/srv/irclogs.ubuntu.com/2014/09/25/#ubuntu-uk.txt

diploMorning all06:54
Myrttimoin.07:22
=== zmoylan-3i is now known as zmoylan-pi
awilkinsObvious question ; is there a patch for Shellshock (CVE-2014-6271) in the Ubuntu repositories yet?  http://www.csoonline.com/article/2687265/application-security/remote-exploit-in-bash-cve-2014-6271.html07:48
Myrttiwhat I heard was that Debian and Ubuntu aren't directly affected because they use dash by default instead of bash.07:49
MyrttiI could be wrong though07:49
awilkinsI think bash is the default user shell07:51
Myrttithat's new then.07:52
Myrttiwhen was that changed from dash?07:52
awilkinsdash is linked to /bin/sh07:52
awilkinsSo it will be the default shell that runs most scripts07:52
awilkinsSo ; there is a patch, it's already been applied to all my servers because they have automatic security updates on, huzzah.07:57
brobostigonmorning boys and girls.07:59
JamesTaitGood morning all; happy Psychotherapy Day! :-D08:05
JamesTaitIs it just here in Derby, or did someone turn summer off completely?08:08
foobarryok down south08:08
arsencolder here in london :)08:08
arsenall the cars were cold and damp this morning.08:08
JamesTaitI think we've had that for a couple of weeks, but it's normally starting to warm up by this time.08:09
foobarryagh, the large novel in my bag squashed my morning croissant08:10
JamesTaitThis is the first morning I've had to keep stopping typing to warm my hands.08:10
arsenin the great debate over books vs croissant, croissant has to take priority08:10
=== msm is now known as Guest98855
foobarryebooks usually win, but the book was 50p in charity shop09:18
zmoylan-pithe number of second hand book shops in dublin has dropped to such a low level09:20
zmoylan-pilots of charity shops with tiny book sections but only useful if looking for 50 copies of dan brown09:21
Myrttiooh croissants.09:21
* Myrtti cries over myfitnesspal09:21
foobarryi was amazed to find haruki murakami books in charity shop09:22
foobarrybut this was devon. their charity shops are better than the regular shops09:22
zmoylan-pii did see halo jones 2000ad graphic novels in one though, but i already have it09:22
foobarrycharity shops are good for cookery books too09:22
foobarrybut my house is full of books09:23
foobarryand my attic09:23
foobarryi have a load of old spiderman/batman et al comics in my loft, probably papier mache by now09:24
zmoylan-piif they're in good nick could be worth a few shekels09:27
zmoylan-pii have a *lot* of 2000ad in cbr format, i'm still waiting for a good tablet to read them on, i reckon it has to be a3 in size09:28
davmor2This is the voice of the mysterons09:34
* zmoylan-pi hands davmor2 a lozenge09:36
davmor2I don't know why captian scarlet intro jumped into my head but there we go :)09:37
* zmoylan-pi is more of a thunderbirds theme opening fan09:37
zmoylan-pisorry meant stingray there, memory is still running on low coffee levels09:38
zmoylan-pibut they were all pretty good theme tunes09:38
foobarryi had to run yum clean all on a bunch of my boxen before i could see the updated bash package. any idea why?09:39
NET||abusefoobarry, cause yum.10:03
bigcalmpopey: know the mates rates package we get with VM?11:00
popeywhat about it?11:00
bigcalmpopey: I just got VM to apply a £20pcm rolling credit to our account11:01
popeyooh!11:01
bigcalmIt was the only way to keep me as a customer11:01
popeyhow?11:01
popeyyou're moving though11:01
bigcalmYep11:01
bigcalmBecause we're moving, I knew we'd lose our Mates Rates discount. So I spent over 1 hour on the phone discussing what options we have to keep my custom11:02
