[06:54] <diplo> Morning all
[07:22] <Myrtti> moin.
[07:48] <awilkins> Obvious question ; is there a patch for Shellshock (CVE-2014-6271) in the Ubuntu repositories yet?  http://www.csoonline.com/article/2687265/application-security/remote-exploit-in-bash-cve-2014-6271.html
[07:49] <Myrtti> what I heard was that Debian and Ubuntu aren't directly affected because they use dash by default instead of bash.
[07:49] <Myrtti> I could be wrong though
[07:51] <awilkins> I think bash is the default user shell
[07:52] <Myrtti> that's new then.
[07:52] <Myrtti> when was that changed from dash?
[07:52] <awilkins> dash is linked to /bin/sh
[07:52] <awilkins> So it will be the default shell that runs most scripts
[07:57] <awilkins> So ; there is a patch, it's already been applied to all my servers because they have automatic security updates on, huzzah.
[07:59] <brobostigon> morning boys and girls.
[08:05] <JamesTait> Good morning all; happy Psychotherapy Day! :-D
[08:08] <JamesTait> Is it just here in Derby, or did someone turn summer off completely?
[08:08] <foobarry> ok down south
[08:08] <arsen> colder here in london :)
[08:08] <arsen> all the cars were cold and damp this morning.
[08:09] <JamesTait> I think we've had that for a couple of weeks, but it's normally starting to warm up by this time.
[08:10] <foobarry> agh, the large novel in my bag squashed my morning croissant
[08:10] <JamesTait> This is the first morning I've had to keep stopping typing to warm my hands.
[08:10] <arsen> in the great debate over books vs croissant, croissant has to take priority
[09:18] <foobarry> ebooks usually win, but the book was 50p in charity shop
[09:20] <zmoylan-pi> the number of second hand book shops in dublin has dropped to such a low level
[09:21] <zmoylan-pi> lots of charity shops with tiny book sections but only useful if looking for 50 copies of dan brown
[09:21] <Myrtti> ooh croissants.
[09:21]  * Myrtti cries over myfitnesspal
[09:22] <foobarry> i was amazed to find haruki murakami books in charity shop
[09:22] <foobarry> but this was devon. their charity shops are better than the regular shops
[09:22] <zmoylan-pi> i did see halo jones 2000ad graphic novels in one though, but i already have it
[09:22] <foobarry> charity shops are good for cookery books too
[09:23] <foobarry> but my house is full of books
[09:23] <foobarry> and my attic
[09:24] <foobarry> i have a load of old spiderman/batman et al comics in my loft, probably papier mache by now
[09:27] <zmoylan-pi> if they're in good nick could be worth a few shekels
[09:28] <zmoylan-pi> i have a *lot* of 2000ad in cbr format, i'm still waiting for a good tablet to read them on, i reckon it has to be a3 in size
[09:34] <davmor2> This is the voice of the mysterons
[09:36]  * zmoylan-pi hands davmor2 a lozenge
[09:37] <davmor2> I don't know why captian scarlet intro jumped into my head but there we go :)
[09:37]  * zmoylan-pi is more of a thunderbirds theme opening fan
[09:38] <zmoylan-pi> sorry meant stingray there, memory is still running on low coffee levels
[09:38] <zmoylan-pi> but they were all pretty good theme tunes
[09:39] <foobarry> i had to run yum clean all on a bunch of my boxen before i could see the updated bash package. any idea why?
[10:03] <NET||abuse> foobarry, cause yum.
[11:00] <bigcalm> popey: know the mates rates package we get with VM?
[11:00] <popey> what about it?
[11:01] <bigcalm> popey: I just got VM to apply a £20pcm rolling credit to our account
[11:01] <popey> ooh!
[11:01] <bigcalm> It was the only way to keep me as a customer
[11:01] <popey> how?
[11:01] <popey> you're moving though
[11:01] <bigcalm> Yep
[11:02] <bigcalm> Because we're moving, I knew we'd lose our Mates Rates discount. So I spent over 1 hour on the phone discussing what options we have to keep my custom
[11:02] <Laney> wtf
[11:02]  * bigcalm is grinning
[11:02] <bigcalm> Once bills have settelled, we'll be paying in the region of £35pcm
[11:02] <Laney> here I am eating the 3 £1.50/month increases we've had recently
[11:03] <bigcalm> Disconnection on 10th, connection on the 11th
[11:04] <bigcalm> Looking forward to 100mb connection
[11:04] <bigcalm> popey: what's your upload rate?
