/srv/irclogs.ubuntu.com/2014/12/30/#ubuntu-uk.txt

=== Lcawte is now known as Lcawte|Away
=== zmoylan-1i is now known as zmoylan-pi
ShoeGazerDoes anyone know if a preinstalled Windows 8 laptop can be wiped clean and Ubuntu loaded?03:37
daftykinswow, stick around.03:43
m0nkey_NO IMMEDIATE ANSWER. CLOSE WINDOW.03:57
m0nkey_:)03:57
daftykins\o/03:57
zmoylan-pidrive by questions04:23
daftykinspew pew pew04:24
* zmoylan-pi hands out the nerf in case they show up again04:25
daftykinsdoes it launch ubuntu DVDs?04:25
zmoylan-pii did modify a dart to hold a usb drive04:26
zmoylan-pisneakernet speed boost04:26
daftykins\o/04:28
zmoylan-piaccurate to about 60-70feet04:29
zmoylan-piand made a nerf pistol on desk at work justifiable :-P04:33
daftykins;]04:35
zmoylan-pigets harder when you put the belt fed machine gun nerf on desk... :-)04:38
zmoylan-pijust saw this which would allow a shock mounted usb hard drive :-P http://ultrafactsblog.com/post/106573106761/fact-source-follow-ultrafacts-for-more-facts#_=_04:39
mappshi night owls05:12
daftykinsheya05:16
mappsjust startd watching the closer05:26
mappswas watching major crime..but cits a spinoff of the closer05:27
mappsso decided id watch that first;]05:27
mappsnight06:46
daftykinso/06:51
foobarryfrosty start09:36
popeyyeah09:36
foobarryanyone else got a lot of condensation on their house windows atm?09:36
foobarryunsure if its because of the new extension still drying out09:37
popeynope09:37
foobarryhmm09:39
foobarry4yr old son off to get his glasses :(09:41
foobarrytold him i would get an eye test too as i'd never had one09:41
knightwisemorning everyone09:47
foobarryso, you've been working in ebola treatment centre and they just let you back in the coutnry without quarantine?10:04
foobarry"He said the Government was doing "absolutely everything it needs to" to keep the public safe"10:04
foobarryyeah right10:04
brobostigonmorning boys and girls.10:46
popey!upgrade10:51
lubotu3For upgrading, see the instructions at https://help.ubuntu.com/community/UpgradeNotes - see also http://www.ubuntu.com/desktop/get-ubuntu/upgrade10:51
dutchiemorning10:51
popeyhello10:54
brobostigonmorning10:56
=== Lcawte|Away is now known as Lcawte
knightwiseGreetings from my Raspberry Pi !12:56
penguin42ah, something useful to do with a pi12:57
foobarryshrink yourself and live inside it?12:57
knightwiseyep , not quite use what I was going to do with it .. so I installed debian on it and am gonna try using it as a desktop for a day or two12:57
knightwiseIndeed ! I have shrunken to rediculously small proportions and am now inside my Pi kicking the transistors and pooping on the sdcard12:58
brobostigonraspbian?12:59
foobarryi hate that programme called The Voice but i love the advert with the raven12:59
knightwisebrobostigon: correct12:59
penguin42knightwise: That explains a lot about sdcards12:59
brobostigon:)12:59
knightwisefoobarry: we don't have cable tv anymore. One of the joys of that is that we don't have that kinda crap :)13:00
foobarryfreeview?13:00
knightwisefoobarry: Netflix + Plex + popcorn-time + youtube + iplayer (via the Hola Proxy)13:02
popeyooh, reminds me, got a 32GB SDCard for xmas, need to put it in the dashcam!13:04
knightwiseOh popey :) Are you an amateur dashcam filmer ?13:05
popeyya13:05
knightwiseMy sister in law has a little van and a dashcam13:05
knightwiseI call it 'the bang bus'13:05
knightwisebecause she keeps bumping into things :)13:05
popeyknightwise: https://www.youtube.com/watch?v=yXWQ5GAr02A13:05
knightwiseholdon , installing a browser that can run Chrome13:06
popeyyoutube-dl ☻13:06
* knightwise loves youtube-Dl :) 13:06
* knightwise has sung its praise in a podcast many times ! 13:06
Azelphuryoutube-dl supports dash audio now which is awesome, you can download just the audio.13:09
foobarrycan an otg cable allow me to plug a keyboard/mouse into my tablet?13:12
MartijnVdSfoobarry: yes13:12
Azelphurfoobarry: depends what tablet.13:13
foobarryhp douchepad13:15
MartijnVdSAndroid tablets generally support it13:17
