[09:18] <bigcalm> Boo Beep
[09:18] <christel> morning
[09:19] <bigcalm> christel: my darling :) *hugs*
[09:21]  * christel hugs bigcalm 
[09:21] <bigcalm> \o/
[09:21] <christel> IT IS NOT THAT LONG UNTIL RAT! \o/
[09:21] <bigcalm> Sunday morning hugs are the best!
[09:21] <bigcalm> Sweeeeeet
[09:22] <bigcalm> I look forward to getting drunk with you :D
[09:22] <bigcalm> Remind me to buy your train tickets, I still owe you
[09:25] <bigcalm> Mmmmm, tea
[09:25] <brobostigon> good morning everyone.
[09:26] <bigcalm> Howdy
[09:26] <brobostigon> hi bigcalm
[09:30] <christel> :D
[09:33] <bigcalm> Poptarts munched, tea slurped. Shower time!
[09:36] <popey> morning
[09:36] <brobostigon> morning popey
[09:37] <daubers> How
[09:39] <christel> omnom
[09:39] <christel> popey: your new kitty is very cute
[09:40] <popey> :)
[09:43] <MartijnVdS> Nyancat!
[09:45] <daubers> christel: Did you just eat the popeycat?
[09:45] <christel> haha
[09:45] <christel> sssh! ;)
[09:56] <Neoti_Laptop> hey peeps... can anyone recommend a good SIP Router, what i mean by router is something like opensips thats takes the SIP messages and routes them to an asterisk server based on load etc.... i have asterisk set up in the back end but on the front end i want some thing to load balance requests to differant servers.... i dont want the router to get involved in media just sip set up etc.....?
[09:59] <bigcalm> I want a kitten!
[09:59] <MartijnVdS> Neoti_Laptop: so.. a SIP load balancer?
[09:59] <MartijnVdS> bigcalm: talk to popey :)
[10:00] <Neoti_Laptop> <MartijnVdS> Yes. :)
[10:00] <bigcalm> MartijnVdS: I have a feeling that he won't want to give up the kitten he's just aquired
[10:01] <MartijnVdS> bigcalm: he might be able to hook you up with a kitten provider
[10:01] <MartijnVdS> a purveyor of felines
[10:01] <SuperEngineer> nomnom - kitten & chips!
[10:01] <bigcalm> MartijnVdS: kittens aren't hard to find
[10:02] <SuperEngineer> bigcalm: but they are hard to cook!
[10:02] <SuperEngineer> [morning peeps]
[10:06] <christel> they are? i can't say i've tried
[10:07] <MartijnVdS> christel: they won't stay put
[10:07] <christel> ah yes.. weigh them down perhaps?
[10:11]  * SuperEngineer imagines popeycat now running to a hiding hole
[10:11] <gord> getting replacement keys for my thinkpad is really tricky... i thought i'd be able to go on amazon and get a bag of random keys for a few quid or something
[10:11] <MartijnVdS> gord: replacement keys? you locked yourself out?
[10:11] <gord> of my thinkpad house?
[10:13] <MartijnVdS> well a "pad" is a name for a house
[10:13] <MartijnVdS> "This is my think-pad"
[10:14] <MartijnVdS> "But I misplaced the keys"
[10:14] <gord> this joke isn't really working is it? ;)
[10:14]  * gord sounds the abandon joke alarm
[10:15] <MartijnVdS> :(
[10:16] <SuperEngineer> darn! just as I was about to do the "lost private key" becoming a "found public key" front door joke!
[10:17] <MartijnVdS> :)
[10:17]  * SuperEngineer cancels facebook party invite to gord's house
[10:19] <AlanBell> morning all
[10:20] <AlanBell> oh come round to my house instead then
[10:20] <AlanBell> no failed jokes here
[10:20] <jacobw> morning AlanBell
[10:20] <AlanBell> http://loco.ubuntu.com/events/ubuntu-uk/1824/detail/
[10:20] <Seeker`> AlanBell: careful, someone might turn up!
[10:20] <AlanBell> yes, please do!
