bindi | new microcode out for intel cpus, anyone updated yet? how to :D? | 00:24 |
---|---|---|
bindi | https://askubuntu.com/questions/545925/how-to-update-intel-microcode-properly | 00:25 |
bindi | this answer doesn't actually tell you how to update it | 00:25 |
nacc | bindi: have the intel-microcode package installed and keep your system updated | 00:48 |
nacc | you will get it via -security, I believe for your sytem | 00:48 |
bindi | ... | 01:12 |
bindi | that doesnt answer my question :D | 01:12 |
bindi | well, how to update with the tool manually, is what i wanted to ask specifically | 01:12 |
bindi | it isnt updated in the repos yet | 01:12 |
=== nchambers is now known as TheMediocreTroll | ||
=== TheMediocreTroll is now known as nchambers | ||
mbff | Hello! I am trying to configure my interfaces file to get pfsense working inside KVM. Currently my /etc/network/interfaces file looks like this: https://gist.github.com/marshallford/cbf917a9cf8cbd8d23c641b04c193569 What gives? my WAN NIC passes though but the LAN isn't working at al | 04:14 |
mbff | To follow up my question: The Ubuntu Host OS should have the ip 10.0.0.3 and allow enp8s0 (LAN NIC) to hook up to a switch or access point. I must be missing something simple... | 04:15 |
cpaelzer | nacc: I thought he was on it, let me check the current state of curl/http2 | 05:58 |
cpaelzer | nacc: no it is actually fixed by the last merge as locutusofborg and I discussed | 06:03 |
cpaelzer | just missing in the changelog | 06:03 |
cpaelzer | I'll update the bug | 06:03 |
cpaelzer | good mornign btw | 07:20 |
cpaelzer | :-) | 07:20 |
zioproto | hello | 08:17 |
zioproto | upgrading the Kernel on openstack compute nodes we had run into this https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1742630 | 08:18 |
ubottu | Launchpad bug 1742630 in linux (Ubuntu) "Booting from 4.13.0-21-generic leads to Oops: NULL pointer dereference - RIP: isci_task_abort_task+0x30/0x3e0 [isci]" [Undecided,New] | 08:18 |
zioproto | anyone else with quanta servers ? :) | 08:18 |
lordievader | Good morning | 08:45 |
ahasenack | good morning | 11:11 |
=== albech1 is now known as albech | ||
Ussat | gonna assume the issue with some 16.04 systems getting "bricked" with the newkernel update is fixed ? | 14:33 |
mason | Ussat: I thought the bricking was with newer releases, not Xenial. | 14:41 |
mason | There was a post-kernel-side-channel-patch issue that's been resolved, but it didn't brick. | 14:41 |
mason | The last kernel could be booted. (It bit my wife's desktop.) | 14:41 |
Odd_Bloke | Yeah, I haven't heard of any _bricking_ issues. | 14:43 |
mason | I think there was a bricking issue with new kernels on some newish systems. Don't remember the details. | 14:50 |
mason | Ah: https://lwn.net/Articles/741916/rss | 14:50 |
hggdh | there were problems with 4.4.0-108, which were resolved with -109. Of course, situation is still fluid-ish | 14:51 |
mason | I just now saw a SlashDot article talking about 16.04, so I stand corrected. | 14:51 |
mason | https://news.slashdot.org/story/18/01/10/1634215/meltdown-and-spectre-patches-bricking-ubuntu-1604-computers | 14:51 |
mason | Ah, no, that's not bricking. | 14:51 |
mason | That's "this kernel won't boot - boot with the last kernel" after which an update works to resolve the issue. | 14:52 |
mason | But yeah, that bit my wife's system. | 14:52 |
hateball | Should perhaps never ever write an article again if you call that bricking | 14:54 |
mason | That occurs to me, yes. | 14:54 |
hateball | Not that it's the first terribly worded or researched thing on slashdot :p | 14:54 |
hggdh | well, for the casual user, being unable to boot is just like bricking | 14:54 |
hateball | Sure | 14:54 |
hateball | But pretending to be some tech news reporting... I have more faith in 4chan | 14:55 |
hateball | anyhow! | 14:55 |
* hateball goes back to lurking | 14:55 | |
