[00:04] <hehehe> hmm
[00:04] <hehehe> also Err http://mirror.pw trusty/main amd64 Packages
[00:04] <hehehe>   400  Bad Request
[00:04] <hehehe> that does not seems like any legitimate mirror site
[00:05] <hehehe> and i see thats while 16.04 box is poodle safe 14.04 is not https://access.redhat.com/articles/1232123
[00:06] <hehehe> https://access.redhat.com/security/cve/CVE-2014-3566
[00:06] <hehehe> but I did not had any redhat stuff
[00:06] <hehehe> lets encrypt certbot maybe?
[00:09] <hehehe> https://www.youtube.com/watch?v=ghJ6yAtnyg8
[00:55] <hehehe> ok done
=== lxtahr294461 is now known as loop64
=== Epx998- is now known as Epx998
[04:51] <cpaelzer> good morning
[06:22] <lordievader> Good morning
[09:57] <hehehe> heya
[09:57] <hehehe> lordievader:  will it work to tar dir and all thats in it?
[09:57] <hehehe> tar cvpzf put_your_name_here.tar.gz .
[09:57] <hehehe> including . files
[09:59] <hehehe> hey pekkari
[10:00] <pekkari> hello
[10:24] <lordievader> hehehe: yes, tar can compress entire directories.
[11:39] <ahasenack> rbasak: around?
[11:39] <ahasenack> cpaelzer: you?
[11:41] <rbasak> ahasenack: o/
[11:41] <ahasenack> rbasak: hey, workflow question :)
[11:41] <rbasak> Sure!
[11:41] <ahasenack> rbasak: http://pastebin.ubuntu.com/25038821/ lines 7 (adds the patch) and 5 (removes it)
[11:42] <ahasenack> rbasak: in this case, the upstream fix was different than the patch, so I don't get a conflict during the merge
[11:42] <ahasenack> rbasak: how would I "cancel these out"? Where would I put the "empty commit"?
[11:43] <ahasenack> I just drop bc595c3 during rebase, and e4cf75b becomes the empty commit about the drop?
[11:43] <ahasenack> that's git log, btw, not git rebase (the pastebin)
[11:43] <ahasenack> so read it from bottom to top
[11:44] <ahasenack> I can push the branch if you prefer
[11:44] <rbasak> ahasenack: I would drop both commits during a rebase and make a note elsewhere that you've dropped it, for noting in the changelog when you prepare it later.
[11:45] <rbasak> ahasenack: oh, hang on
[11:45] <rbasak> ahasenack: which step are you on exactly?
[11:45] <ahasenack> rbasak: I rebased on new/debian
[11:45] <ahasenack> that's the bit that drops the patch
[11:45] <ahasenack> I'm just before merge-finish
[11:45] <rbasak> ahasenack: so the commit in line 5 is the inverse of the commit in line 7?
[11:45] <ahasenack> yes
[11:45] <rbasak> I think you've gone too far ahead.
[11:46] <rbasak> I'd expect those to not appear at all when viewing the logical tag.
[11:46] <ahasenack> I only detected that this patch is unecessary after getting the new package version
[11:46] <rbasak> Drop them while preparing the logical.
[11:46] <rbasak> Because logically they aren't there.
[11:46] <ahasenack> well, I didn't know that at that time
[11:46] <ahasenack> during logical I still didn't have the new samba version
[11:46] <ahasenack> at the samba version where the logical tag is added, that patch is necessary
[11:47] <rbasak> Oh
[11:47] <ahasenack> it's a case of "fix applied upstream, but in a different way"
[11:47] <rbasak> So logically it was there for that previous version, and the dropping of the patch didn't exist?
[11:47] <ahasenack> right
[11:47] <rbasak> OK, sorry.
[11:47] <ahasenack> the dropping came as a consequence of updating the package to a new upstream version
[11:47] <rbasak> So rebasing onto new/debian was successful, and still included that patch, but that causes the patch to no longer apply?
