[00:36] <cmaloney> Evening
[01:04] <Neff_> everyone here is from michigan?
[01:10] <gamerchick02> yeah most of us are, but some are in other places...
[01:13] <Neff_> cool
[01:14] <gamerchick02> some have moved. :)
[01:17]  * greg-g looks around
[01:18] <gamerchick02> greg-g you're still in CA, yes?
[01:18] <gamerchick02> unless i'm wrong
[01:18] <greg-g> yep!
[01:18] <greg-g> in Petaluma, which is about 40 miles north of SF
[01:18] <gamerchick02> ah yes
[01:18] <gamerchick02> but you're still a Michigander at heart.
[01:18] <gamerchick02> we'll keep ya
[01:18] <gamerchick02> :)
[01:19] <greg-g> northwoods, really
[01:19] <greg-g> I'll take MN, WI, or MI
[01:21] <gamerchick02> :)
[03:19] <cmaloney> t ls router
[03:19] <cmaloney> heh
[10:57] <wolfger> morning
[11:35] <rick_h_> morning
[12:11] <_stink_> yo
[12:29] <mrgoodcat> yo
[13:04] <mrgoodcat> update your bash again http://www.ubuntu.com/usn/usn-2364-1/
[13:04] <bookiebot> http://goo.gl/jgzzjG - USN-2364-1: Bash vulnerabilities | Ubuntu
[13:13] <cmaloney> Morning
[13:14] <cmaloney> And lovely.
[14:10] <cmaloney>  @sil: tempted to make a shellshock worm which only attacks those with zsh installed, just to marginally decrease the world's wrongly-smug quotient
[14:11] <mrgoodcat> lol
[14:11] <mrgoodcat> well it would only work if webservers used zsh as their default shell
[14:11] <mrgoodcat> which seems really unlikely
[14:13] <cmaloney> So basically we'd have complete ownership over bookie. ;)
[14:15] <mrgoodcat> does anybody know if it's possible to upgrade the kernel without rebooting? somebody who i generally consider pretty knowledgeable is saying he has 432 days of uptime but uname -r is saying his kernel is updated
[14:26] <cmaloney> I think we mentioned this at the past CHC. I've always associated kernel upgrade w/ reboot
[14:26] <cmaloney> Google search turned up ksplice.
[14:27] <cmaloney> as well as kgraft and kpatch
[14:27] <cmaloney> SO it appears possible
[14:28] <cmaloney> Though I'm of a mind that a reboot every now and again is a "good thing"TM
[14:28] <cmaloney> If nothing else it cleans out the cruft.
[14:28] <cmaloney> Also turning off the power for 10 secods to drain out the capacitors for memory
[14:29] <cmaloney> and give your power supplies a nice jolt to let them know it's time to fail
[14:34] <brousch_> mrgoodcat: I think you, can but it involves some really deep voodoo
[14:35] <brousch_> https://www.ksplice.com/
[14:35] <bookiebot> http://goo.gl/AaNbO - Never Reboot Linux for Linux Security Updates | Ksplice
[14:35] <brousch_> Or paying Oracle, it seems
[14:35] <mrgoodcat> he says he isn't using any magic things
[14:36] <mrgoodcat> he thinks you just don't need to reboot after a kernel update
[14:36] <brousch_> So he's installing the new kernel but still running on the original
[14:36] <mrgoodcat> yea afaict
[14:36] <mrgoodcat> but he's on debian wheezy so the kernel version number isn't bumping on security updates. so i can't tell which package he is running
[14:37] <mrgoodcat> the kernel he booted with has the same version number as the current package version
[14:37] <mrgoodcat> so uname -r doesn't help
[14:45] <cmaloney> mrgoodcat: I think Arch has the magic voodoo baked in
[14:45] <cmaloney> but unaware of Debian packaging it
[14:46] <cmaloney> mrgoodcat: or rather unaware of Debian shipping with it by default
[14:47] <cmaloney> try searching for ksplice, kpatch, or kgraft in the packages list
[14:48] <cmaloney> It appears that ksplice is packaged for Ubuntu
[14:52] <cmaloney> Hah, I was thinking earlier that I should listen to some Ozric Tentacles this morinng
[14:53] <cmaloney> put the Squeezebox on random album shuffle and this came up:
[14:53] <cmaloney> .np squeekyhoho
[14:53] <bookiebot> squeekyhoho's current track - Cat DNA by Ozric Tentacles on Become The Other
[14:53] <cmaloney> Actually it's Spice Doubt
[15:02] <mrgoodcat> arch does not have the voodoo baked in. i just had to reboot my server this morning to get the new kernel running
[15:21] <jrwren> debian and ubuntu don't use bash as their default shell. they use dash. It doesn't lessen the impact of shellshock.
