[00:13] <Patrickdk> why do we care about poodle?
[00:14] <Logos01> CVE-2014-3566
[00:14] <Patrickdk> yes, it's a client side issue
[00:15] <Patrickdk> and it's only marked as a *medium* security risk
[00:15] <Patrickdk> unlike the memleak that is marked as HIGH
[00:15] <Logos01> Patrickdk: No, it is a MitM attack.
[00:15] <Logos01> not client-side only.
[00:15] <Patrickdk> no it's not
[00:15] <Patrickdk> it requires you to be mitm in order to use it
[00:16] <Logos01> Which makes it not a "client-side issue"
[00:16] <Patrickdk> it is nothing new over beast
[00:16] <Patrickdk> yes it is
[00:16] <Patrickdk> it first requires a vaunerable client
[00:17] <Patrickdk> it requires you to mitm
[00:17] <Patrickdk> and it requires you to infect the client somehow first
[00:17] <Logos01> Yes. MitM vulnerabilities are not client-side vulnerabilities, as a matter of classification.
[00:17] <Logos01> You do NOT "infect the client somehow"
[00:17] <Logos01> The client never notices the action. You do nothing to the client.
[00:17] <Patrickdk> you need to inject the padding into the stream, that is done *from* the client
[00:18] <Logos01> What?
[00:18] <Patrickdk> you can use the mitm to force the downgrade, but that alone is not an issue
[00:18] <Logos01> Dude, that's not even close to how MitM attacks work.
[00:18] <Patrickdk> I know
[00:18] <Logos01> ...
[00:18] <Patrickdk> why I said it is not a mitm
[00:18] <Patrickdk> but mitm is one one part
[00:18] <Logos01> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
[00:18] <Patrickdk> only one
[00:18] <Logos01> ffs.
[00:19] <Patrickdk> yes it is a *client* side issue, that makes mitm possible
[00:19] <Patrickdk> as I said, mitm is only a *part* of the issue
[00:19] <Finetundra_> anyone here ever setup a server with xrdp?
[00:19] <Patrickdk> the issue is the client first
[00:19] <Logos01> Welp, you're on ignore now. I have better things to do than argue with blatant trolls.
[00:19] <Patrickdk> :)
[00:19] <Patrickdk> I made a friend!
[03:49] <xpistos> my touchpad is a bit sensitive
[05:07] <Myrth> hi, during do-release-upgrade, grub-pc asked to be reconfigured and gave option /dev/xvda and /dev/xvda1 to install boot. I chose /dev/xvda - is that correct? thanks
[05:07] <Myrth> don't want the cloud vps not boot the next time..
[06:44] <lordievader> Good morning.
[10:02] <Caribou> rbasak: is there any command to cleanup uvtool images, other than going to /var/lib/uvtool & cleaning up ?
[10:06] <rbasak> Caribou: what sort of cleaning up?
[10:06] <rbasak> Caribou: syncing new images removes the old ones.
[10:07] <Caribou> rbasak: well, for instance, I no longer want saucy, oneiric images any command to remove them ?
[10:07] <rbasak> To delete more than that, "uvt-simplestreams-libvirt purge" is the sledgehammer which removes all uvtool-managed libvirt images, but that is everything including images still in use.
[10:07] <rbasak> Caribou: ah. No, sorry.
[10:07] <Caribou> rbasak: yeah, I saw that
[10:07] <Caribou> rbasak: no worry, maybe I should try to come up with something
[10:08] <Caribou> rbasak: right now, I grep pubname in the metadata & remove the metadata & image fiels
[10:08] <Caribou> files
[10:08] <rbasak> Caribou: make sure nothing is using the images you're using. Then shut down libvirtd, and remove the image from both /var/lib/uvtool/libvirt/images/ and /var/lib/uvtool/libvirt/metadata/
[10:08] <rbasak> That should be OK I think.
[10:08] <Caribou> rbasak: ok, thanks!
[10:08] <rbasak> Or, actually
[10:08] <rbasak> There's an even better way
[10:08] <rbasak> Just remove the metadata file.
[10:09] <rbasak> When you next sync, I think uvtool will remove the libvirt image.
[10:09] <rbasak> (but only when the image is unused)
[10:09] <Caribou> rbasak: ok, I'll check that out!
[11:13] <sander^work> Do anyone recommend any program for creating a bunch of remote users on various servers?
[11:13] <sander^work> shell users.
[11:20] <sander^work> How can I create users with the right ssh public keys on remote servers with salt?
[11:20] <sander^work> obs
[12:14] <[1]Az> hi
[12:14] <[1]Az> is there a list of possible config settings for /etc/apt/apt.conf.d/10periodic
[12:14] <lordievader> [1]Az: I suppose it is documented somewhere, in a manpage or something.