[11:04] <popey> 5
[11:05] <bigcalm> Better than the 3 I have
[11:05] <bigcalm> If we didn't keep VM, we would have gone with FTTC ADSL and have 19mb upload
[11:05] <foobarry> "Red Hat has become aware that the patch for CVE-2014-6271 is incomplete. "
[11:05] <foobarry> Red Hat advices customers to upgrade to the version of bash which contains the fix for CVE-2014-6271 and not wait for the patch which fixes CVE-2014-7169. CVE-2014-7169 is a less severe issue and patches for it are being worked on.
[11:09] <popey> i like the way that is worded
[11:09] <popey> what they mean is "some guy on twitter told us" ☻
[11:11] <bigcalm> Heh
[11:13] <foobarry> yeah
[11:31] <knightwise> morning everyone
[11:33] <brobostigon> afternoonings knightwise
[11:39] <knightwise> hey brobostigon
[11:39] <knightwise> how are you
[11:40] <brobostigon> not bad, eczema could be better, and you?
[11:42] <knightwise> doin ok, crying a little because I had to give back the Samsung 32inch 4K display I had on a loan for review
[11:44] <directhex> knightwise: i think i'd struggle with a monitor that big
[11:44] <directhex> i already can't keep track of everything on my mac screen and my 27" at once
[11:45] <zmoylan-pi> my biggest monitor is ~21"
[11:46] <popey> 23 here
[11:46] <zmoylan-pi> and it's a wide screen jobbie which i hate
[11:46] <zmoylan-pi> my favourie is a 19" 4:3 monitor i got a few moons ago
[11:54] <knightwise> It is a bit TOO big
[11:54]  * knightwise currently workds with a retina 15 inch mb pro and 2 24 inch in portrait mode
[11:55] <foobarry> so the bash vuln can be exploited with user-agent string :-|
[11:55] <bigcalm> Nice
[11:57] <awilkins> What, in a browser?
[11:59] <foobarry> yes
[11:59] <foobarry> env X="() { :;} ; echo busted" `which bash` -c "echo completed"
[11:59] <foobarry> woops
[11:59] <foobarry> https://twitter.com/securifybv/status/515035044294172673
[11:59] <foobarry> is 13.10 still updated
[12:00] <zmoylan-pi> i seem to remember updating from that because it wasn't...
[12:01] <intrbiz> foobarry: or any other header that will be passed to the CGI
[12:03] <foobarry> worms a-coming
[12:03] <popey> 13.10 EOL July
[12:03] <foobarry> argh
[12:11] <zmoylan-pi> i think it popped up a message then that convinced me to upgrade a few days later
[12:14] <DJones> foobarry: Might be worth subscribing to the ubuntu-announce mailing list, maybe 2-3 messages a month, normally EOL/Release notifications
[12:16] <foobarry> yeah
[12:17] <foobarry> the main issue is just finding non lts boxen
[13:10] <diddledan> oh golly
[13:10] <diddledan> the bash vulnerability announced yesterday covers MANY versions
[13:10] <diddledan> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271
[13:15] <awilkins> Yeah, as someone pointed out, not as bad as OpenSSL because people don't statically link shells....
[13:15] <awilkins> One update and you're covered
[13:16] <awilkins> And all the embedded things use Busybox / ash anyway
[13:38] <foobarry> cgi-bin
[14:08] <intrbiz> presumably there are less people using publicly available CGIs than were running affected OpenSSL
[14:09] <diplo> 1 in 50 ish it seems
[14:09] <diplo> According to some sites I've read
[14:09] <diplo> Things like cpanel can be affected
[14:09] <intrbiz> diplo: interesting
[14:10] <jpds> awilkins / diddledan: Seen the NSS vuln? :)
[14:10] <diddledan> jpds: I heard a rumour but not heard what it actually entails
[14:10] <jpds> diddledan: $  host -t txt istheinternetonfire.com
[14:11] <diplo> intrbiz, I've not seen any confirmed stuff yet though, lots of speculation
[14:13] <intrbiz> diddledan: NSS bug was an ASN.1 parsing issue which could allow forged certs IIRC
[14:25] <bigcalm> fewer
[14:25]  * bigcalm goes back to cobbling together a bash script
[15:10] <bigcalm> Anybody know how to use "readarray" in bash? I'm struggling to read a text file into an array
[15:10] <awilkins> bigcalm, one record per line?