[10:21] <Seeker`> AlanBell: you're one of the crazy hampshire people?
[10:21] <AlanBell> nonononono
[10:21] <AlanBell> surrey
[10:21] <AlanBell> and crazy, yes
[10:22] <Seeker`> thats no closer :P
[10:22] <SuperEngineer> AlanBell - "still crazy after all these years"
[10:27] <gebbione> what is a good way to see if a program is running and with what options?
[10:27] <MartijnVdS> gebbione: 'ps' can do it
[10:27] <gebbione> true i ll run a watch
[10:27] <MartijnVdS> but programs can change the string ps shows
[10:29] <gebbione> yea the string is plain :/
[10:29] <MartijnVdS> gebbione: what are you trying to do?
[10:36] <gebbione> MartijnVdS, as a linux user i have problems with silverlight streams on akamai, and most important dont know a way to save the streams into a file for later viewing
[10:36] <gebbione> one of the sites that uses silverlight is rai.tv
[10:36] <MartijnVdS> that's sort of the point of using silverlight -- making saving harder :)
[10:36] <gebbione> there is a firefox plugin that uses mplayer
[10:37] <gebbione> but it does not give a save option
[10:37] <gebbione> sure, i agree with that only if the streams worked well natively
[10:37] <gebbione> the problem is that they dont
[10:38] <gebbione> and i have to look for workarounds for watching them and with these workaround sometimes they dont work
[10:40] <MartijnVdS> gebbione: do you have the URL of the stream? (mms probably?)
[10:46] <gebbione> the html that builds the video object is not so straight forward to read
[10:46] <gebbione> in the network i see. ..
[10:46] <gebbione> http://adlev.neodatagroup.com/ad/sipra.jsp?loc=rtv_societa^rtv_ballaro_3_1_rect^300x100^^jquery&bt=n&wt=n&jsfuncno=bf1340534699705523(true)&jsfunc=bf1340534699705523(false)&rnd=901161413710&_=1340534699706
[10:57] <jacobw> ~500ms latency today :(
[11:01] <jacobw> hey hamitron
[11:01] <hamitron> hi :)
[11:11] <SuperEngineer> see you all later folks.  Formula1 brmmm brmmms coverage started ;)
[11:12] <hamitron> ty for reminder
[11:12] <hamitron> bbl
[11:12] <hamitron> :)
[11:12] <SuperEngineer> hamitron: np enjoy
[11:26] <MartijnVdS> F1!
[11:27] <Seeker`> HD F1!
[11:31] <MartijnVdS> yay
=== Lcawte|Away is now known as Lcawte
[12:08] <mattt> afternoon
[12:27] <Seeker`> MartijnVdS: see that pit stop? 2.9 seconds?!
[12:29] <MartijnVdS> Seeker`: when? :)
[12:29] <MartijnVdS> I saw a 6.x second one
[12:32] <Seeker`> MartijnVdS: Hamiltons
[12:32] <MartijnVdS> ah
[12:32] <MartijnVdS> yeah McLaren are quick
[12:38] <MartijnVdS> whoa
[12:43] <Seeker`> MartijnVdS: whoa at senna?
[12:43] <MartijnVdS> yea
[13:06] <MartijnVdS> can someone bring some valium to the commentary box please? :P
[13:09]  * nperry waves bye to Vettel.
[13:10] <MartijnVdS> Grosjean winning would rock :)
[13:10] <nperry> He'll come with the white flags soon.
[13:10] <MartijnVdS> who? Teflonso?
[13:11] <nperry> Grosjean.
[13:12] <MartijnVdS> Incident #5232
[13:18] <nperry> He has the white flags out there :D
[13:19] <MartijnVdS> What's up with cars breaking
[13:19] <MartijnVdS> Vettel, Grosjean
[13:19] <nperry> Alternator failed on Grosjean
[13:20] <nperry> Vettel, we prob wont hear until after the race.
[13:21] <MartijnVdS> nperry: well BBC have Lee, she gets news out of everyone :)
[13:24] <MartijnVdS> nperry: See?
[13:32] <nperry> The stewards are being kept busy...