MartijnVdSso do Windows tablets13:17
foobarrywonder if any games support keyboard entry13:17
foobarrysome would be more fun with kb/mouse13:17
MartijnVdSfoobarry: some support joysticks13:17
foobarrybrother in law picked up a nexus 7 for £80 refurb13:26
popey2012 or 2013?13:27
foobarry201313:29
popeynot bad.13:29
popey2013 is an okay tablet13:29
foobarryfrom the currys auction shop13:30
MartijnVdSKnuth! https://www.youtube.com/watch?v=v678Em6qyzk13:38
popeythat was excellent13:46
zmoylan-pihow many cyclists are we going to see bounce magnificently over windscreen? :-P14:29
zmoylan-pisorry, looking back at popeys dashcam link14:30
popeyhah14:30
knightwisehey everyone15:41
zmoylan-pio/15:41
knightwisezmoylan-pi: are you on your Pi ?15:43
zmoylan-pimy pi is on 24x715:43
zmoylan-pii just happen to connect to it when i'm at home15:43
knightwiseI'm running from my Pi Aswell :)15:43
* knightwise gives zmoylan-pi a pi-five !15:43
knightwisewhat do you mostly use your pi for zmoylan-pi15:44
* zmoylan-pi keeps meaning to buy new pi to use a a) an ip camera in garden to look at kitties, foxes, magpies and other critturs or b) a homemade laptop15:44
zmoylan-pibut the pi in kitchen is also used for rss using newsbeuter console based rss reader15:45
knightwiseso basically its your headless command line machine you ssh into ?15:45
zmoylan-piypu15:45
zmoylan-piyup*15:45
knightwiseCool. I might use it for that to , but I do have 2 headless vm's running on my home servers to tunnel into so .. using the Pi for that would be a little redundant.15:46
zmoylan-pii was looking at ways over weekend to maybe start talking to it from outside the house via sms to automate things. email would make the response time too long unless i drop refresh time to 1 minute15:50
knightwisezmoylan-pi: you can sent it a tweet15:50
knightwiseah :) it seems that they got Quake3 working on a pi LOL15:51
zmoylan-pithought of that too and i did set up ttytter on it but i like the idea of sms as i'd only use it very occasionly15:51
knightwiseBut how do you get your pi to read an sms ?15:52
zmoylan-pithere are a number of sms related bit of software in the repositories of raspian. will just have to plough through them to find one that a) works and b) does what i want 3) when i want :-)15:53
knightwisebut you have to hook up a phone to the pi then ?15:56
zmoylan-piwell i suspect some of them use online web service which may or may not work on irish networks which would complicate things15:57
knightwiseaha , that is also true.15:58
knightwiseok :) part of my retro-pi project : Step 1 install and run Quake3 :)15:58
zmoylan-pithen when i wrote a sms server in 90s there was the whole get it working and then a week later the phone company stopped delivering messages from my phone to another phone as they labelled it spam no matter how much is said that it wasn't15:58
knightwiseDamn !15:58
zmoylan-pithey wanted me to pay more per message on different service to get a better cut15:59
zmoylan-pibut they didn't say that for 2-3 weeks while i tried to debug what went wrong15:59
knightwisecrap !16:00
knightwisethats a bummer dide16:00
knightwisejust logged into the pi irc channel16:00
knightwiseand downloading quake3 :)16:00
knightwisePlaying this on the pi would be awesome too :p16:02
knightwiseI started my fps gaming career on that game16:02
=== whaletales is now known as aptanet
=== zmoylan-pi is now known as nsa-nark1
=== nsa-nark1 is now known as zmoylan-pi
NET||abusehi dudes,, got my odroid-c1 today!!16:57
NET||abusequite excited.. but have to figure out if i can get latest versions of stuff onto it. they build an 14.04.1 image which i presume is just a case of do inplace upgrade to 14.10 if you want, or otherwise just add xbmc rep's16:58
penguin42NET||abuse: You might find they've added some special kernel builds and stuff to do with how to flash upgrades, so just check for special stuff like that first16:59
czajkowskialoha19:27
penguin42hey19:39
ChunkzZsup19:43