Laneywtf11:02
* bigcalm is grinning11:02
bigcalmOnce bills have settelled, we'll be paying in the region of £35pcm11:02
Laneyhere I am eating the 3 £1.50/month increases we've had recently11:02
bigcalmDisconnection on 10th, connection on the 11th11:03
bigcalmLooking forward to 100mb connection11:04
bigcalmpopey: what's your upload rate?11:04
popey511:04
bigcalmBetter than the 3 I have11:05
bigcalmIf we didn't keep VM, we would have gone with FTTC ADSL and have 19mb upload11:05
foobarry"Red Hat has become aware that the patch for CVE-2014-6271 is incomplete. "11:05
foobarryRed Hat advices customers to upgrade to the version of bash which contains the fix for CVE-2014-6271 and not wait for the patch which fixes CVE-2014-7169. CVE-2014-7169 is a less severe issue and patches for it are being worked on.11:05
popeyi like the way that is worded11:09
popeywhat they mean is "some guy on twitter told us" ☻11:09
bigcalmHeh11:11
foobarryyeah11:13
knightwisemorning everyone11:31
brobostigonafternoonings knightwise11:33
knightwisehey brobostigon11:39
knightwisehow are you11:39
brobostigonnot bad, eczema could be better, and you?11:40
knightwisedoin ok, crying a little because I had to give back the Samsung 32inch 4K display I had on a loan for review11:42
directhexknightwise: i think i'd struggle with a monitor that big11:44
directhexi already can't keep track of everything on my mac screen and my 27" at once11:44
zmoylan-pimy biggest monitor is ~21"11:45
popey23 here11:46
zmoylan-piand it's a wide screen jobbie which i hate11:46
zmoylan-pimy favourie is a 19" 4:3 monitor i got a few moons ago11:46
knightwiseIt is a bit TOO big11:54
* knightwise currently workds with a retina 15 inch mb pro and 2 24 inch in portrait mode11:54
foobarryso the bash vuln can be exploited with user-agent string :-|11:55
bigcalmNice11:55
awilkinsWhat, in a browser?11:57
foobarryyes11:59
foobarryenv X="() { :;} ; echo busted" `which bash` -c "echo completed"11:59
foobarrywoops11:59
foobarryhttps://twitter.com/securifybv/status/51503504429417267311:59
foobarryis 13.10 still updated11:59
zmoylan-pii seem to remember updating from that because it wasn't...12:00
intrbizfoobarry: or any other header that will be passed to the CGI12:01
foobarryworms a-coming12:03
popey13.10 EOL July12:03
foobarryargh12:03
zmoylan-pii think it popped up a message then that convinced me to upgrade a few days later12:11
DJonesfoobarry: Might be worth subscribing to the ubuntu-announce mailing list, maybe 2-3 messages a month, normally EOL/Release notifications12:14
foobarryyeah12:16
foobarrythe main issue is just finding non lts boxen12:17
=== Lcawte|Away is now known as Lcawte
=== Lcawte is now known as Lcawte|Away
diddledanoh golly13:10
diddledanthe bash vulnerability announced yesterday covers MANY versions13:10
diddledanhttps://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-627113:10
awilkinsYeah, as someone pointed out, not as bad as OpenSSL because people don't statically link shells....13:15
awilkinsOne update and you're covered13:15
awilkinsAnd all the embedded things use Busybox / ash anyway13:16
foobarrycgi-bin13:38
=== Lcawte|Away is now known as Lcawte
intrbizpresumably there are less people using publicly available CGIs than were running affected OpenSSL14:08
diplo1 in 50 ish it seems14:09
diploAccording to some sites I've read14:09
diploThings like cpanel can be affected14:09
intrbizdiplo: interesting14:09
jpdsawilkins / diddledan: Seen the NSS vuln? :)14:10
diddledanjpds: I heard a rumour but not heard what it actually entails14:10