[13:45] <nperry> HAHAHAHAA
[13:45] <nperry> That would teach him
[13:46] <MartijnVdS> Bye bye Hami
[13:46] <Seeker`> ouch
[13:46] <Seeker`> that wasn't his fault
[13:47] <nperry> Seeker`, Hamilton forced him off the track..
[13:47] <Seeker`> nperry: no he didn't
[13:48] <Seeker`> Maldinardo tried to go round the outside of him in to the corner, and ended up off the track, and then turned in to hamilton
[13:48] <nperry> I believe he did. Hamilton had some room to move over.
[13:49] <Seeker`> He could have moved over, but he didn't leave the racing line
[13:49] <nperry> But then again I'm not a fan of Hamilton.. I don't like his driving attitude.
[13:49] <Seeker`> He has no obligation to move off the racing line to let someone else in
[13:49] <Seeker`> Hamilton has been far more mature this year
[13:50] <nperry> Yeah but i still remember last year, I give him that this year has been better.
[13:52] <Seeker`> he's been a different person this year imo
[13:58] <s-fox> Hi :)
[14:09] <jacobw> hey fox
[14:11] <jacobw> lo SuperEngineer
[14:15] <SuperEngineer> lo2u jacobw
[14:20] <SuperEngineer> Microsoft Blocks FSF Donation Website As a 'Gambling Site'
[14:20] <SuperEngineer> http://yro.slashdot.org/story/12/06/24/1325241/microsoft-blocks-fsf-donation-website-as-a-gambling-site?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29
[14:20] <SuperEngineer> [sorry - should have short-url'd that]
[14:21] <penguin42> haha
[14:25] <gord> more realisticly, automated bot makes mistake, slashdot puts another layer of tinfoil on their crazy hats
[14:25] <RaycisCharles> SuperEngineer: another example of how Slashdot trolls for pageviews.
[14:25] <RaycisCharles> gord, exactly.
[14:25] <RaycisCharles> Accidentally blocking sites happens all the times when maintaining content filter blacklists.
[14:25] <SuperEngineer> slashdot = slashtrot ;)
[14:26] <SuperEngineer> keep an eye on newsfeed few the occasional gem tho - like that little foopah
[14:26] <RaycisCharles> Also, who cares about the FSF anyway? It's like finding out the cops busted a lemonade stand.
[14:26] <SuperEngineer> RaycisCharles: now who's the troll!!!
[14:27] <SuperEngineer> RaycisCharles: u?
[14:27] <RaycisCharles> I'm a Windows/VMWare sys architect, what do you expect?
[14:27]  * SuperEngineer guffaws
[14:28] <SuperEngineer> [& passes on his pity]
[14:31] <RaycisCharles> Yes, I wish I knew how to architect technologies as usable, capable and popular as Ubuntu and KVM.
[14:53] <s-fox> Hi jacobw , sorry didn't see ping because missed the s on my irc nick :)
[14:53] <s-fox> How is everyone?
[14:53] <AlanBell> hi s-fox
[14:53] <s-fox> Hi AlanBell  :)
[15:06]  * penguin42 is rather sleepy today
[16:15]  * bigcalm returns
[16:15] <mgdm> o/
[16:23] <daubers> Lawn mowed with only one medical incident!
[16:24] <penguin42> to whom?
[16:24] <mgdm> the grass :(
[16:24] <daubers> Me. Burnt myself on the exhaust while changing the cutting height
[16:24] <mgdm> eep
[16:25] <penguin42> daubers: You know the problem there don't you?
[16:25] <daubers> penguin42: No?
[16:25] <penguin42> daubers: You've got a mower with an exhaust
[16:26] <daubers> penguin42: Heh :) I borrowed one as it was a bit of a jungle! Leccy mower would have struggled
[16:33] <bigcalm> mgdm: ta for the single char last night. It allowed me to write a script for updating a WordPress database after it has been moved to a new domain (bloomin' serialised arrays as table variables)
[16:34] <mgdm> bigcalm: cool - glad it helped
[16:41] <DJones> Afternoon all
[17:28] <alexcockell> Hi all...