safiyyahI am having trouble with my audio settings please anyone. I can hear (from the speakers) but there is no input via Skype or sound recorder20:05
safiyyahAlso I have tested it with a spare20:07
penguin42safiyyah: Sometimes you have to look for just getting the right slider on the audio settings for input20:09
penguin42safiyyah: The other thing is are you sure you've got the mic in the right input on your PC (if it's an external mic)20:09
safiyyahpenguin42,  I think that it thinks the webcame is the microphone20:10
safiyyahbecause it is accepting the sound from the webcam20:10
safiyyahoh I got it!!!!20:11
safiyyahyeiii20:11
ChunkzZwhat was it?20:11
safiyyahVery stupid problem, it was muted!20:15
safiyyahI wasn't used to the interface20:15
safiyyahand it didn't seem muted20:15
safiyyahI am on Xubuntu20:16
penguin42ah well, if it's muted :-)20:16
ChunkzZlol20:19
ChunkzZbest OS for a desktop other than ubuntu?20:19
ChunkzZneed something that's fast for an ssd but not too hungry on ram...20:19
safiyyahXubuntu is running super smooth20:20
safiyyahon my SSD20:20
ChunkzZhmm tried that last night, wasn't a big fan.20:22
safiyyahsorry am back trying to fix the keyboard now20:28
safiyyahI found the bug on launchpad and there is a fix, only I can't work out how to install the fix20:28
safiyyahhttps://bugs.launchpad.net/ubuntu/+source/linux/+bug/28199320:29
lubotu3Launchpad bug 281993 in Linux "[intrepid] REGRESSION: multimedia keys no longer working" [Low,Confirmed]20:29
ali1234that bug is 6 years old20:32
ali1234the fix is already included20:32
ali1234if it doesnt work report a new bug20:32
safiyyahokay thanks20:32
ali1234so i've got a problem20:33
ali1234client swears blind their web server is returning malware links, but i can't reproduce it, nor can i find any malware on the server that could be responsible20:33
penguin42ali1234: Inserted by their browser or ISP ?20:33
ali1234two different users reported seeing it20:34
ali1234on different ISPs and computers20:34
ali1234they all work from home20:34
ali1234they could all have the same malware i suppose20:34
ali1234i thought it might be this: http://www.welivesecurity.com/2013/04/26/linuxcdorked-new-apache-backdoor-in-the-wild-serves-blackhole/20:34
popeyseems more likely20:34
ali1234but i checked the httpd md5sum and it matches20:34
penguin42ali1234: I was reading something about a .pac attack that gives different pac configs to different hosts, only targets some; but they were only targetting banks and facebook20:35
ali1234so unless the server is totally rooted, or they made a collision...20:35
ali1234i'll check the sha...20:35
ali1234nope, checks out20:36
ali1234there's also a "nyet.htm" declaring server hacked by some hackers20:37
ali1234however, i know exactly how they did that, and their exploit actually half failed20:37
ali1234and that wouldn't have allowed them to take over the httpd and insert links20:37
ali1234that's also a different subdomain running totally different software20:38
penguin42ali1234: Have you got a dump of the html that the customer is receiving?20:38
ali1234no. customer is not smart and didn't save it20:38
ali1234they just sent me an email with "we're getting links to adultfriendfinder on our webpage"20:38
penguin42I'd be happy to try in a VM if you want20:39
foobarrycan i do direct debit/recurring payment to a foreign bank account?20:39
ali1234my plan currently is to do that20:39
ali1234however, i would like some way to automate it... cos you never know where the bad link will show up20:40
ali1234apparently it only happens once, just like with the cdorked thing20:40
ali1234foobarry: i think it depends on the country20:43
penguin42ali1234: Well if it's like that cdorked one then it's saying it's in memory, nothing on disk20:48
foobarryseems they want £10 per payment20:52
penguin42foobarry: It might help if you use a bank that has international branches, but just remember that banks are mostly out to annoy you20:52
webpigeonali1234: are you using a CMS? if you are they could inject rubbish into the db/htaccess/files can cause issues21:00
