[03:37] <ShoeGazer> Does anyone know if a preinstalled Windows 8 laptop can be wiped clean and Ubuntu loaded?
[03:43] <daftykins> wow, stick around.
[03:57] <m0nkey_> NO IMMEDIATE ANSWER. CLOSE WINDOW.
[03:57] <m0nkey_> :)
[03:57] <daftykins> \o/
[04:23] <zmoylan-pi> drive by questions
[04:24] <daftykins> pew pew pew
[04:25]  * zmoylan-pi hands out the nerf in case they show up again
[04:25] <daftykins> does it launch ubuntu DVDs?
[04:26] <zmoylan-pi> i did modify a dart to hold a usb drive
[04:26] <zmoylan-pi> sneakernet speed boost
[04:28] <daftykins> \o/
[04:29] <zmoylan-pi> accurate to about 60-70feet
[04:33] <zmoylan-pi> and made a nerf pistol on desk at work justifiable :-P
[04:35] <daftykins> ;]
[04:38] <zmoylan-pi> gets harder when you put the belt fed machine gun nerf on desk... :-)
[04:39] <zmoylan-pi> just saw this which would allow a shock mounted usb hard drive :-P http://ultrafactsblog.com/post/106573106761/fact-source-follow-ultrafacts-for-more-facts#_=_
[05:12] <mapps> hi night owls
[05:16] <daftykins> heya
[05:26] <mapps> just startd watching the closer
[05:27] <mapps> was watching major crime..but cits a spinoff of the closer
[05:27] <mapps> so decided id watch that first;]
[06:46] <mapps> night
[06:51] <daftykins> o/
[09:36] <foobarry> frosty start
[09:36] <popey> yeah
[09:36] <foobarry> anyone else got a lot of condensation on their house windows atm?
[09:37] <foobarry> unsure if its because of the new extension still drying out
[09:37] <popey> nope
[09:39] <foobarry> hmm
[09:41] <foobarry> 4yr old son off to get his glasses :(
[09:41] <foobarry> told him i would get an eye test too as i'd never had one
[09:47] <knightwise> morning everyone
[10:04] <foobarry> so, you've been working in ebola treatment centre and they just let you back in the coutnry without quarantine?
[10:04] <foobarry> "He said the Government was doing "absolutely everything it needs to" to keep the public safe"
[10:04] <foobarry> yeah right
[10:46] <brobostigon> morning boys and girls.
[10:51] <popey> !upgrade
[10:51] <dutchie> morning
[10:54] <popey> hello
[10:56] <brobostigon> morning
[12:56] <knightwise> Greetings from my Raspberry Pi !
[12:57] <penguin42> ah, something useful to do with a pi
[12:57] <foobarry> shrink yourself and live inside it?
[12:57] <knightwise> yep , not quite use what I was going to do with it .. so I installed debian on it and am gonna try using it as a desktop for a day or two
[12:58] <knightwise> Indeed ! I have shrunken to rediculously small proportions and am now inside my Pi kicking the transistors and pooping on the sdcard
[12:59] <brobostigon> raspbian?
[12:59] <foobarry> i hate that programme called The Voice but i love the advert with the raven
[12:59] <knightwise> brobostigon: correct
[12:59] <penguin42> knightwise: That explains a lot about sdcards
[12:59] <brobostigon> :)
[13:00] <knightwise> foobarry: we don't have cable tv anymore. One of the joys of that is that we don't have that kinda crap :)
[13:00] <foobarry> freeview?
[13:02] <knightwise> foobarry: Netflix + Plex + popcorn-time + youtube + iplayer (via the Hola Proxy)
[13:04] <popey> ooh, reminds me, got a 32GB SDCard for xmas, need to put it in the dashcam!
[13:05] <knightwise> Oh popey :) Are you an amateur dashcam filmer ?
[13:05] <popey> ya
[13:05] <knightwise> My sister in law has a little van and a dashcam
[13:05] <knightwise> I call it 'the bang bus'
[13:05] <knightwise> because she keeps bumping into things :)
[13:05] <popey> knightwise: https://www.youtube.com/watch?v=yXWQ5GAr02A
[13:06] <knightwise> holdon , installing a browser that can run Chrome
[13:06] <popey> youtube-dl ☻
[13:06]  * knightwise loves youtube-Dl :) 
[13:06]  * knightwise has sung its praise in a podcast many times ! 
[13:09] <Azelphur> youtube-dl supports dash audio now which is awesome, you can download just the audio.
[13:12] <foobarry> can an otg cable allow me to plug a keyboard/mouse into my tablet?