[17:39]  * bigcalm throws his code onto his ranty blog for people to mock :)
[17:42] <DJones> Hows the new phone bigcalm
[17:43] <mgdm> bigcalm: show me :)
[17:53] <bigcalm> mgdm: http://www.myrant.net/2012/06/24/updating-a-wordpress-database-with-new-domain-details/
[17:53] <bigcalm> DJones: very pleasing :)
[17:54] <DJones> I'm jealous, probably going with that one in November, unless something better comes along
[17:54] <bigcalm> mgdm: it requires a lot of refactoring, but it works :)
[17:57] <bigcalm> Afternoon, popey
[17:58] <bigcalm> DJones: Hayley doesn't like me having a new phone. She's now looking to replace hers
[17:59] <popey> hello
[18:00] <DJones> bigcalm: We're the same, Emma has been looking at phones for the last 6 months despite our contracts running until November
[18:00] <mgdm> afternoon popey
[18:01] <bigcalm> mgdm: no mocking? :P
[18:01] <mgdm> bigcalm: not reafd yet, on the phone :)
[18:02] <bigcalm> Fair enough :)
[18:06] <bigcalm> Yikes, it's gone 7pm
[18:07] <mgdm> every time I go to write a blog post I end up fiddling with the CSS instead
[18:07] <mgdm> bah
[18:07] <bigcalm> Hehe
[18:08] <bigcalm> One of the reasons why I use an existing CMS and theme
[18:08] <mgdm> Mine's all custom now
[18:08] <bigcalm> I started out that way
[18:08] <mgdm> well, the HTML is - it's generated by Jekyll, which I didn't write
[18:08] <mgdm> it entertains me to have to type 'make' to rebuild my blog
[18:09] <bigcalm> o.O
[18:10] <alexcockell> Curious as to why IRC throws me out..
[18:11] <bigcalm> Maybe it wants you to have a productive life ;)
[18:11] <mgdm> Yeah, that 'peer' guy is big on productiviy
[18:12] <bigcalm> Question
[18:12] <mgdm> Answer
[18:12] <bigcalm> Retort
[18:12] <mgdm> Counter Retort
[18:12] <bigcalm> Which will make me more productive tonight? a) ale, b) wine
[18:13] <mgdm> Observation that you create a vacuum
[18:13] <bigcalm> I'd have to trawl bash.org to find more of that conversation
[18:13] <mgdm> hehe
[18:13] <mgdm> and as to your question, I have no idea
[18:13] <bigcalm> Och
[18:14] <mgdm> Aye the noo?
[18:14] <bigcalm> If you insist :)
[18:14]  * bigcalm goes to eat left over enchiladas instead
[18:15] <bigcalm> Old Elpaso make it look as though I'm a really good cook
[18:15] <alexcockell> LOL
[18:15] <alexcockell> Oh - who else is unaffected but watching the Natwest debacle?
[18:16] <DJones> alexcockell: I'm affect at work, can't access info on our accounts for the last 2 working days
[18:17] <alexcockell> Ah.
[18:17] <alexcockell> Been reading the followign Register thread about it - http://forums.theregister.co.uk/forum/4/2012/06/22/rbs_natwest_outage_fourth_day/
[18:20] <penguin42> someone there must have been having an awful week
[18:23] <alexcockell> yup..
[18:23] <ubuntuuk-planet> [Iain Cuthbertson] Updating a WordPress database with new domain details - http://www.myrant.net/2012/06/24/updating-a-wordpress-database-with-new-domain-details/
[18:43] <DJones> Has the wendyball finished yet?
[18:45] <penguin42> don't think so yet
[18:45] <DJones> Damm
[18:45] <penguin42> TV this summer is mostly going to be complete balls
[18:46] <penguin42> footballs, tennis balls, and various types of olympic balls
[18:46]  * bigcalm returns
[18:48]  * DJones wonders at times if he's the onle male in the UK that couldn't give a monkey's about football
[18:48] <DJones> s/onle/only/
[18:48] <penguin42> DJones: Well, there are at least 2 of us
[18:48] <Seeker`> a monekys about what?