ali1234yes, that's how they uploaded the nyet.htm, however they couldn't modify htaccess so nobody ever saw it21:01
webpigeonWhat CMS is it? we had someone modify the theme files for joomla which did something simliar to what your describing21:01
webpigeonimages which were not really images and the like21:02
ali1234it's joomla21:02
ali1234and i patched the one where they can upload images that are really scripts ages ago21:02
webpigeonwe tracked ours back to a joomla admin who had a stupid password, the attacker used a script to upload and extract a .zip file which thought it was a theme21:03
ali1234the website that is doing the weird URLs isn't joomla21:04
webpigeonfair enouph21:04
webpigeonchecked that there isn't another .htaccess in a sub directory of the comprimised site?21:05
ali1234none of the files in the htdocs directories have been modified, except the addition of that one nyet.htm in a different subdomain21:09
penguin42ali1234: it could be purely in memory, difficult to tell unless you go hunting through memory21:19
penguin42ali1234: You could dig through memory of the apaches but it wouldn't be easy even if it's still there21:20
ali1234well it must still be there21:20
penguin42ali1234: anyway depending how bad your box is owned (if it is) then you may have hidden files that you wouldn't be able to see21:23
ali1234file mem21:25
ali1234well the inserted URL is definitely a onimiki one21:58
ali1234this is looking bad21:58
daftykinswhat's that?21:59
ali1234read this: http://www.welivesecurity.com/wp-content/uploads/2014/03/operation_windigo.pdf21:59
ali1234server shows the symptoms of this botnet - it serves up redirects very rarely, using the 23 character v2 DGA resolution as described22:00
ali1234however there are no signs it has been compromised at all except for the outward ones22:00
ali1234which likely means the malware authors fixed all the "bugs" that made it easy to detect22:00
penguin42ali1234: Why would there be - if it's in memory you shouldn't be able to tell easily22:00
ali1234according to the PDF it is not in memory22:00
ali1234they also list a few other methods for detecting it, but none of them work22:01
ali1234but this server is almost certainly compromised22:01
ali1234i just can't prove it22:01
daftykins:/22:02
daftykinsdefinitely not what you want at this time of year22:02
daftykinsor any22:02
penguin42ali1234: They not showing up in ipcs -m ?22:04
ali1234there is nothing much interesting in there, no22:04
ali1234there are some shared regions but they are owned by root not apache22:05
ali1234and they aren't the right size22:05
ali1234but who knows?22:05
ali1234nothing conclusive anyway22:05
penguin42ali1234: Anything large ?22:06
ali1234not really no22:06
penguin42ali1234: in ipcs -m22:06
ali1234half a meg22:06
ali1234and nothing with 66622:06
ali1234wait no, biggest is 16kb22:07
penguin42ali1234: I guess you could look at /proc/pid/maps of your apaches that you think are serving it, but it's not going to be an easy one to find22:08
penguin42ali1234: Did you try that 'yara' thing ?22:08
ali1234i tried to cat /proc/<pid>/mem on the httpd process22:08
penguin42ali1234: https://github.com/eset/malware-ioc/tree/master/windigo  the yara stuff on there for Linux/onimiki ?22:08
ali1234and it said no such process22:08
ali1234yes i tried ssh -G22:09
ali1234and the favicon.iso thing22:09
ali1234server doesn't run named22:10
penguin42ali1234: They seem to have more specific rules for detecting the network traffic22:10
ali1234i can't sniff the box from outside, it's hosted22:10
ali1234and if you sniff from inside it knows and turns off all comms22:10
penguin42ali1234: Time to get your hosting provider to warm you up a fresh image then22:11
daftykinshmm, tubes went down22:12
penguin42daftykins: It's the ice22:12
daftykins:D22:12
daftykinswe haven't dipped below 4 deg C down here yet i think22:12
ali1234"Most of the indicators below no longer work."22:12

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!