[11:48] <ahasenack> but upstream took another approach to the fix
[11:48] <ahasenack> no, the patch applies
[11:48] <rbasak> But the patch is now wrong?
[11:48] <ahasenack> but given that upstream fixes in a very different way, the patch is incorrect now
[11:48] <ahasenack> yes
[11:48] <rbasak> I see.
[11:48] <ahasenack> I'm full of corner cases :)
[11:49] <ahasenack> this is all about how it appears in d/changelog :/
[11:49] <ahasenack> so much work for that
[11:49] <ahasenack> the way it is now, merge finish adds the patch in "remaining changes" and under "* Drop:"
[11:49] <rbasak> I think the commits you have are correct then, and no need to change them.
[11:49] <rbasak> And you'll need to fix up the changelog by hand. I'm not sure tooling can ever be capable of understanding this kind of thing. Too many edge cases.
[11:50] <ahasenack> nish watches the commits vs changelog lines like a hawk :)
[11:50] <rbasak> As for how to do the changelog, I think it's subjective and I'd accept anything that explains it unambiguously, accurately and without misleading.
[11:51] <rbasak> I would probably not mention it in any standard section, but add a separate bullet explaining exactly what happened.
[11:51] <ahasenack> I'd would just remove it from "remaining changes" in d/changelog and leave the "Drop" entry with the explanation
[11:51] <rbasak> That's fine too
[11:51] <ahasenack> this is how it shows up under * Drop:
[11:51] <ahasenack>         - d/p/winbind_trusted_domains.patch: the correct fix was committed
[11:51] <ahasenack>           to upstream in https://github.com/samba-team/samba/commit/e084c423
[11:51] <ahasenack>           [ the correct fix was committed to upstream in
[11:51] <ahasenack>             https://github.com/samba-team/samba/commit/e084c423 ]
[11:51] <ahasenack> which I just see is duplicated
[11:51] <rbasak> I suppose it is straightforwardly a drop!
[11:51] <rbasak> (in the end)
[11:51] <ahasenack> I'd restore the original message that adds the patch,
[11:51] <ahasenack> and leave the [ explanation ]
[11:52] <rbasak> I think that's fine
[11:53] <ahasenack> ok, thx
[12:06] <jdstrand> hehehe: hey, went offline. re egree> typo. meant 'egress' (ingress filtering is incoming, egress is outgoing)
[12:06] <jdstrand> hehehe: oh, I see s arnold already responded :)
[16:36] <Epx998> Day 2 of trying to get my netboot initrd.gz created with everything i need
[16:55] <pmatulis> does an SSH login decrypt home directories (encryption option available during ISO install)? providing, of course, you've implemented a workaround for SSH login for encrypted home!
[16:57] <dpb1> what? :)
[16:57] <nacc> pmatulis: i think not by default, it needs some tweaking
[16:58] <nacc> pmatulis: see "Troubleshooting" at https://help.ubuntu.com/community/SSH/OpenSSH/Keys
[16:59] <nacc> pmatulis: basically, setup your keys to be outside the home dir
[16:59] <nacc> pmatulis: if so, then (i believe) pam will unlock your home dir
[16:59] <pmatulis> nacc, ok thanks
[17:00] <nacc> the i believe being for pam being the mediator of that decrypt, i'm not 100% on if it is
[17:00] <pmatulis> right, me either, hence my question
=== Epx998- is now known as Epx998
[18:09] <Epx998> Is there a way to change the default kernel installed from netboot?
[18:10] <nacc> Epx998: installed or used to netboot?
[18:11] <Epx998> nacc: I changed the kernel used in in netboot, but I am seeing whats installed is different, older.
[18:11] <nacc> Epx998: you'd need to presumably do it manually -- unless you mean you're using a newer ubuntu kernel?
[18:11] <Epx998> nacc: maybe the mirror its installing from is old
[18:12] <nacc> Epx998: could be
[18:12] <Epx998> nacc: I was hoping that whatever kernel I used in my netboot would be installed to the server, but I was wrong there.