[18:48] <Seeker`> never heard of this 'football' :P
[18:48] <DJones> yay, I'm not alone
[19:02] <alexcockell> BBC4's got a Julius Caesar variant running
[19:03] <MartijnVdS> alexcockell: set in "a modern African state", according to the website
[19:04] <ali1234> the UEFI specification makes no sense and contradicts itself :(
[19:05] <MartijnVdS> ali1234: it was written by a committee and Microsoft. What did you expect?
[19:05] <ali1234> i didn't expect any different
[19:07] <MartijnVdS> ali1234: what's your complaint specifically?
[19:09] <ali1234> section 27.5 says that "The authenticated UEFI variable that stores the key exchange keys (KEKs) can always be read but
[19:09] <ali1234> only be written if: The platform is in user mode and the provided variable data is signed with the current PKpriv;
[19:09] <ali1234> or if The platform is in setup mode."
[19:09] <mgdm> 'KEKs' *snigger*
[19:10] <ali1234> but section 7.2.1 says "If the variable is the global PK variable or the global KEK variable, verify that the signer's
[19:10] <ali1234> certificate chains to the Platform Key."
[19:10] <penguin42> most security docs are like that
[19:10] <ali1234> additionally
[19:12] <ali1234> 27.7.3 says "authenticated UEFI variables that store the signature databases (db, or dbx) can always be read but can only be written if: The platform is in user mode and the provided variable data is signed with the private half of a previously enrolled key exchange key (KEKpriv), or the platform private key (PKpriv);"
[19:13] <MartijnVdS> ali1234: assume the most restrictive one is true
[19:13] <MartijnVdS> or whatever windows does
[19:13] <ali1234> windows does not have PK or KEK keys
[19:13] <ali1234> it just has certs that are trusted
[19:13] <ali1234> and revoked certs that are not
[19:13] <MartijnVdS> then good luck with this :)
[19:14] <MartijnVdS> don't expect bios builders to build this
[19:14] <penguin42> ali1234: Looked at the code?
[19:14] <ali1234> wait i understand it. "global KEK variable" means the KEK database as a whole
[19:15] <ali1234> yes, i've looked at the code. it follows the less restrictive interpretation
[19:24] <daubers> fds
[19:24] <daubers> stupid ssh sessions
[19:29] <Azelphur> ali1234: did you see ASIC just hit
[19:30] <MartijnVdS> hmm
[19:30] <MartijnVdS> if I watch TV on the same transponder/sat as I'm tuned to from my PC, the PC loses 5% signal strength
[19:30] <alexcockell> Ummm - ASIC???
[19:30] <Azelphur> alexcockell: tis bitcoin stuff
[19:31] <MartijnVdS> Azelphur: mining asic?
[19:31] <alexcockell> Ah; never been anywhere near that stuff.
[19:31] <Azelphur> MartijnVdS: yea
[19:34] <Laney> can someone try www.nwolb.com please?
[19:35] <Laney> I don't think it is down, but there is something up with SSL here.
[19:35] <Azelphur> Laney: wfm
[19:35] <Laney> on which browser?
[19:35] <Laney> "Error 107 (net::ERR_SSL_PROTOCOL_ERROR): SSL protocol error."
[19:35] <Azelphur> chromium
[19:36] <popey> chrome is fine here
[19:36] <Laney> hmmmmmmmm
[19:36] <mgdm> WFM
[19:36] <Laney> broken on both FF and chromium for me
[19:37] <Laney> quantal.