[12:14] <sarnold_> [1]Az: try apt.conf(5) and apt_preferences(5)
[12:28] <zul> coreycb:  do you want to take swift ill take nova
[12:30] <coreycb> zul, sounds good
[12:49] <sarnold_> hmm, who else 'owns' the cloud archive when utlemming is offline? https://bugs.launchpad.net/ubuntu/+bug/1380922
[12:50] <Odd_Bloke> sarnold_: That would be rcj and/or myself.
[12:51] <sarnold_> Odd_Bloke: excellent :) thanks
[12:53] <rcj> sarnold, yes, we'll take a look
[13:21] <GothPaw> Hello Hello. I have a headless server (12.04) which does many things like httpd, mysqld,bind, and much more.....  Trying to determine just how safe it is to upgrade it to 14.04 and what problems "could" arise.
[13:21] <cfhowlett> !server | GothPaw
[13:22] <sarnold_> GothPaw: apache 2.4 changed acls significantly over apache 2.2, that feels most likely to be annoying out of what you've mentioned so far
[13:23] <GothPaw> sarnold_: was hoping to not hear something like that, lol.
[13:24] <RoyK> GothPaw: make sure you have a backup, though
[13:24] <GothPaw> all data is easy to backup just need to remove the 20TB worth of hard drives.
[13:24] <RoyK> *always* make sure you have a backup :P
[13:24] <GothPaw> except for config files that is
[13:24] <RoyK> I hope you have a raid on that thing ;)
[13:24] <GothPaw> only my config files and db files, etc actually reside on the master drive. all data files have their own drives
[13:25] <GothPaw> no raid.... just ALOT of 3 & 4 TB drives
[13:26] <GothPaw> budget just isnt enough to have 20TB in raid (of 20TB there is only 2.4TB of space left
[13:27] <sarnold_> ouch :)
[13:28] <GothPaw> yea I know :(  even more ouch is that this 'desktop' acts as a server and is 10 years old.
[13:28] <GothPaw> and it hosts EVERYTHING, lol
[13:28] <GothPaw> even acts as an external media server via PMS, dlna, etc
[13:29] <jrwren> GothPaw: i have one of those too. I use LVM mirroring for important stuff like family photos and videos, and less important things like audio/video product is not mirrored.
[13:31] <GothPaw> jrwren: I'll have to look into that as my Photography business is also hosted and run from this machine which houses approx. 12TB of photo's (but I keep those on their own drives)
[13:32] <jrwren> GothPaw: backups too!
[13:46] <zul> jamespage/coreycb: nova done..ill do trove
[13:56] <Gargoyle> Hi. I've made modifications to $PATH in /etc/environment, but these don't seem to be carrying over to "sudo" shells. Should I be updating somewhere else too?
[13:57] <sarnold_> Gargoyle: check sudo vs sudo -i
[13:57] <esde> http://askubuntu.com/questions/128413/setting-the-path-so-it-applies-to-all-users-including-root-sudo
[14:03] <zul> jamespage/coreycb: trove done, doing ceilometer next
[14:08] <jamespage> zul, I've got glance
[14:09] <zul> jamespage:  ack
[14:13] <jamespage> zul, and neutron
[14:31] <jamespage> zul, glance and neutron done
[14:31] <zul> jamespage:  cool ceilometer done
[14:31] <jamespage> zul, shall I take cinder?
[14:31] <zul> jamespage:  if you wish
[14:31] <jamespage> zul, ack will do
[14:32] <zul> jamespage/coreycb: taking heat
[14:32] <zul> (not litterally of course)
[14:35] <jamespage> zul, ack
[14:35] <jamespage> coreycb, if you want to join in - swift?
[14:35] <coreycb> jamespage, yep I'm on it.  doing the config changes too.
[14:37] <jamespage> coreycb, in the lab? awesome
[14:38] <coreycb> jamespage, oh shoot, that bug is for juno+1
[14:38] <coreycb> jamespage, bug 1379285 - will revisit that later
[14:40] <jamespage> coreycb, yeah to late this cycle
[14:40] <coreycb> jamespage, yeah
[14:44] <jamespage> coreycb, zul: I started - https://blueprints.launchpad.net/ubuntu/+spec/servercloud-1411-openstack
[14:45] <zul> jamespage:  keener
[14:45] <Gargoyle> thanks esde
[14:45] <jamespage> zul, ok cinder in the queue
[14:45] <zul> jamespage:  just doing a test build for heat
[14:46] <zul> jamespage:  mind taking horizon :)
[14:46] <jamespage> zul, sure
[14:47] <coreycb> jamespage, awesome on the blueprint
[14:47] <jamespage> coreycb, zul: link any bugs for next cycle to that
[14:47] <zul> jamespage:  ack
[14:47] <jamespage> zul, we can work out that calendar based on monthly milestones as well
[14:47] <jamespage> and template it for each release
[14:47] <coreycb> jamespage, +1
[14:52] <coreycb> jamespage, zul: swift https://i187498007.restricted.launchpadlibrarian.net/187498007/fb9f1b3e-5543-11e4-a88c-002481e91f22.txt?token=QqzpC97w51WjLWj0rHsRM9PdM9SG00vV
[14:52] <coreycb> yikes, https://code.launchpad.net/~corey.bryant/swift/2.2.0/+merge/238572
[14:53] <zul> jamespage/coreycb: heat done
[14:53] <coreycb> zul, what's left?