[18:12] <nacc> Epx998: no, they are unrelated
[18:12] <nacc> Epx998: you would need to preseed that, if you want it
[18:13] <Epx998> nacc: that is what we were doing, was hoping to eliminate that step.  Do you know if the latest ubuntu mirrors used the latest kernel thats available for the distro?  or is a set kernel used regardless?
[18:14] <nacc> Epx998: well, they should be current, but you would also need to make sure you're telling your install to update from the mirror (there's a distinction between grabbing the iso files over the network when netbooting and performing upgrades after install)
[18:17] <Epx998> hmm
[18:19] <Epx998> nacc: you mean just an apt-get upgrade in late commands or something?  I do not see anything updates looking in the d-i options.
[18:21] <nacc> Epx998: i'm not 100% right now (and working on some other stuff)), but iirc, there is a prompt in the interactive install like 'download updates during install?'
[18:24] <Epx998> nacc: not shown in the preseed d-i options, I am not setting it and its not asking.  Ill test against an updated mirror and see what that gets me
[18:27] <nacc> Epx998: i mean, it should be pretty easy to preseed (as a late-command) something like `sudo apt update; sudo apt full-upgrade; sudo apt autoremove`
[18:27] <nacc> Epx998: i thought the updates was preseedable, but maybe it's not (or maybe it's only a prompt on the desktop iso)
[18:31] <Epx998> ha while downloading installer components, I get the message "no kernel modules found because installer is using a kernel version different from whats available in the archive" sheesh
[18:32] <nacc> Epx998: yeah, that can happen with using a custom kernel
[18:32] <Epx998> nacc: I just used 3.13.0-66 on the installer, guess i can try older.
[18:34] <Epx998> guess I have to do this with 3.2.0-23-generic
[18:34] <nacc> Epx998: 12.04?
[18:35] <nacc> -66 seem like it's neither 12.04.5 or 14.04.1
[18:35] <Epx998> sadly.. by end of summer we'll finally be on 14
[18:35] <Epx998> I am using 3.13.0-66 on the installer
[18:35] <tarpman> Epx998: there are installers with HWE kernels included, aren't there? you shouldn't need to roll your own
[18:36] <Epx998> tarpman: not sure, I am just trying to match the installer with what I end up with
[18:37] <tarpman> Epx998: ubuntu-12.04.5-server-amd64.iso is running 3.13.0-32-generic
[18:37] <Epx998> tarpman: we have some new servers with intels x550 10gb cards, that need an more uptodate ixgbe driver, was hoping to build it into the netboot first and see the installer would transfer it over (if the start/finished) kernels matched.
[18:38] <coreycb> cpaelzer: fyi https://launchpadlibrarian.net/327345908/libvirt_2.5.0-3ubuntu10_2.5.0-3ubuntu11.diff.gz
[18:43] <tarpman> Epx998: oh, yeah. nacc's right, there's a preseed to tell it whether to install the original kernel or a HWE one. let me see if I can find that
[18:43] <tarpman> Epx998: or do you mean something even newer than -32?
[18:45] <Epx998> tarpman: I am using something newer, but I can use any version really
[18:46] <Epx998> I was trying to 0-66 since that was seemingl the latest, aside from the jump to 117
[18:48] <Epx998> tarpman: end goal is to get my compiled 5.1.3 ixgbe driver into the installer and os kernel modules, so far the driver seems to compile fine regardless - so any kernel can be used, though we run 0-44 or later on our build servers
[18:49] <Epx998> I see the installer deploying 3.2.0-92, so this mirror must be old that its using.  i dont know who maintains it, to get it updated either.
[18:49] <tarpman> Epx998: did you try a HWE netboot image i.e. http://archive.ubuntu.com/ubuntu/dists/precise-updates/main/installer-amd64/current/images/trusty-netboot/ ? I *think* that ought to both boot and install the trusty HWE kernel
[18:50] <Epx998> let me check
[18:50] <tarpman> note that's /trusty-netboot/ not /netboot/
[18:51] <Epx998> I see its in the precise-updates, so its a trusty netboot that deploys precise?