[19:37]  * Laney sees a ca-certificates update
[19:37] <popey> fine in chromium on quantal here too
[19:38] <Laney> [5674:5695:101097611225:ERROR:ssl_client_socket_nss.cc(1534)] handshake with server www.nwolb.com:443 failed; NSS error code -5938, net_error -107
[19:50] <Laney> get it on both of my machines :(
[19:50]  * Laney fires up a vm
[19:52] <Laney> O_O
[19:52] <MartijnVdS> o_O
[19:54] <popey> O_O
[19:57] <mgdm> ಠ_ಠ
[20:01] <MartijnVdS> (╯°□°)╯︵ ┻━┻
[20:02] <dogmatic69> how can I run tcpdump on a remote machine and not have all the stuff showing from the ssh connection streaming the tcpdump
[20:02] <popey> :)
[20:02] <popey> http://www.cyberciti.biz/faq/linux-monitor-all-network-traffic-except-ssh-port-22/
[20:02] <popey> first hit for "tcpdump exclude ssh" on google :)
[20:02] <dogmatic69> eh
[20:03] <dogmatic69> that site comes up for anything linux related
[20:25] <Daviey> ettercap is another tool that supports regex style limiting
[20:26] <MartijnVdS> tshark/wireshark++
[20:26] <MartijnVdS> capture everything, then ignore the ssh strea
[20:26] <MartijnVdS> m
[20:27] <Daviey> Laney: confirmed, FF and Chrome, up-to-date Quantal.. works here.
[20:28] <Laney> yeah I tried loading it in The Cloud and it worked, but broken on both of my machines
[20:28] <Laney> weird eh
[20:33]  * Laney remembers there is a cheeky macbook air running precise
[20:35] <Laney> … which is also broken in the same way …
[20:35]  * Laney gets suspicious
[20:38] <Daviey> "The Cloud"... i love it.
[20:38] <Daviey> Laney: do a proxy check..
[20:39] <Laney> how?
[20:39] <Laney> I do indeed now suspect skulduggery from vM
[20:39] <Laney> VM
[20:40] <Daviey> Laney: google for "proxy check" :)
[20:41] <Daviey> I've started VPN'ing all my traffic, as i don't really trust my ISP.
[20:41] <Daviey> </paranoid>
[20:42] <Laney> Daviey: I see, you mean like that. Apparently not. I did think that virgin had one, but this site is SSL.
[20:42]  * Laney should do the VPN thing
[20:49] <Daviey> Laney: Squid recently added support for SSL MITM'ling.. whic freaks me out.
[20:49] <Daviey> http://wiki.squid-cache.org/Features/SslBump
[20:51] <Laney> Huh, that is scary
[20:51] <Laney> I wonder if employers would have to inform you if they're doing that
[20:52] <ali1234> you can just look at your certificate store
[20:53] <ali1234> if you see "FooCorp certificate for SSL snooping" then you know they are doing it
[20:53] <Laney> yes, most people definitely know to do that
[20:53] <ali1234> if you don't, and they try it, you'll get a big fat "untrusted certificate" warning on any SSL website
[20:54] <ali1234> most people don't understand https to start with and either assume all traffic is secure by default no matter what, or all traffic is insecure by default no matter what
[20:55] <Laney> oh, that's ok then
[20:56] <ali1234> if people don't understand certificates, then they wouldn't understand if the employer told them either
[20:56] <ali1234> so yeah it would be nice of them, but largely pointless
[20:56] <Laney> wtf
[20:56] <Laney> you think it is impossible to express it in a simple way?
[20:56] <ali1234> yes
[20:57] <ali1234> it's impossible to make it simple enough that people would understand it in combination with all the other "simple" guides to internet security out there
[20:57] <ali1234> ie it's impossible to simplify it without making it contradict everything people have previously been told about security
[20:58] <ali1234> the only way to understand it is to actually really understand it properly
[20:58] <Daviey> "To maintain corporate internet useage policy (filtering), and to make best use of our bandwith; we intercept https connections.  This means that we can technically see your 'secure' content - such as online banking"
[20:58] <Daviey> sans typos
[20:58] <dogmatic69> ok, my issue I have been having with server dropping out all the time seems to not be the server but rather my pc :(
[20:59] <ali1234> Daviey: "but the help screen in internet explorer says that https connections cannot be intercepted"
[20:59] <dogmatic69> Tracking traffic with tcpdump, when its breaks there is nothing being sent at all.
[20:59] <daubers> Daviey: YOU'RE screening my interwebz?
[21:00] <Daviey> daubers: Indeedy
[21:00] <daubers> Daviey: So thoes Ninjas... I didn't mean to send them to you....