mason | Just like bricking, except that it's easily fixed, as opposed to, you know, bricking. | 14:55 |
hggdh | :-) | 14:57 |
Ussat | well, I have a 17* system that upgradede fine (its a test box), just spun a 16.04 LTS and testing it now | 14:58 |
Ussat | mason, ya ya I know... | 14:58 |
mason | If you upgrade today, yeah, no problem. They issued errata an hour or two after my wife updated and found herself staring at a blank screen. | 14:58 |
Ussat | OK, kinda figured they would, just testing it out on my test boxes before I go to schedule prod | 14:59 |
mason | Sounds like the safest thing to do, yar. | 15:00 |
Ussat | Now if you and RHEL could scyn your patch releases :) | 15:01 |
Ussat | sync | 15:01 |
mason | You and RHEL? :P | 15:02 |
Ussat | Yes, I have both RHEL and Ubuntu systems in prod | 15:02 |
Ussat | :) | 15:02 |
mason | No, understood - just saying, you and RHEL. Thought you were talking to me. :P | 15:03 |
Ussat | heh , fair buff | 15:03 |
Ussat | nuff | 15:03 |
Ussat | I meant generic you | 15:03 |
mason | The embargo should have led to synchronization, but it was all a fustercluck. | 15:03 |
mason | Yar. | 15:03 |
mason | Xen releases fixes early, paper comes out early with details, and suddenly the embargo is off. | 15:04 |
mason | Some smaller projects still haven't released patches. | 15:04 |
mason | Slackware, the BSDs are all still lagging as far as I understand it. | 15:04 |
mason | Ah, I spoke too soon. DragonflyBSD has errata out now. | 15:05 |
Ussat | Hell, Vmware snuck fixes in about 2 weeks ago | 15:06 |
mason | Ah, didn't realize. | 15:06 |
mason | As for me, I want to move my infrastructure over to Raspberry Pis after this. | 15:07 |
Ussat | heh | 15:08 |
Ussat | Yea...and the best part, what else is comming now that this vector is public | 15:08 |
mason | Yep. | 15:08 |
mason | I'm having meetings with customers talking about information hygiene, data classification on multitenant systems, etc. | 15:09 |
mason | There's some good, traditional best practise that can help a bit. | 15:09 |
Ussat | I bet, I am in healthcare, so HIPPA etc....fun stuff | 15:09 |
mason | You're probably already doing everything we're recommending. | 15:10 |
Ussat | Oh ya....all sorts fun | 15:11 |
mtl | I just got an intel-microcode update, do I need to restart my server again? | 20:18 |
Odd_Bloke | mtl: AIUI, it won't really have much impact until the next kernel drops. | 20:21 |
TJ- | mtl: you can load it using "echo 1 > /sys/devices/system/cpu/microcode/reload" rather than reboot | 21:00 |
mason | And check dmesg to see that it did its thing. | 21:40 |
mason | mtl: At the least, update-initramfs so it loads on reboots | 21:40 |
boxrick | Hello! I have a server which has been updated with the meltdown patch. I need to remove this and prevent the install in the future, any hints on how to remove this? | 22:31 |
Odd_Bloke | boxrick: Why do you need to remove it? | 22:32 |
Odd_Bloke | (You really, really don't want to run a machine without this patch. :) | 22:32 |
boxrick | This is an offline server, where performance is critical and the security is rather irrelevent | 22:33 |
Odd_Bloke | boxrick: If it's offline, how did you upgrade the kernel? ;) | 22:34 |
boxrick | I use it for number crunching, and keep it with an airgap and only use my mirror for updates when I need something specific. | 22:34 |
Odd_Bloke | Hah, quick answer. :p | 22:34 |
boxrick | I was typing that as you asked :) | 22:34 |
nacc | boxrick: it seems like you would need to not run -updates/-security, or pin your linux-generic (or wahtever) package | 22:36 |
nacc | boxrick: as I assume these patches will now exist forever forward | 22:36 |
nacc | boxrick: isn't it easier to just pass nopti? | 22:36 |
boxrick | Yea good point | 22:36 |
boxrick | Cheers, will just update grub. | 22:38 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!