[18:51] <tarpman> it's a precise netboot running the trusty kernel
[18:51] <tarpman> or rather the lts-trusty kernel.
[18:51] <Epx998> oh nice
[18:51] <Epx998> ill test it out, afk for lunch
[18:52] <sarnold> mm lunch
[18:53] <tarpman> I think that ought to work. the preseed in there is
[18:53] <tarpman> # If we're booting using the backported Trusty kernel, install it too.
[18:53] <tarpman> d-i	base-installer/kernel/altmeta	string lts-trusty
[18:53] <tarpman> which is the incantation I was trying to remember
[18:53] <tarpman> been a few years since I had to think about netboot stuff :)
[19:58] <Epx998> ok let me check this out\
[20:00] <Epx998> ah ok the 3.13.0-32-generic kernel
[20:09] <Epx998> oh hey - this has an updated version of the ixgbe driver
[20:10] <Epx998> 5.0.5 this might fix all my issues
[20:12] <Epx998> its also installing the 3.13.0-66 kernel
[20:21] <Epx998> hmm the final deploy has an older ixgbe driver, while it appeared netboot has a newer
[20:22] <Epx998> datascenter visit to test further
[20:22] <tarpman> that doesn't make any sense
[20:42] <Epx998> guess i was wrong, ixgbe is still the old 3.15
[20:44] <Epx998> this driver that ubuntu is shipping is from 2013
[20:47] <sarnold> quite the surprise that a disitrubtion from 2014 is shipping a driver from 2013 :)
[20:47]  * sarnold runs
[20:47] <sarnold> seriously though, no luck with the trusty HWE installers? :(
[21:01] <hehehe> helllo sarnold
[21:01] <sarnold> afternoon hehehe
[21:01] <hehehe> is there any sense in auditing changes in files?
[21:01] <hehehe> wont attacker disable it and delete logs?
[21:01] <hehehe> @tracing attack to see how it was done
[21:01] <hehehe> to fix holes
[21:02] <sarnold> hehehe: most sites ship audit logs and syslog and so forth off to a log server
[21:02] <hehehe> yes
[21:02] <hehehe> however if say someone gets in
[21:03] <hehehe> all you see is ip connection hmm
[21:03] <hehehe> on a certain port
[21:03] <hehehe> ok I am wrong
[21:04] <hehehe> if there is some exploit - before attacker gets root he would need to modify some files right?
[21:04] <sarnold> sometimes
[21:04] <hehehe> but then logs have to be shipped every 3 seconds
[21:04] <sarnold> continuously, not batched
[21:04] <hehehe> else if logs are shipped say once per hour attacker can delete them
[21:04] <hehehe> you mean every update is send as it happen?
[21:05] <hehehe> *sent
[21:05] <sarnold> yes
[21:05] <hehehe> ok that makes sense
[21:05] <hehehe> sarnold: what you mean by sometines
[21:05] <hehehe> sometimes
[21:05] <sarnold> not all exploits require modifyign files
[21:06] <hehehe> ok 1 would be guessing root passd
[21:06] <hehehe> passwd
[21:06] <hehehe> what else?
[21:06] <hehehe> root passwd guessing can be traced via syslog
[21:06] <hehehe> I can send you some blackberries by post :D
[21:07] <hehehe> I have some some here
[21:07] <hehehe> they are way nicer than bluberries
[21:08] <hehehe> and what if I use https://subgraph.com/sgos/ and install nginx  on it - making it a server
[21:08] <Epx998> sarnold: its using a old version of the ixgbe driver.
[21:09] <hehehe> folks question is - can all exploits be analysed and understood via audit logs?
[21:09] <hehehe> and yes how to set them up in a such way :D
[21:09] <sarnold> Epx998: which one, the original trusty kernels or even the HWE kernels?
[21:09] <hehehe> i might make fake crypto coins exchange
[21:09] <sarnold> Epx998-: which one, the original trusty kernels or even the HWE kernels?
