[00:24] <bindi> new microcode out for intel cpus, anyone updated yet? how to :D?
[00:25] <bindi> https://askubuntu.com/questions/545925/how-to-update-intel-microcode-properly
[00:25] <bindi> this answer doesn't actually tell you how to update it
[00:48] <nacc> bindi: have the intel-microcode package installed and keep your system updated
[00:48] <nacc> you will get it via -security, I believe for your sytem
[01:12] <bindi> ...
[01:12] <bindi> that doesnt answer my question :D
[01:12] <bindi> well, how to update with the tool manually, is what i wanted to ask specifically
[01:12] <bindi> it isnt updated in the repos yet
[04:14] <mbff> Hello! I am trying to configure my interfaces file to get pfsense working inside KVM. Currently my /etc/network/interfaces file looks like this: https://gist.github.com/marshallford/cbf917a9cf8cbd8d23c641b04c193569 What gives? my WAN NIC passes though but the LAN isn't working at al
[04:15] <mbff> To follow up my question: The Ubuntu Host OS should have the ip 10.0.0.3 and allow enp8s0 (LAN NIC) to hook up to a switch or access point. I must be missing something simple...
[05:58] <cpaelzer> nacc: I thought he was on it, let me check the current state of curl/http2
[06:03] <cpaelzer> nacc: no it is actually fixed by the last merge as locutusofborg and I discussed
[06:03] <cpaelzer> just missing in the changelog
[06:03] <cpaelzer> I'll update the bug
[07:20] <cpaelzer> good mornign btw
[07:20] <cpaelzer> :-)
[08:17] <zioproto> hello
[08:18] <zioproto> upgrading the Kernel on openstack compute nodes we had run into this https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1742630
[08:18] <zioproto> anyone else with quanta servers ? :)
[08:45] <lordievader> Good morning
[11:11] <ahasenack> good morning
[14:33] <Ussat> gonna assume the issue with some 16.04 systems getting "bricked" with the newkernel update is fixed ?
[14:41] <mason> Ussat: I thought the bricking was with newer releases, not Xenial.
[14:41] <mason> There was a post-kernel-side-channel-patch issue that's been resolved, but it didn't brick.
[14:41] <mason> The last kernel could be booted. (It bit my wife's desktop.)
[14:43] <Odd_Bloke> Yeah, I haven't heard of any _bricking_ issues.
[14:50] <mason> I think there was a bricking issue with new kernels on some newish systems. Don't remember the details.
[14:50] <mason> Ah: https://lwn.net/Articles/741916/rss
[14:51] <hggdh> there were problems with 4.4.0-108, which were resolved with -109. Of course, situation is still fluid-ish
[14:51] <mason> I just now saw a SlashDot article talking about 16.04, so I stand corrected.
[14:51] <mason> https://news.slashdot.org/story/18/01/10/1634215/meltdown-and-spectre-patches-bricking-ubuntu-1604-computers
[14:51] <mason> Ah, no, that's not bricking.
[14:52] <mason> That's "this kernel won't boot - boot with the last kernel" after which an update works to resolve the issue.
[14:52] <mason> But yeah, that bit my wife's system.
[14:54] <hateball> Should perhaps never ever write an article again if you call that bricking
[14:54] <mason> That occurs to me, yes.
[14:54] <hateball> Not that it's the first terribly worded or researched thing on slashdot :p
[14:54] <hggdh> well, for the casual user, being unable to boot is just like bricking
[14:54] <hateball> Sure
[14:55] <hateball> But pretending to be some tech news reporting... I have more faith in 4chan
[14:55] <hateball> anyhow!
[14:55]  * hateball goes back to lurking
[14:55] <mason> Just like bricking, except that it's easily fixed, as opposed to, you know, bricking.
[14:57] <hggdh> :-)
[14:58] <Ussat> well, I have a 17* system that upgradede fine (its a test box), just spun a 16.04 LTS and testing it now
[14:58] <Ussat> mason, ya ya I know...
[14:58] <mason> If you upgrade today, yeah, no problem. They issued errata an hour or two after my wife updated and found herself staring at a blank screen.
[14:59] <Ussat> OK, kinda figured they would, just testing it out on my test boxes before I go to schedule prod
[15:00] <mason> Sounds like the safest thing to do, yar.
[15:01] <Ussat> Now if you and RHEL could scyn your patch releases :)
[15:01] <Ussat> sync
[15:02] <mason> You and RHEL? :P
[15:02] <Ussat> Yes, I have both RHEL and Ubuntu systems in prod
[15:02] <Ussat> :)
[15:03] <mason> No, understood - just saying, you and RHEL. Thought you were talking to me. :P
[15:03] <Ussat> heh , fair buff
[15:03] <Ussat> nuff
[15:03] <Ussat> I meant generic you
[15:03] <mason> The embargo should have led to synchronization, but it was all a fustercluck.
[15:03] <mason> Yar.
[15:04] <mason> Xen releases fixes early, paper comes out early with details, and suddenly the embargo is off.
[15:04] <mason> Some smaller projects still haven't released patches.
[15:04] <mason> Slackware, the BSDs are all still lagging as far as I understand it.
[15:05] <mason> Ah, I spoke too soon. DragonflyBSD has errata out now.
[15:06] <Ussat> Hell, Vmware snuck fixes in about 2 weeks ago
[15:06] <mason> Ah, didn't realize.
[15:07] <mason> As for me, I want to move my infrastructure over to Raspberry Pis after this.
[15:08] <Ussat> heh
[15:08] <Ussat> Yea...and the best part, what else is comming now that this vector is public
[15:08] <mason> Yep.
[15:09] <mason> I'm having meetings with customers talking about information hygiene, data classification on multitenant systems, etc.
[15:09] <mason> There's some good, traditional best practise that can help a bit.
[15:09] <Ussat> I bet, I am in healthcare, so HIPPA etc....fun stuff
[15:10] <mason> You're probably already doing everything we're recommending.
[15:11] <Ussat> Oh ya....all sorts fun
[20:18] <mtl> I just got an intel-microcode update, do I need to restart my server again?
[20:21] <Odd_Bloke> mtl: AIUI, it won't really have much impact until the next kernel drops.
[21:00] <TJ-> mtl: you can load it using "echo 1 > /sys/devices/system/cpu/microcode/reload" rather than reboot
[21:40] <mason> And check dmesg to see that it did its thing.
[21:40] <mason> mtl: At the least, update-initramfs so it loads on reboots
[22:31] <boxrick> Hello! I have a server which has been updated with the meltdown patch. I need to remove this and prevent the install in the future, any hints on how to remove this?
[22:32] <Odd_Bloke> boxrick: Why do you need to remove it?
[22:32] <Odd_Bloke> (You really, really don't want to run a machine without this patch. :)
[22:33] <boxrick> This is an offline server, where performance is critical and the security is rather irrelevent
[22:34] <Odd_Bloke> boxrick: If it's offline, how did you upgrade the kernel? ;)
[22:34] <boxrick> I use it for number crunching, and keep it with an airgap and only use my mirror for updates when I need something specific.
[22:34] <Odd_Bloke> Hah, quick answer. :p
[22:34] <boxrick> I was typing that as you asked :)
[22:36] <nacc> boxrick: it seems like you would need to not run -updates/-security, or pin your linux-generic (or wahtever) package
[22:36] <nacc> boxrick: as I assume these patches will now exist forever forward
[22:36] <nacc> boxrick: isn't it easier to just pass nopti?
[22:36] <boxrick> Yea good point
[22:38] <boxrick> Cheers, will just update grub.