jpdsdiddledan: $  host -t txt istheinternetonfire.com14:10
diplointrbiz, I've not seen any confirmed stuff yet though, lots of speculation14:11
intrbizdiddledan: NSS bug was an ASN.1 parsing issue which could allow forged certs IIRC14:13
bigcalmfewer14:25
* bigcalm goes back to cobbling together a bash script14:25
=== Lcawte is now known as Lcawte|Away
bigcalmAnybody know how to use "readarray" in bash? I'm struggling to read a text file into an array15:10
awilkinsbigcalm, one record per line?15:10
bigcalmawilkins: yes15:11
awilkinswhile read LINE ; do echo "STUFF WITH $LINE" ; done < file-with-lines15:12
bigcalmOh15:12
bigcalmI guess that works :)15:12
bigcalmawilkins: yay15:14
bigcalmMy crontab combiner works :D15:14
intrbizyou can also do: cat file | while read l ; do echo $l ; done15:14
intrbiztype thing15:14
bigcalmhttp://paste.ubuntu.com/8426112/15:18
bigcalmDoes the job but could do with improvement15:18
bigcalmBash is not my 1st language ;)15:18
bigcalmThe point of this script is to combine crontab files from different projects by different developers using the same user account on a client's server15:19
bigcalmJust spotted a ; that didn't need to be there. I struggle to write code and not end a line with ;15:21
* diddledan wanders off on a chocolate hunt15:32
zmoylan-pibe careful, wounded chocolate can turn nasty :-)15:33
=== Lcawte|Away is now known as Lcawte
daftykinshahaha15:53
bigcalmMy bowls have turned nasty, they feel wounded as well15:57
bigcalm*bowels15:58
NET||abuseTMI15:58
daftykins+1 to the TMI15:58
* bigcalm slithers off15:59
daftykinseww16:00
daftykins:)16:00
bigcalmo.O16:02
bigcalmThat's your own imagination now16:02
daftykinsyip16:02
* bigcalm tuts16:03
davmor2bigcalm: I would hope that English was your first language :P16:09
bigcalmdavmor2: debateable16:11
bigcalmOr debatable16:11
bigcalmNo spell checker with X-chat in windows...16:11
davmor2bigcalm: I've seen your code, your English is definitely better :P16:12
dutchiezing16:12
bigcalm:O16:12
bigcalmGoing to oggcamp this year?16:13
dutchiei am!16:13
dutchiei even have half a talk (so far)16:13
daftykins:D16:13
dutchieneed to work out when i am drinking with oggcampy people and when with oxfordy people thoguh16:14
dutchiethough16:14
davmor2bigcalm: no, I was planning on it, but then the Councils scheduled, a load of works on our home at the same time :(16:14
daftykinsah the social cameleon bit, eh16:14
bigcalmdavmor2: poo16:14
dutchiedaftykins: something like that16:14
dutchiehmm, should also check the buses from city centre out to the venue16:15
daftykinsi've noticed the growing popularity of that term16:20
daftykinsi remember times when things either were or weren't ;)16:20
popey\o/ oggcamp16:29
daftykinsthe name of that confuses me, makes me think it's a whole event about an audio format16:29
zmoylan-pior nanny ogg :-)16:34
bigcalmNanny Ogg was anything but camp!16:34
popeylooking forward to oggcamp this year16:35
zmoylan-pibut you could imagine an entire camp of oggs16:35
bigcalmpopey: have you been in training for giving out the raffle prizes?16:36
zmoylan-pihe's put together a sparkly costume? :-)16:37
popeynewp16:37
bigcalmzmoylan-pi: quite, she did have a few off spring...16:37
bigcalmpopey: yes, go with the sparkely!16:37
Myrttiwe're coming too!16:41
MyrttiI'll try not to hoard everything from the raffle this time16:41
Myrtti:->16:41
bigcalm:D16:42
popeyyay!16:43
zmoylan-pihow many leds can one aurdino control for maximum sparkles on a costume? :-)16:44
Myrttizmoylan-pi: sounds like you're trying to do exactly my project16:45