[15:11] <bigcalm> awilkins: yes
[15:12] <awilkins> while read LINE ; do echo "STUFF WITH $LINE" ; done < file-with-lines
[15:12] <bigcalm> Oh
[15:12] <bigcalm> I guess that works :)
[15:14] <bigcalm> awilkins: yay
[15:14] <bigcalm> My crontab combiner works :D
[15:14] <intrbiz> you can also do: cat file | while read l ; do echo $l ; done
[15:14] <intrbiz> type thing
[15:18] <bigcalm> http://paste.ubuntu.com/8426112/
[15:18] <bigcalm> Does the job but could do with improvement
[15:18] <bigcalm> Bash is not my 1st language ;)
[15:19] <bigcalm> The point of this script is to combine crontab files from different projects by different developers using the same user account on a client's server
[15:21] <bigcalm> Just spotted a ; that didn't need to be there. I struggle to write code and not end a line with ;
[15:32]  * diddledan wanders off on a chocolate hunt
[15:33] <zmoylan-pi> be careful, wounded chocolate can turn nasty :-)
[15:53] <daftykins> hahaha
[15:57] <bigcalm> My bowls have turned nasty, they feel wounded as well
[15:58] <bigcalm> *bowels
[15:58] <NET||abuse> TMI
[15:58] <daftykins> +1 to the TMI
[15:59]  * bigcalm slithers off
[16:00] <daftykins> eww
[16:00] <daftykins> :)
[16:02] <bigcalm> o.O
[16:02] <bigcalm> That's your own imagination now
[16:02] <daftykins> yip
[16:03]  * bigcalm tuts
[16:09] <davmor2> bigcalm: I would hope that English was your first language :P
[16:11] <bigcalm> davmor2: debateable
[16:11] <bigcalm> Or debatable
[16:11] <bigcalm> No spell checker with X-chat in windows...
[16:12] <davmor2> bigcalm: I've seen your code, your English is definitely better :P
[16:12] <dutchie> zing
[16:12] <bigcalm> :O
[16:13] <bigcalm> Going to oggcamp this year?
[16:13] <dutchie> i am!
[16:13] <dutchie> i even have half a talk (so far)
[16:13] <daftykins> :D
[16:14] <dutchie> need to work out when i am drinking with oggcampy people and when with oxfordy people thoguh
[16:14] <dutchie> though
[16:14] <davmor2> bigcalm: no, I was planning on it, but then the Councils scheduled, a load of works on our home at the same time :(
[16:14] <daftykins> ah the social cameleon bit, eh
[16:14] <bigcalm> davmor2: poo
[16:14] <dutchie> daftykins: something like that
[16:15] <dutchie> hmm, should also check the buses from city centre out to the venue
[16:20] <daftykins> i've noticed the growing popularity of that term
[16:20] <daftykins> i remember times when things either were or weren't ;)
[16:29] <popey> \o/ oggcamp
[16:29] <daftykins> the name of that confuses me, makes me think it's a whole event about an audio format
[16:34] <zmoylan-pi> or nanny ogg :-)
[16:34] <bigcalm> Nanny Ogg was anything but camp!
[16:35] <popey> looking forward to oggcamp this year
[16:35] <zmoylan-pi> but you could imagine an entire camp of oggs
[16:36] <bigcalm> popey: have you been in training for giving out the raffle prizes?
[16:37] <zmoylan-pi> he's put together a sparkly costume? :-)
[16:37] <popey> newp
[16:37] <bigcalm> zmoylan-pi: quite, she did have a few off spring...
[16:37] <bigcalm> popey: yes, go with the sparkely!
[16:41] <Myrtti> we're coming too!
[16:41] <Myrtti> I'll try not to hoard everything from the raffle this time
[16:41] <Myrtti> :->
[16:42] <bigcalm> :D
[16:43] <popey> yay!
[16:44] <zmoylan-pi> how many leds can one aurdino control for maximum sparkles on a costume? :-)
[16:45] <Myrtti> zmoylan-pi: sounds like you're trying to do exactly my project
[16:45] <daftykins> Myrtti: did you have an unusual spate of good luck, once before?