[13:12] <MartijnVdS> foobarry: yes
[13:13] <Azelphur> foobarry: depends what tablet.
[13:15] <foobarry> hp douchepad
[13:17] <MartijnVdS> Android tablets generally support it
[13:17] <MartijnVdS> so do Windows tablets
[13:17] <foobarry> wonder if any games support keyboard entry
[13:17] <foobarry> some would be more fun with kb/mouse
[13:17] <MartijnVdS> foobarry: some support joysticks
[13:26] <foobarry> brother in law picked up a nexus 7 for £80 refurb
[13:27] <popey> 2012 or 2013?
[13:29] <foobarry> 2013
[13:29] <popey> not bad.
[13:29] <popey> 2013 is an okay tablet
[13:30] <foobarry> from the currys auction shop
[13:38] <MartijnVdS> Knuth! https://www.youtube.com/watch?v=v678Em6qyzk
[13:46] <popey> that was excellent
[14:29] <zmoylan-pi> how many cyclists are we going to see bounce magnificently over windscreen? :-P
[14:30] <zmoylan-pi> sorry, looking back at popeys dashcam link
[14:30] <popey> hah
[15:41] <knightwise> hey everyone
[15:41] <zmoylan-pi> o/
[15:43] <knightwise> zmoylan-pi: are you on your Pi ?
[15:43] <zmoylan-pi> my pi is on 24x7
[15:43] <zmoylan-pi> i just happen to connect to it when i'm at home
[15:43] <knightwise> I'm running from my Pi Aswell :)
[15:43]  * knightwise gives zmoylan-pi a pi-five !
[15:44] <knightwise> what do you mostly use your pi for zmoylan-pi
[15:44]  * zmoylan-pi keeps meaning to buy new pi to use a a) an ip camera in garden to look at kitties, foxes, magpies and other critturs or b) a homemade laptop
[15:45] <zmoylan-pi> but the pi in kitchen is also used for rss using newsbeuter console based rss reader
[15:45] <knightwise> so basically its your headless command line machine you ssh into ?
[15:45] <zmoylan-pi> ypu
[15:45] <zmoylan-pi> yup*
[15:46] <knightwise> Cool. I might use it for that to , but I do have 2 headless vm's running on my home servers to tunnel into so .. using the Pi for that would be a little redundant.
[15:50] <zmoylan-pi> i was looking at ways over weekend to maybe start talking to it from outside the house via sms to automate things. email would make the response time too long unless i drop refresh time to 1 minute
[15:50] <knightwise> zmoylan-pi: you can sent it a tweet
[15:51] <knightwise> ah :) it seems that they got Quake3 working on a pi LOL
[15:51] <zmoylan-pi> thought of that too and i did set up ttytter on it but i like the idea of sms as i'd only use it very occasionly
[15:52] <knightwise> But how do you get your pi to read an sms ?
[15:53] <zmoylan-pi> there are a number of sms related bit of software in the repositories of raspian. will just have to plough through them to find one that a) works and b) does what i want 3) when i want :-)
[15:56] <knightwise> but you have to hook up a phone to the pi then ?
[15:57] <zmoylan-pi> well i suspect some of them use online web service which may or may not work on irish networks which would complicate things
[15:58] <knightwise> aha , that is also true.
[15:58] <knightwise> ok :) part of my retro-pi project : Step 1 install and run Quake3 :)
[15:58] <zmoylan-pi> then when i wrote a sms server in 90s there was the whole get it working and then a week later the phone company stopped delivering messages from my phone to another phone as they labelled it spam no matter how much is said that it wasn't
[15:58] <knightwise> Damn !
[15:59] <zmoylan-pi> they wanted me to pay more per message on different service to get a better cut
[15:59] <zmoylan-pi> but they didn't say that for 2-3 weeks while i tried to debug what went wrong
[16:00] <knightwise> crap !
[16:00] <knightwise> thats a bummer dide
[16:00] <knightwise> just logged into the pi irc channel
[16:00] <knightwise> and downloading quake3 :)
[16:02] <knightwise> Playing this on the pi would be awesome too :p
[16:02] <knightwise> I started my fps gaming career on that game
[16:57] <NET||abuse> hi dudes,, got my odroid-c1 today!!
