after editing ~/mythtv/.lircrc and rebooting, my changes arent recognised by myth?
[02:06] <NashaK> All has been well previously, remote working fine, but now after making some modifications, newly assigned buttons dont work, and modified buttons dont work
[02:08] <NashaK> Ironically, all the buttons im having issues with are irexec related
[10:33] <Naranek> ok, so... do you know any reason why mythbuntu would create ssh keys and a root account to mysql for them?
[10:36] <Naranek> I think my mythbuntu box was hacked some time ago, because I found this strange account in mysql, and there were some ecdsa-keys I definitely hadn't done myself
[10:36] <Naranek> so I wiped the system and did a fresh install
[10:37] <Naranek> but now the keys and the account have appeared again
[10:39] <Naranek> on the ubuntu forums there is another mythbuntu user with the same problem, so I wouldn't rule out that there's an unpatched vulnerability in mythbuntu
[10:40] <Naranek> any ideas what to do?
[10:50] <Naranek> ok, I also have root login enabled in the sshd_config
[10:50] <Naranek> so I'm definitely hacked
[11:03] <Naranek> could you have a look if you have strange logins in mysql.
[11:49] <frankster> audio stopped working with mythtv this morning - was wondering if it is because of the recent mythtv updates this weekend
[11:49] <frankster> am running oneiric
[12:21] <frankster> 2012-03-11 11:30:20.445 ALSA, Error: no playback control PCM found on mixer device default
[12:21] <frankster> 2012-03-11 11:30:20.445 ALSA, Error: Unable to open audio mixer. Volume control disabled
[12:21] <frankster> I wonder if these log statements are related to the problem
[13:22] <mrand> frankster: doesn't make sense that an update would cause that.  Google turns up some hints: http://code.mythtv.org/trac/ticket/9416 and http://ubuntuforums.org/showthread.php?t=1647938   Probably more hits if you search the mythtv-users mailing list
[15:12] <frankster> mrand; yeah you're right - I downgraded the frontend to some version from last year and the sound still doesn't work. I can play sound outside of mythtv
[15:23] <Seeker`> Naranek: how long between wiping the system and the keys reappearing?
[15:45] <Naranek> I'm not sure. I just noticed them, but I haven't used the box much
[15:46] <Naranek> rkhunter found a suspicious /etc/.java directory that was made 15 days after installation, but I'm not sure if it's related to this
[15:46] <Naranek> I installed the system about three months ago
[15:56] <tmkt> frankster: did you give the audio auto detecting a shot/
[16:08] <frankster> tmkt: I haven't had great results from that! in fact I can't tell what it does. Its the option in the frontend general settings page right? is it meant to populate the list beneath it/choose the best one out of the list?
[16:11] <frankster> I've tried the default option in the list and an ugly alsa path I won't repeat here. I assume that the default option is what was working up until this morning
[16:39] <Seeker`> Naranek: http://www.velocityreviews.com/forums/t754763-re-unexplained-files-why.html
[16:39] <Zinn> [www.velocityreviews.com] Re: Unexplained files - why?
[16:49] <Naranek> Seeker`: thanks. those were the files I was looking for
[16:54] <Naranek> http://ubuntuforums.org/showthread.php?p=11642766 here is another user having the same issue. In the post there is a link to my post after the first breach.
[16:54] <Zinn> [ubuntuforums.org] Unexpected user/host in mySQL - Ubuntu Forums
[17:08] <likwid-> naranek, i have the .pub key as well as the mysql user, though its from the host kapok
[17:08] <likwid-> my BE isn't available from the outside.
[17:08] <likwid-> id guess some package installed it.
[17:09] <likwid-> which unfortunately doesnt seem to be the case
[17:09] <likwid-> root@mythtv:/etc/ssh# dpkg -S /etc/ssh/ssh_host_ecdsa_key.pub
[17:09] <likwid-> dpkg-query: no path found matching pattern /etc/ssh/ssh_host_ecdsa_key.pub.
[17:11] <Naranek> ok
[17:11] <Naranek> strange
[17:12] <Naranek> do you mean isn't available from outside as in no services available to the net or airgapped?
[17:12] <likwid-> correct
[17:13] <likwid-> its not available from outside
[17:14] <likwid-> i do not forward any ports on my router to it
[17:14] <Naranek> ok, but it's still connected to the internet
[17:14] <Naranek> ?
[17:16] <Naranek> I had only ssh and web server visible on the outside, and there wasn't anything complex on the web server
[17:17] <Naranek> so I think it's possible that it's some vulnerability on the basic packages of the mythtv
[17:20] <likwid-> its connected but the only connections it makes to the outside is updates/schedules direct
[17:22] <Naranek> do you know of a way to search references to cardamom or kapok in the mythtv sources?
[18:13] <likwid-> need to find the build bot logs for ubuntu/myth.. couuld search those
[18:14] <Naranek> I think I'll contact security@ubuntu.com to see if they can help
[18:50] <likwid-> yea i dont think they are malicious
[18:50] <tgm4883> Naranek, what are you seeing as the mysql user?
[18:50] <tgm4883> the one that you believe is suspicious
[18:51] <tgm4883> Also, when you reinstalled, did you use the same password?
[19:14] <Naranek> tgm4883: different password and username
[19:14] <Naranek> user: root
[19:14] <tgm4883> Naranek, the mysql user you see added is root?
[19:15] <tgm4883> and you think that is suspicious?
[19:15] <Naranek> host: cardamom
[19:15] <tgm4883> what is cardamom?
[19:15] <Naranek> yes. I haven't created that user and I don't know the host
[19:15] <Naranek> some spice I think :D
[19:16] <Naranek> in the earlier installation I found a reference to cardamom in my known_hosts
[19:16] <Naranek> and some ssh-keys which I haven't made myself
[19:17] <Naranek> and root login turned on in sshd_config
[19:19] <tgm4883> well the mysql root user is created on install
[19:19] <tgm4883> it's the master user for mysql
[19:20] <tgm4883> The root login for sshd is odd
[19:20] <Naranek> yes, but it has the host localhost or 127.0.0.1
[19:20] <Naranek> I don't remember which
[19:20] <tgm4883> should have both
[19:20] <tgm4883> I have a third in mine which seems odd, but it isn't cardamom
[19:21] <tgm4883> researching
[19:21] <Naranek> likwid- had kapok instead of cardamom
[19:22] <tgm4883> do you have anything else installed using mysql?
[19:23] <emacsen> Hi. I installed mythbuntu and it's all working, except I don't think upnp is working. I can't see it with my boxee or vlc on my laptop. Is there something I need to do to enable it, or a way to check it?
[19:24] <emacsen> !help upnp
[19:24] <Zinn> !help upnp For a  complete list of my knowledge visit: http://www.baablogic.net/Zinn.cgi  Other available commands: !status, !about, !bug [bug_number].
[19:25] <Naranek> tgm4883: nothing else installed using mysql
[19:26] <Naranek> might I ask what was your extra hostname?
[19:27] <tgm4883> king
[19:28] <tgm4883> Naranek, stick around, I might have a better answer for you in a bit.
[19:29] <Naranek> I will... I'll need to get some sleep soon, but I'll leave the screen on. Thanks!
[19:35] <emacsen> okay, so enna is the third client not to see a upnp server. so I think it's not on