[14:54] <jamespage> coreycb, I've got horizon
[14:54] <jamespage> coreycb, ironic?
[14:54] <zul> ill take a look
[14:54] <jamespage> zul, keystone!
[14:54] <coreycb> jamespage, k I'll take ironic
[14:54] <zul> oh right ill take keystone
[14:54] <coreycb> jamespage, ha!
[15:02] <jamespage> coreycb, zul: horizon done
[15:02] <zul> jamespage/coreycb: keystone just buidling
[15:03] <coreycb> jamespage, zul: I'm waiting on ironic to release
[15:03] <jamespage> coreycb, ack
[15:04] <jamespage> jdstrand, are the outstanding MIR security reviews going to make it for utopic release?
[15:05] <jamespage> specifically bug 1349868 and bug 1381450
[15:08] <Odd_Bloke> sarnold_: Those checksums are fixed now. :)
[15:08] <sarnold_> Odd_Bloke: thanks!
[15:08] <Odd_Bloke> (And shouldn't break again)
[15:08] <sarnold_> even better :)
[15:10] <Odd_Bloke> :)
[15:15] <lunaphyte_> hi.  i seem to be unable to install a targeted kernel with 14.04.1.  i'm wondering if others might have had this experience and know what's wrong
[15:16] <lunaphyte_> "an error was returned while trying to install the kernel into the target system"
[15:17] <lunaphyte_> looking at syslog, it appears to have something to do with a dpkg failure when installing linux-image-3.13.0-32-generic
[15:17] <lunaphyte_> but it doesn't happen when selecting a generic kernel
[15:19] <jamespage> sarnold_, ah - I see the remaining tasks on bug 1349868 are assigned to you!
[15:20] <sarnold_> jamespage: indeed, but I'm at linux plumbers atm so it's hard to get traction on in-depth reviews
[15:21] <jamespage> sarnold_, reckon that will make release? just deciding what we need todo with ceilometer
[15:21] <jamespage> its been stuck in dep-wait for a while now
[15:22] <sarnold_> jamespage: when's that date again? next week i'm sprinting in dc and will have ample time to devote to it, but this week is quite busy with travel and conference
[15:23] <jamespage> sarnold_, utopic release is 7 days away
[15:23] <jamespage> so that might just work!
[15:23] <sarnold_> jamespage: pfew :)
[15:23] <sarnold_> jamespage: .. assuming I like what I see, that ought ot work fine then
[15:23] <jamespage> sarnold_, ack - we'll leave things as they are for now
[15:30] <zul> coreycb/jamespage: keystone done looking at swift
[15:31] <jamespage> zul, awesome
[15:48] <zul> jamespage/coreycb: ok i think we are done
[15:48] <jamespage> zul, awesome
[15:56] <coreycb> jamespage, zul: yeah just waiting on ironic
[15:56] <zul> oh yeah i forgot about ironic :)
[16:41] <coreycb> zul, jamespage: https://code.launchpad.net/~corey.bryant/ironic/2014.2/+merge/238597
[17:09] <zul> coreycb: ironic is done
[17:09] <coreycb> zul, thx
[17:14] <adam_g> zul, jamespage you may want to consider patching this in nova, i dont know why the bug wasnt escalated for the release. it totally breaks ubuntu images on clouds with only ec2 metadata (no config drive)
[17:14] <zul> adam_g:  bug number?
[17:15] <adam_g> oops
[17:15] <adam_g> https://bugs.launchpad.net/nova/+bug/1380792
[17:24] <kinky> good evening. Did anyone here successfully mitigate poodle exploit while still supporting SSLv3 due to WinXP / IE6 (deactivating CBC SSL3 ciphers)? SSLLABS seems to grade the sites 'C' no matter which ciphers I choose.
[17:29] <zzxc> Sooo I'm pretty sure I already know the answer to this. But if I'm getting the "/dev/xvdh1 will be checked for errors at next reboot" message. I can cirsumvent the fsck on the drive by unmounting the drive and running fsck on it correct?
[19:14] <jamespage> thanks adam_g - will add to the picks :-)
[19:57] <wxl> just wanted to bring to your attention this bug negatively affecting 14.10 final
[19:57] <wxl> oops https://bugs.launchpad.net/apt/+bug/1380774
[19:58] <wxl> an upstream fix is linked
[19:58] <wxl> so should be an easy fix but i encourage you to "grease the wheels" as you can because there is little time before release!