[16:45] <Myrtti> daftykins: back in 2011
[16:46] <bigcalm> Myrtti: won my penguin!
[16:46] <Myrtti> and some Ubuntu swag
[16:46] <Myrtti> dsample uses the bag for his laptop nowadays
[16:47] <Myrtti> I used it for a good while too
[16:47] <popey> I am going to win everything so I don't need to run anywhere
[16:47] <Myrtti> bigcalm: that penguin is one of the few plushies that actually made the trip back to UK with my moving boxes
[16:48] <Myrtti> most I've given away
[16:48] <bigcalm> Wow
[16:48] <bigcalm> Myrtti: that's cool :)
[19:18] <dogmatic69> The following packages have unmet dependencies.
[19:18] <dogmatic69>  linux-headers-3.13.0-36-generic : Depends: linux-headers-3.13.0-36 but it is not installed
[19:18] <dogmatic69> so 3.13.0-36 requires 3.13.0-36?
[19:22] <diddledan> interesting job posting: http://woto.com/code
[20:13] <ali1234> diddledan: they want you to sign up for their website, make a page on it, then share it to social media. ie applying requires you to promote their terrible idea. and the "job" is an internship.
[20:18] <ali1234> it's an interesting solution to the situation where your company gets more resumes than your website gets users
[20:37] <diddledan> does facebook know me that well? they just advertised slippers at me
[20:48] <zmoylan-pi> your age, gender and location would be all you'd need to recommend slippers?
[21:02] <betternick> hi!
[21:03] <betternick> hi!
[21:15] <diddledan> http://www.startrek.com/article/chase-masterson-scott-palm-guest-blog-in-real-life
[21:15] <diddledan> awesome
[21:48] <diddledan> new hacking thriller: http://www.imdb.com/video/imdb/vi1687990041
[22:01] <zmoylan-pi> the best hacking movie remains http://www.imdb.com/title/tt0091464/ no computers whatsoever :-)
[22:17] <ali1234> carmack wants to bring back interlace
[22:20] <ali1234> and he wants high dynamic range displays
[22:20] <ali1234> lol
[22:21] <zmoylan-pi> that'll make tetris so much better :-p
[22:23] <ali1234> plus trolls will be able to blind people by posting photos of the sun
[22:25] <zmoylan-pi> flushing out epileptics will never be so easy
[22:31] <diddledan> yey for the FSF using shellshock (bash's bug) to promote freedom
[22:33] <diddledan> if you want to read, it's over here: https://fsf.org/news/free-software-foundation-statement-on-the-gnu-bash-shellshock-vulnerability
[22:51] <directhex> pfft
[22:51] <directhex> diddledan, attacking apple over it... every mac ships with bash
[22:52] <ali1234> is there a new patch yet?
[22:52] <daftykins> i just installed a second one on lucid server here
[22:53] <diddledan> ali1234: I received a followup announcement just this minute from ubuntu securtiy
[22:53] <ali1234> ah yeah i see a new package now, that's not more than 2 hours old
[23:00] <zmoylan-pi> when i try env X="() { :;} ; echo busted" /bin/sh -c "echo stuff" on both my ubuntu and 1 rasp pi it seems fine
[23:00] <ali1234> because /bin/sh is dash on ubuntu
[23:00] <ali1234> change it to /bin/bash
[23:00] <zmoylan-pi> ah
[23:01] <zmoylan-pi> my bad :-)
[23:01] <ali1234> same is true of debian and therefor raspbian
[23:34] <daftykins> why won't my cat let me type? :(
[23:34] <daftykins> https://www.dropbox.com/s/2vtznfi3kd56smk/IMG_20140926_002500.jpg?dl=0
[23:34] <diddledan> nawww, soo coot
[23:35] <daftykins> 8D
[23:35] <diddledan> soft kitty, warm kitty
[23:43] <zmoylan-pi> little sharp bitey ball of fur kitty
[23:44] <daftykins> it can be quite frustrating when they knead on you in a thin t-shirt
[23:44] <daftykins> *stabbity stab stab to the stomach*
[23:44] <zmoylan-pi> it's i'm being nice, you just have to hope it stops soon
[23:44] <diddledan> yeah, but we're martyrs and won't make them stop