[21:01] <Daviey> daubers: And i'd share with the rest of the channel what you had been recently looking at.. but it's not family friendly.
[21:01] <Daviey> Those poor goats, is all i can say.
[21:01] <daubers> Daviey: That's your browser history! Not mine
[21:02] <Daviey> daubers: next you'll be saying it was for 'research purposes'.
[21:02] <daubers> Daviey: Maybe it was.....
[21:03] <daubers> Bah, why can't all circuit boards have 0.1mm seperated headers. Would make my life a lot easier
[21:03] <daubers> or 1mm even
[21:03] <daubers> ****OUT OF TEA ERROR****
[21:04] <ali1234> because the standard is 0.1 inched
[21:04] <Daviey> Laney: TBH, if it's a 'work maintained' machine.. i'd expect them to have vnc (or equivalent).. making https almost as insecure.. so it's no massive change.
[21:04] <daubers> ali1234: In this house we respect the laws of thermodynamics and the metric system
[21:05] <Laney> Daviey: Indeed (and that does have to be in a computer code of use AFAIK). It just makes it easier to automate.
[21:07] <Laney> (and to process the results)
[21:08] <ali1234> http://al.robotfuzz.com/playing-with-uefi-secure-boot-part-2-basic-authenticode-signing-with-ms-tools/
[21:09] <em> aren't you guys watching the football?
[21:09] <Laney> sure am
[21:09] <ali1234> NO
[21:10] <daubers> Whatball?
[21:11] <popey> cricket without bats daubers
[21:11] <daubers> popey: Surely that's not legal?
[21:11] <daubers> (although it's been some time since I listened to the cricket I have to admit)
[21:22] <bigcalm> Git people who run private local repos! What's your favourite web interface?
[21:22] <ali1234> gitweb
[21:22] <bigcalm> ali1234: for personal use only, or do you protect bits for members to view stuff?
[21:23] <ali1234> i don't share proprietary code
[21:24] <ali1234> let me put that another way
[21:24] <ali1234> i only share code publicly or not at all
[21:24] <bigcalm> OK
[21:25] <bigcalm> I'm sure I can lock things down with a .htaccess file
[21:25] <jacobw> and england are out :)
[21:25] <diddledan> true to form
[21:26] <diddledan> so is that hodgson out of a job now? :-p
[21:34] <popey> looks like bed time
[22:16] <bigcalm> Is there a web interface to manage merge requests in git?
[22:18] <AlanBell> like github?
[22:18] <bigcalm> AlanBell: yes, like it for privately hosted git repos
[22:18] <AlanBell> http://stackoverflow.com/questions/438163/whats-the-best-web-interface-for-git-repositories
[22:18] <bigcalm> AlanBell: just been there
[22:19] <AlanBell> I was looking there the other day
[22:19] <bigcalm> I have gitweb running, but it only lets you view. Doesn't offer management tools
[22:19] <AlanBell> went with redmine which isn't quite the same thing
[22:20] <bigcalm> gitorious looks nice
[22:23] <bigcalm> Ug, getting tired
[22:25] <ali1234> hmm you know i just noticed that tiano doesn't actually follow the EFI specification
[22:27] <ali1234> quote "If the image’s signature is not found in the authorized database, or is found in the forbidden database, the image will not be started and instead"
[22:27] <ali1234> that isn't true. OVMF will run an image if it is signed with the KEK certificate, even if it's signature is not present in the authorized database (DB)
[22:27] <ali1234> however, it won't run it if it is signed with PK
[22:28] <ali1234> either PK or KEK should allow signatures to be added to the DB
[22:29] <ali1234> the spec says nothing about allowing an image to run if it is signed by an enrolled KEK
[22:29] <ali1234> it also says nothng about disallowing an image that is signed by PK but not KEK
[22:30] <ali1234> it does however say that DB updates may be signed with either KEK or PK
[22:31] <ali1234> so if signing the image with KEK implicitly allows it to run because the signer could have added the sig to DB, then signing it with PK should have the same effect