[21:09] <hehehe> as honeypot :D
[21:10] <Epx998-> sarnold: I used the netboot installer that I was pointed to
[21:10] <Epx998-> sarnold: maybe I missed something that was said?
[21:10] <sarnold> Epx998-: I had just hoped that e.g. 14.04.5 installer would have an updated-enough driver for you; you'd stand a chance anyway..
[21:11] <hehehe> sarnold: u dont now?
[21:11] <hehehe> know :D
[21:11] <Epx998-> sarnold: yeah it was running 3.15 which is the same as the older precise kernels
[21:12] <Epx998-> I thought I had seen a 5.0.5 version, but during the install I loaded the ixgbe driver and it was the old one
[21:12] <sarnold> hehehe: no, I don't know, I only have one 10gb nic in the house, so finding the best drivers for it isn't exactly a priority. :)
=== Epx998- is now known as Epx998
[21:14] <Epx998> a bit frustrting - id think adding in a self compiled driver to netboot wouldnt be as undocumented as it is
[21:14] <Epx998> im kind of curious as to if 16 has an updated driver
[21:14] <hehehe> sarnold: what drivers!
[21:14] <hehehe> :D
[21:14] <hehehe> sarnold: I asked about setting audit logs in a way that detects all exploits
[21:15] <hehehe> 100% :D
[21:15] <sarnold> hehehe: oh I thought you asked about Epx998's problem
[21:15] <hehehe> nooo :D
[21:15] <Epx998> :D
[21:15] <sarnold> Epx998: does this help? it's from a random xenial kernel, not necessarily an installer kernel.. http://paste.ubuntu.com/25041712/
[21:15] <hehehe> whats the hardware details?
[21:16] <hehehe> sarnold: so do u know or you dont? :D
[21:16] <hehehe> and where are da rest of the people? in the bar? :)
[21:16] <sarnold> hehehe: it's impossible to write tight-enough audit rules to find all exploits
[21:16] <hehehe> sarnold: can you explain logic behind this statement?
[21:17] <Epx998> xenial ships with 4.x, latest from intel is 5.x
[21:17] <hehehe> to me it seems possible - we need to break all exploits in classes
[21:17] <hehehe> then its easier to analyse
[21:17] <sarnold> hehehe: it's a hunch based on the turing halting problem
[21:18] <hehehe> hunch...
[21:18] <hehehe> I prefer 100% logic
[21:19] <hehehe> to gain root access - people need to login to the server - so there will be login record with some ip - them something will happen
[21:19] <hehehe> time stamps can match stuff
[21:19] <sarnold> your view of 'root access' is too limited :)
[21:19] <hehehe> well go ahead and contribute
[21:20] <hehehe> instead of saying its impossible
[21:20] <hehehe> 100% hack proof server is reality I think
[21:20] <hehehe> but having said that btc-e.com got hacked many times but mostly minor hacks
[21:21] <hehehe> at very least I do have ideas - replicate database often
[21:21] <Epx998> I can hack proof any server
[21:21] <Epx998> <unplugs power>
[21:22] <hehehe> u are such sceptical people
[21:22] <hehehe> both of u :D
[21:22] <Poster> I would say you are irrationally optimistic
[21:23] <hehehe> well it can only be determined in a course of detailed howto discussion
[21:23] <hehehe> else its guesssing
[21:23] <hehehe> for example ubuntu 16.04 + html page
[21:23] <hehehe> hack than is tricky
[21:23] <hehehe> nginx did not have any zero days yet
[21:23] <hehehe> so nginx can be added
[21:24] <hehehe> maria db I am not sure if they did had zerodays exploits
[21:24] <Poster> you're going under the assumption that all vulnerabilties are widely known, which is not always true
[21:24] <hehehe> I know they are not known widely
[21:24] <hehehe> and some folks wont disclose them
[21:24] <hehehe> I did ask some hackers around too :)
[21:25] <Poster> how is it you expect to protect yourself from a vulnerabilty that you nor the software vendor is aware of?