[20:00] <wxl> lubuntu can survive without a debian-installer iso. people will complain, but most will be fine. i know this isn't true of ubuntu server so wanted to bring it to your attention
[21:13] <tafa2> would anyone know how to automate a checkinstall command?
[21:36] <sheap> if I pass a variable to the preseed through boot parameters, like "sudouser=username" and have a package named "sudouser" that is installed and has a debconf prompt that goes "sudouser sudouser/question1 string ${sudouser}", how do I get this to work? Right now the installer is taking the "${sudouser}" literally instead of replacing it with the username....any help?
[21:38] <vedit> Hi, I am running 12.04 64bit server. When I update the reposotiry (apt-get update), I see that it is hitting the url which provide backported packages, multiverse, universe, restricted etc. I want to slim down my server to reduce unnecessary load
[21:38] <vedit> What package sources should I remove?
[21:39] <vedit> using tasksel I have already removed "Basic server". Only selected option in that is Openssl server as I am connecting to that server from remotely
[21:40] <vedit> I will be using that server for running nginx and one more wsgi server which I will down using source
[21:40] <vedit> How to reduce package source list.
[21:43] <vedit> Anybody?
[21:44] <vedit> When I update the reposotiry (apt-get update), I see that it is hitting the url which provide backported packages, multiverse, universe, restricted etc. I want to slim down my server to reduce unnecessary load
[21:57] <teward> is it relatively safe to run `do-release-upgrade -s` to generate a list of packages to upgrade without affecting anythng on the system?
[21:58] <vedit> teward: Is "apt-get upgrade" same as do-release-upgrade ?
[21:59] <teward> vedit: no.  i wasn't talking in relation to your issue.  `apt-get upgrade` updates your software within your release (i.e. precise) but `do-release-upgrade` upgrades you to a later release of Ubuntu (i.e. precise -> trusty)
[22:00] <vedit> teward: I see. No I don't want to move to other release. 12.04 LTS is good and 14.04 is very recent
[22:00] <teward> vedit: i still wasn't talking in relation to your issue :P  (I'm asking a different question for myself :P)
[22:01] <vedit> teward: Thanks for answering :)
[22:01] <vedit> your question got answer for me :)
[22:02] <teward> vedit: also, your question is unrelated
[22:03] <vedit> yea
[22:03] <teward> vedit: what you want to do is reduce the amount of times it has to check the same source.
[22:03] <vedit> teward: yea and also when I upgrade, it should only pull security patches
[22:05] <teward> well you'll need to disable -updates and -proposed, but you should not remove universe or multiverse unless you're CERTAIN your packages that you use aren't in those pockets
[22:06] <teward> vedit: you'll also miss huge bugfixes, at times.  pastebin your /etc/apt/sources.list file
[22:06] <teward> mine's far different from standard :P
[22:09] <vedit> teward: http://pastebin.com/YydqYDt2
[22:09] <teward> (next time use paste.ubuntu.com, just an FYI)
[22:11] <teward> vedit: consider using this instead - https://pbin.dark-net.net/view/raw/590b9be1
[22:11] <teward> vedit: i've commented out the precise-updates lines, and the precise-backports lines.
[22:12] <teward> vedit: but make a HUGE note that you'll miss other bugfixes, and will only get security updates
[22:12] <vedit> teward: but why the bug fix releaes lines were commented?
[22:12] <teward> vedit: because you only want security patches
[22:12] <teward> vedit: for those cases you only pull -security
[22:13] <teward> [14/10/16 18:03:56] <vedit> teward: yea and also when I upgrade, it should only pull security patches <--
[22:13] <teward> that IS what you asked
[22:13] <vedit> teward: I think I can safely comment universe and multiverse as I am looking to install from source
[22:13] <teward> vedit: 'install from source' as in manual compiling?
[22:13] <vedit> yea
[22:15] <teward> vedit: https://pbin.dark-net.net/view/raw/0a9d34f2 then
[22:15] <teward> (comments out even *more* lines)
[22:15] <vedit> wow
[22:15] <teward> ooopses
[22:15] <teward> wait
[22:15] <vedit> teward: Why not first two package lines
[22:15] <teward> i broke it
[22:16] <teward> vedit: because `main`
[22:17] <vedit> ok
[22:17] <teward> vedit: https://pbin.dark-net.net/view/raw/fbd26f70  <-- this
[22:17] <teward> i split off `main` and `restricted` into two separate lines, for standard and for -security
[22:17] <vedit> hmm... ok
[22:17] <teward> wouldn't hurt to also pull restricted, but...
[22:18] <teward> i also don't think it's that much extra load to pull an extra couple of megs of data for a source list
[22:18] <teward> but meh