[22:31] <ali1234> but in the implementation it does not
[22:39] <AlanBell> ali1234: I think it might be a good thing to send some of your investigations to the ubuntu-devel@lists.ubuntu.com list
[22:40] <ali1234> i will do, when i've got everything straight
[22:40] <AlanBell> great
[22:40] <ali1234> i'm building a set of batch files to automatically generate the keys, certificates, and binaries for the tests
[22:41] <ali1234> you can help by following along and checking i have not made any obvious mistakes
[22:42] <AlanBell> great, but now I am off to bed. Night all o/
=== Lcawte is now known as Lcawte|Away
[22:55] <bigcalm> Beddybies time :) o/
[23:10] <ali1234> LOL
[23:10] <ali1234> so on page 40 of the efi signing document they attempt to show what happens if you try to run an unsigned efi binary with a screenshot
[23:10] <dogmatic69> Ok, I keep getting something like '192.168.0.3 > 192.168.0.2: ICMP 192.168.0.3 udp port 2032 unreachable'
[23:11] <ali1234> except that the screenshot clearly gives the "command not found error" rather than the "access denied" error you get when you actually try it
[23:11] <dogmatic69> after that I can not load web pages from the box via chrome
[23:12] <ali1234> dogmatic69: that's crazy
[23:12] <dogmatic69> anyone know what ICMP is?
[23:12] <ali1234> yes
[23:12] <dogmatic69> :/
[23:12] <dogmatic69> what?
[23:12] <ali1234> it's the packet type used to establish a connection
[23:12] <dogmatic69> ah ok
[23:13] <ali1234> like if you try to connect to an unopen port, the server sends back a "connection refused" message, right?
[23:13] <ali1234> well that message can't be sent over tcp or udp because those require a port
[23:13] <dogmatic69> 192.168.0.2 is a blade server I use for web dev at home, its running bind9 catching *.dev and passing anything else
[23:13] <ali1234> and since there is no port, that won't work
[23:13] <dogmatic69> every now and then the site is unavaiable
[23:13] <dogmatic69> and that seems to happen at the exact moment
[23:13] <ali1234> so it is sent using ICMP instead
[23:14] <dogmatic69> ok
[23:14] <dogmatic69> once this connection drops no amount of F5 does anything. there is no tcp traffic at all
[23:14] <dogmatic69> or udp, tcpdump is just quiet
[23:14] <ali1234> i don't use chrome
[23:15] <dogmatic69> then it seems I get http://bin.cakephp.org/view/2003453668
[23:15] <dogmatic69> and it works again
[23:15] <dogmatic69> well the bit after un reachable
[23:15] <ali1234> look at that ARP stuff
[23:15] <dogmatic69> its normally down for 10 20 seconds
[23:15] <dogmatic69> ARP?
[23:15] <ali1234> your blade server is disappearing off the netwrk for no good reason
[23:16] <dogmatic69> well ssh still works
[23:16] <ali1234> who knows?
[23:16] <dogmatic69> I can ls in another terminal
[23:16] <ali1234> also why do you have a blade server in your house?
[23:16] <dogmatic69> for dev
[23:16] <ali1234> what's wrong with just using a normal computer?
[23:17] <ali1234> btw if ARP goes away for some reason established connections persist, just new ones break
[23:17] <dogmatic69> takes up much more space, blades are cheap and its closer to the real deal come deploy time
[23:18] <ali1234> there's a lot of ways that can happen
[23:18] <dogmatic69> hmm
[23:18] <ali1234> and they all involve misconfigured networks
[23:18] <dogmatic69> I have been apt-get removing everything possible
[23:18] <ali1234> for example, mac address conflict or ip address conflict can cause weird stuff like this to happen
[23:18] <ali1234> it won't be caused by a package
[23:18] <dogmatic69> I have mostly everything on a fixed IP
[23:19] <ali1234> it will be caused by something specific that you did, either that or the hardware is faulty
[23:19] <dogmatic69> will look for some conflicts
[23:19] <dogmatic69> Ill try reboot the router then
[23:20] <ali1234> i doubt that will help