[15:21] <jrwren> or maybe it does lessen it, but it is still scary.
[15:22] <mrgoodcat> it is still scary
[15:22] <mrgoodcat> also, some services may explicitly use bash as their default shell in /etc/passwd
[15:22] <jrwren> May, but don't by default AFAIK
[15:22] <jrwren> hrm, seems the postgres account does.
[15:23] <mrgoodcat> nginx too iirc
[18:02] <jrwren> mrgoodcat: i have nginx installed. it doesn't install a special account.
[18:02] <jrwren> mrgoodcat: it uses www-data, just like apache.
[18:03] <jrwren> mrgoodcat: nginx MIGHT be vulnerable if a cgi uses /bin/bash, just like apache.
[18:03] <jrwren> http://www.dailymail.co.uk/news/article-2351881/Inside-Americas-worst-hotel-The-stomach-churning-reviews-guests-stayed-legendary-Detroit-dump-shut-down.html   admit I've been in a room, but not slept.
[18:03] <bookiebot> http://goo.gl/hDnxZ - Inside America's worst hotel: The stomach-churning reviews from guests who stayed at legendary Detroit dump before it shut down | Daily Mail Online
[19:16] <cmaloney> I think I need someone to watch my butt because it feels like I'm dragging it behind me
[19:17] <cmaloney> I don't want to accidentally lose it.
[19:18] <_stink_> you used to be able to put an ad for that on craigslist
[19:18] <_stink_> no pun intended
[19:19] <cmaloney> seriously?
[19:19] <_stink_> no it's a bad joke about adult services.
[19:19] <_stink_> ColonelPanic001: please laugh
[19:20] <ColonelPanic001> hah
[19:20] <_stink_> thanks
[19:20]  * ColonelPanic001 bills _stink_ for services rendered
[19:20] <_stink_> >:|
[19:35] <cmaloney> heh
[19:36] <cmaloney> I think I'm going to bill _stink_ for mental images rendered.
[19:37] <_stink_> mail returned: recipient not at this address
[19:38] <cmaloney> I sent a bitcoin bill
[19:39] <_stink_> damn!
[21:10] <cmaloney> I think I'm going to stop subscribing to This Week in Tech
[21:11] <cmaloney> the last episode where Baratunde and the guy who wrote "Hatching Twitter" talked over Steve Gibson made me mad.
[21:12] <cmaloney> I think the words "what is the practical application of ..." should be a signal to anyone that they're being an idiotic pundit.
[22:35] <mrgoodcat> osx just updated bash
[22:35] <mrgoodcat> way to be on your game apple
[22:52] <mrgoodcat> anybody heard of vipe?
[23:05] <cmaloney> mrgoodcat: That means that someone out there is still using XServe. :)
[23:05] <mrgoodcat> what do you mean?
[23:05] <cmaloney> Apple updating bash. :)
[23:06] <cmaloney> http://en.wikipedia.org/wiki/Xserve
[23:06] <bookiebot> http://goo.gl/XuXRDG - Xserve - Wikipedia, the free encyclopedia
[23:07] <mrgoodcat> right i get that, why does apple updating bash have anything to do with xserve though?
[23:07] <mrgoodcat> clients are affected too
[23:07] <cmaloney> I'm just messing
[23:07] <mrgoodcat> ah
[23:07] <mrgoodcat> because DHCP clients are vulnerable if i'm understanding properly
[23:07] <cmaloney> Only on evil networks
[23:09] <mrgoodcat> right
[23:09] <mrgoodcat> well 'evil' is assumed when talking about vulns
[23:10] <brousch_> I think you can still run xserve in a VM on OSX
[23:11] <mrgoodcat> probably
[23:11] <mrgoodcat> WMU still uses XServe
[23:11] <mrgoodcat> i had to administer it