daftykinsMyrtti: did you have an unusual spate of good luck, once before?16:45
Myrttidaftykins: back in 201116:45
bigcalmMyrtti: won my penguin!16:46
Myrttiand some Ubuntu swag16:46
Myrttidsample uses the bag for his laptop nowadays16:46
MyrttiI used it for a good while too16:47
popeyI am going to win everything so I don't need to run anywhere16:47
Myrttibigcalm: that penguin is one of the few plushies that actually made the trip back to UK with my moving boxes16:47
Myrttimost I've given away16:48
bigcalmWow16:48
bigcalmMyrtti: that's cool :)16:48
dogmatic69The following packages have unmet dependencies.19:18
dogmatic69 linux-headers-3.13.0-36-generic : Depends: linux-headers-3.13.0-36 but it is not installed19:18
dogmatic69so 3.13.0-36 requires 3.13.0-36?19:18
diddledaninteresting job posting: http://woto.com/code19:22
ali1234diddledan: they want you to sign up for their website, make a page on it, then share it to social media. ie applying requires you to promote their terrible idea. and the "job" is an internship.20:13
ali1234it's an interesting solution to the situation where your company gets more resumes than your website gets users20:18
diddledandoes facebook know me that well? they just advertised slippers at me20:37
zmoylan-piyour age, gender and location would be all you'd need to recommend slippers?20:48
betternickhi!21:02
betternickhi!21:03
diddledanhttp://www.startrek.com/article/chase-masterson-scott-palm-guest-blog-in-real-life21:15
diddledanawesome21:15
diddledannew hacking thriller: http://www.imdb.com/video/imdb/vi168799004121:48
zmoylan-pithe best hacking movie remains http://www.imdb.com/title/tt0091464/ no computers whatsoever :-)22:01
ali1234carmack wants to bring back interlace22:17
ali1234and he wants high dynamic range displays22:20
ali1234lol22:20
zmoylan-pithat'll make tetris so much better :-p22:21
ali1234plus trolls will be able to blind people by posting photos of the sun22:23
zmoylan-piflushing out epileptics will never be so easy22:25
=== Lcawte is now known as Lcawte|Away
diddledanyey for the FSF using shellshock (bash's bug) to promote freedom22:31
diddledanif you want to read, it's over here: https://fsf.org/news/free-software-foundation-statement-on-the-gnu-bash-shellshock-vulnerability22:33
directhexpfft22:51
directhexdiddledan, attacking apple over it... every mac ships with bash22:51
ali1234is there a new patch yet?22:52
daftykinsi just installed a second one on lucid server here22:52
diddledanali1234: I received a followup announcement just this minute from ubuntu securtiy22:53
ali1234ah yeah i see a new package now, that's not more than 2 hours old22:53
zmoylan-piwhen i try env X="() { :;} ; echo busted" /bin/sh -c "echo stuff" on both my ubuntu and 1 rasp pi it seems fine23:00
ali1234because /bin/sh is dash on ubuntu23:00
ali1234change it to /bin/bash23:00
zmoylan-piah23:00
zmoylan-pimy bad :-)23:01
ali1234same is true of debian and therefor raspbian23:01
daftykinswhy won't my cat let me type? :(23:34
daftykinshttps://www.dropbox.com/s/2vtznfi3kd56smk/IMG_20140926_002500.jpg?dl=023:34
diddledannawww, soo coot23:34
daftykins8D23:35
diddledansoft kitty, warm kitty23:35
zmoylan-pilittle sharp bitey ball of fur kitty23:43
daftykinsit can be quite frustrating when they knead on you in a thin t-shirt23:44
daftykins*stabbity stab stab to the stomach*23:44
zmoylan-piit's i'm being nice, you just have to hope it stops soon23:44
diddledanyeah, but we're martyrs and won't make them stop23:44

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!