[16:58] <NET||abuse> quite excited.. but have to figure out if i can get latest versions of stuff onto it. they build an 14.04.1 image which i presume is just a case of do inplace upgrade to 14.10 if you want, or otherwise just add xbmc rep's
[16:59] <penguin42> NET||abuse: You might find they've added some special kernel builds and stuff to do with how to flash upgrades, so just check for special stuff like that first
[19:27] <czajkowski> aloha
[19:39] <penguin42> hey
[19:43] <ChunkzZ> sup
[20:05] <safiyyah> I am having trouble with my audio settings please anyone. I can hear (from the speakers) but there is no input via Skype or sound recorder
[20:07] <safiyyah> Also I have tested it with a spare
[20:09] <penguin42> safiyyah: Sometimes you have to look for just getting the right slider on the audio settings for input
[20:09] <penguin42> safiyyah: The other thing is are you sure you've got the mic in the right input on your PC (if it's an external mic)
[20:10] <safiyyah> penguin42,  I think that it thinks the webcame is the microphone
[20:10] <safiyyah> because it is accepting the sound from the webcam
[20:11] <safiyyah> oh I got it!!!!
[20:11] <safiyyah> yeiii
[20:11] <ChunkzZ> what was it?
[20:15] <safiyyah> Very stupid problem, it was muted!
[20:15] <safiyyah> I wasn't used to the interface
[20:15] <safiyyah> and it didn't seem muted
[20:16] <safiyyah> I am on Xubuntu
[20:16] <penguin42> ah well, if it's muted :-)
[20:19] <ChunkzZ> lol
[20:19] <ChunkzZ> best OS for a desktop other than ubuntu?
[20:19] <ChunkzZ> need something that's fast for an ssd but not too hungry on ram...
[20:20] <safiyyah> Xubuntu is running super smooth
[20:20] <safiyyah> on my SSD
[20:22] <ChunkzZ> hmm tried that last night, wasn't a big fan.
[20:28] <safiyyah> sorry am back trying to fix the keyboard now
[20:28] <safiyyah> I found the bug on launchpad and there is a fix, only I can't work out how to install the fix
[20:29] <safiyyah> https://bugs.launchpad.net/ubuntu/+source/linux/+bug/281993
[20:32] <ali1234> that bug is 6 years old
[20:32] <ali1234> the fix is already included
[20:32] <ali1234> if it doesnt work report a new bug
[20:32] <safiyyah> okay thanks
[20:33] <ali1234> so i've got a problem
[20:33] <ali1234> client swears blind their web server is returning malware links, but i can't reproduce it, nor can i find any malware on the server that could be responsible
[20:33] <penguin42> ali1234: Inserted by their browser or ISP ?
[20:34] <ali1234> two different users reported seeing it
[20:34] <ali1234> on different ISPs and computers
[20:34] <ali1234> they all work from home
[20:34] <ali1234> they could all have the same malware i suppose
[20:34] <ali1234> i thought it might be this: http://www.welivesecurity.com/2013/04/26/linuxcdorked-new-apache-backdoor-in-the-wild-serves-blackhole/
[20:34] <popey> seems more likely
[20:34] <ali1234> but i checked the httpd md5sum and it matches
[20:35] <penguin42> ali1234: I was reading something about a .pac attack that gives different pac configs to different hosts, only targets some; but they were only targetting banks and facebook
[20:35] <ali1234> so unless the server is totally rooted, or they made a collision...
[20:35] <ali1234> i'll check the sha...
[20:36] <ali1234> nope, checks out
[20:37] <ali1234> there's also a "nyet.htm" declaring server hacked by some hackers
[20:37] <ali1234> however, i know exactly how they did that, and their exploit actually half failed
[20:37] <ali1234> and that wouldn't have allowed them to take over the httpd and insert links
[20:38] <ali1234> that's also a different subdomain running totally different software
[20:38] <penguin42> ali1234: Have you got a dump of the html that the customer is receiving?
[20:38] <ali1234> no. customer is not smart and didn't save it
[20:38] <ali1234> they just sent me an email with "we're getting links to adultfriendfinder on our webpage"
[20:39] <penguin42> I'd be happy to try in a VM if you want
[20:39] <foobarry> can i do direct debit/recurring payment to a foreign bank account?