[21:25] <hehehe> one insisted he can hack into almost any site
[21:25] <hehehe> Poster: pay company IT guys to check code
[21:25] <hehehe> security audit in house
[21:26] <Poster> yeah that gets done by many, but that team cannot find nor imagine everything
[21:26] <sarnold> defenders need to be perfect every time
[21:26] <sarnold> attackers just need to get lucky once
[21:26] <hehehe> like me
[21:26] <hehehe> well perfect logic :D
[21:27] <hehehe> and then they cant get lucky ever
[21:27] <dpb1> solution: 1) become and attacker 2) ??  3) profit!
[21:28] <Poster> I think your logic is flawed with perceptions of infallible programmers and/or code auditors
[21:28] <hehehe> well crypto currency exchanges need to have hot wallets
[21:28] <hehehe> coinbase and bitrexx and btc e hot wallets werent breached
[21:29] <hehehe> they would be amongst top wanted targets
[21:29] <Poster> you can certainly run with it, but assuming you are capable of perfection is not a good mindset if you are protecting anything important
[21:29] <hehehe> no need to assume, have to have a logical tested solution
[21:30] <Poster> you're assuming you can think of everything
[21:30] <hehehe> that may be fact
[21:30] <hehehe> i dont know yet
[21:30] <hehehe> but as I said no  one hacked coinbase
[21:30] <hehehe> how are they doing it?
[21:31] <Poster> probably many layers of security, monitoring and dilligence about keeping services updated
[21:31] <Poster> intrustion detection/prevention
[21:31] <hehehe> i would say monitoring probably
[21:32] <hehehe> and intrusion monitoring live
[21:32] <Poster> there's no magic switch you flip
[21:32] <sarnold> monitoring may be enough to let you write a really nice post-mortem when you apologize to your users
[21:32] <hehehe> sarnold: coinbase is not hacked
[21:32] <hehehe> :P
[21:32] <Poster> I don't see how that means they only monitor
[21:32] <hehehe> unlike swiss cheese sony
[21:33] <sarnold> nor would I be bold enough to ever make that claim about any service anywhere ever
[21:33] <nacc> yeah, what are you basing that off of, hehehe ?
[21:33] <nacc> a good hack is undetected still, possibly
[21:33] <hehehe> hot wallets - blockchain cant be altered
[21:33] <Poster> and for all we know they have breakins constantly but their layers of protection and monitoring stops them before they get too far
[21:34] <hehehe> if hot wallet is accessed - blockchain will show it
[21:34] <hehehe> and they cant alter blockchain easily :D
[21:35] <hehehe> or - if any site can be hacked - maybe do min security and thats it?
[21:36] <hehehe> also for example in ecommerce setup - payment gateway can allow auth only transcations
[21:36] <Poster> it's just a matter of finding a weakness somewhere, it could be server code, it could be dynamic code on a website, it could be a service unknowingly left open, it could be a default password somewhere
[21:36] <Poster> If you aspire to be in information security professionally, your current attitude will probably not let you be hired
[21:36] <hehehe> then u have to login to payment gateway site with factor 2 and manually approve charge :D
[21:36] <hehehe> lol hired?
[21:37] <hehehe> i simply want to secure boxes - 0 to do with been hired
[21:37] <Poster> assuming 2 factor authentication will keep someone out is also not a good assumption
[21:37] <hehehe> it cant be breached
[21:38] <hehehe> if you use old - not smart phone
[21:38] <hehehe> :)
[21:38] <hehehe> unless they use fake mobile mast
[21:38] <Poster> you're assuming that there is no vulnerability in the authentication system AND no other vulnerable service on the authentication system
[21:38] <Poster> or some other way in
[21:38] <Poster> I hope you bring your head out of the clouds
[21:38] <nacc> "cant be breached" is such bravado and has been proven false in the field so many times
[21:38] <Poster> best of luck
[21:39] <hehehe> Poster: ok fair enough
[21:39] <hehehe> but in coding and i dont know much about coding yet - they should be absolute logic?