[20:39] <ali1234> my plan currently is to do that
[20:40] <ali1234> however, i would like some way to automate it... cos you never know where the bad link will show up
[20:40] <ali1234> apparently it only happens once, just like with the cdorked thing
[20:43] <ali1234> foobarry: i think it depends on the country
[20:48] <penguin42> ali1234: Well if it's like that cdorked one then it's saying it's in memory, nothing on disk
[20:52] <foobarry> seems they want £10 per payment
[20:52] <penguin42> foobarry: It might help if you use a bank that has international branches, but just remember that banks are mostly out to annoy you
[21:00] <webpigeon> ali1234: are you using a CMS? if you are they could inject rubbish into the db/htaccess/files can cause issues
[21:01] <ali1234> yes, that's how they uploaded the nyet.htm, however they couldn't modify htaccess so nobody ever saw it
[21:01] <webpigeon> What CMS is it? we had someone modify the theme files for joomla which did something simliar to what your describing
[21:02] <webpigeon> images which were not really images and the like
[21:02] <ali1234> it's joomla
[21:02] <ali1234> and i patched the one where they can upload images that are really scripts ages ago
[21:03] <webpigeon> we tracked ours back to a joomla admin who had a stupid password, the attacker used a script to upload and extract a .zip file which thought it was a theme
[21:04] <ali1234> the website that is doing the weird URLs isn't joomla
[21:04] <webpigeon> fair enouph
[21:05] <webpigeon> checked that there isn't another .htaccess in a sub directory of the comprimised site?
[21:09] <ali1234> none of the files in the htdocs directories have been modified, except the addition of that one nyet.htm in a different subdomain
[21:19] <penguin42> ali1234: it could be purely in memory, difficult to tell unless you go hunting through memory
[21:20] <penguin42> ali1234: You could dig through memory of the apaches but it wouldn't be easy even if it's still there
[21:20] <ali1234> well it must still be there
[21:23] <penguin42> ali1234: anyway depending how bad your box is owned (if it is) then you may have hidden files that you wouldn't be able to see
[21:25] <ali1234> file mem
[21:58] <ali1234> well the inserted URL is definitely a onimiki one
[21:58] <ali1234> this is looking bad
[21:59] <daftykins> what's that?
[21:59] <ali1234> read this: http://www.welivesecurity.com/wp-content/uploads/2014/03/operation_windigo.pdf
[22:00] <ali1234> server shows the symptoms of this botnet - it serves up redirects very rarely, using the 23 character v2 DGA resolution as described
[22:00] <ali1234> however there are no signs it has been compromised at all except for the outward ones
[22:00] <ali1234> which likely means the malware authors fixed all the "bugs" that made it easy to detect
[22:00] <penguin42> ali1234: Why would there be - if it's in memory you shouldn't be able to tell easily
[22:00] <ali1234> according to the PDF it is not in memory
[22:01] <ali1234> they also list a few other methods for detecting it, but none of them work
[22:01] <ali1234> but this server is almost certainly compromised
[22:01] <ali1234> i just can't prove it
[22:02] <daftykins> :/
[22:02] <daftykins> definitely not what you want at this time of year
[22:02] <daftykins> or any
[22:04] <penguin42> ali1234: They not showing up in ipcs -m ?
[22:04] <ali1234> there is nothing much interesting in there, no
[22:05] <ali1234> there are some shared regions but they are owned by root not apache
[22:05] <ali1234> and they aren't the right size
[22:05] <ali1234> but who knows?
[22:05] <ali1234> nothing conclusive anyway
[22:06] <penguin42> ali1234: Anything large ?
[22:06] <ali1234> not really no
[22:06] <penguin42> ali1234: in ipcs -m
[22:06] <ali1234> half a meg
[22:06] <ali1234> and nothing with 666
[22:07] <ali1234> wait no, biggest is 16kb
[22:08] <penguin42> ali1234: I guess you could look at /proc/pid/maps of your apaches that you think are serving it, but it's not going to be an easy one to find
[22:08] <penguin42> ali1234: Did you try that 'yara' thing ?
[22:08] <ali1234> i tried to cat /proc/<pid>/mem on the httpd process
[22:08] <penguin42> ali1234: https://github.com/eset/malware-ioc/tree/master/windigo  the yara stuff on there for Linux/onimiki ?
[22:08] <ali1234> and it said no such process
[22:09] <ali1234> yes i tried ssh -G
[22:09] <ali1234> and the favicon.iso thing
[22:10] <ali1234> server doesn't run named
[22:10] <penguin42> ali1234: They seem to have more specific rules for detecting the network traffic
[22:10] <ali1234> i can't sniff the box from outside, it's hosted
[22:10] <ali1234> and if you sniff from inside it knows and turns off all comms
[22:11] <penguin42> ali1234: Time to get your hosting provider to warm you up a fresh image then
[22:12] <daftykins> hmm, tubes went down
[22:12] <penguin42> daftykins: It's the ice
[22:12] <daftykins> :D
[22:12] <daftykins> we haven't dipped below 4 deg C down here yet i think
[22:12] <ali1234> "Most of the indicators below no longer work."