[21:39] <hehehe> like print hello world
[21:39] <hehehe> that cant be hacked
[21:40] <hehehe> idea is to have code that follows absolute logic
[21:40] <nacc> if you mean the resulting binary
[21:40] <nacc> and it's written in C
[21:40] <nacc> and someone has already rooted your system, they can do all sorts of fun stuff
[21:40] <hehehe> maybe write code  in assembler then
[21:40] <hehehe> all of it
[21:40] <nacc> hehehe: ok, i think you're (again?) trolling a bit
[21:40] <hehehe> dude I am sure there is code that is 100% logical
[21:41] <hehehe> and 100% safe
[21:41] <hehehe> not all and not in all scenarioes
[21:41] <hehehe> scenarios
[21:41] <nacc> hehehe: you seem to think security is either already solved or easy; and I don't know why you think that
[21:41] <hehehe> well why do u think otherwise?
[21:41] <nacc> hehehe: because neither is true in the real world
[21:41] <hehehe> for example pgp 100% secure
[21:42] <hehehe> so already 1 valid example
[21:44] <nacc> good thing there weren't any security updates to gnupg (hint there were)
[21:44] <hehehe> or https://null-byte.wonderhowto.com/forum/website-is-never-100-secure-0158383/
[21:45] <hehehe> :)
[21:45] <hehehe> well
[21:46] <hehehe> they should be smarter
[21:46] <hehehe> so write ideal code
[21:46] <hehehe> *to
[21:46] <nacc> hehehe: alright, you are 100% a troll, i'm done.
[21:46] <hehehe> nah
[21:46] <hehehe> u just dont get it
[21:46] <hehehe> like people did not get tesla inventions
[21:46] <hehehe> in math its absolute
[21:47] <hehehe> absolute logic is possible mathematically
[21:47] <hehehe> plus dont u feel interested in such stuff?
[21:47] <hehehe> many people simply code to get paid - hence bugs
[21:47] <hehehe> or to get some fame, recognition
[21:59] <dpb1> you need to start here http://www.infosectoday.com/Articles/Intro_to_Cryptography/Introduction_Encryption_Algorithms.htm, or here https://gpgtools.tenderapp.com/kb/how-to/introduction-to-cryptography
[22:00] <Epx998> getting very frustrated with this damn driver
[22:09] <hehehe> for example - if there is 1 version of ubuntuserver
[22:09] <hehehe> and all volunteers 100% work on discovering bugs
[22:09] <hehehe> and its not like even top hackers can come up with 0 days exploits often
[22:09] <hehehe> they may use it and lose it
[22:10] <hehehe> if they use more than 5 or 6 they may have nothing left :D
[22:10] <hehehe> collective IQ is power
[22:11] <hehehe> but many coders want to write new code instead of securing existing one
[22:11] <hehehe> also AI beat some top chess players - it can also be tasked to analyse all potential holes
[22:18] <dpb1> you are off in fantasy land now.  hope it's nice there! :)
[22:36] <patdk-lap> that isn't even the issue
[22:36] <patdk-lap> the issue is the coders write new code cause they don't know how to secure the code
[22:36] <patdk-lap> so you get even more insecure code
[22:36] <patdk-lap> like most things on the web, verify your input data, how many times do we keep having injection vaunerabilities?
[22:37] <patdk-lap> kindof the same things with buffer overflows and stuff
[23:13] <Epx998> I think I got it working
[23:14] <sarnold> yeah?
[23:17] <Epx998> yeah maybe need to test with netboot on the 10gb card, but i saw the module with the 5.1.3 version of the driver at the kernel netboot post
[23:18] <Epx998> hmm i can change the interface at d-i
[23:28] <hehehe> folks
[23:28] <hehehe> https://diablohorn.com/2017/05/21/quantum-insert-bypassing-ip-restrictions/
[23:28] <hehehe> :)