/srv/irclogs.ubuntu.com/2018/07/18/#ubuntu-discuss.txt

unclefoo	blackflow: I'm okay with trusting the software, but it sucks I also have to trust my ISP, anyone else on my wlan and my DNS server.	01:48
leftyfb	VPN's?	01:49
leftyfb	use mirrors?	01:49
blackflow	unclefoo: and your motherboard with that IME chip	01:49
blackflow	it runs a full Minix installation, y'know.	01:50
unclefoo	We'll have to deal with Intel later, RISC-V maybe.	01:50
blackflow	but indeed, this ubuntu key verification is a bit..... insufficient. it basically assumes you once obtained the key, trusted it, nothing bad happened, and now you have it for future verification.	01:51
unclefoo	leftyfb: Then I've got to trust the VPN runner.	01:51
unclefoo	Shipping the key with the installation is sensible, but it doesn't help me get the key if I'm not running Ubuntu.	01:51
leftyfb	unclefoo: then turn off your computer and go find a nice big rock to live under	01:51
blackflow	but one could argue that whatever method you chose, unless you walked over to canonical offices yourself and got the key on read-only cdrom or something, any method is subject to chicken and the egg problem in setting up a trust chain.	01:52
unclefoo	Well, for now I'm definitely going to be trusting the CA people.	01:52
unclefoo	I use them for all of my online services.	01:52
unclefoo	So I'd prefer that Ubuntu just piggybacked on that?	01:52
unclefoo	There's no reason to do something worse.	01:53
leftyfb	blackflow: The Canonical office in the U.S. would just get them from the mirror ;)	01:53
unclefoo	Some of the mirrors use TLS, ie https://mirror.hmc.edu/ubuntu-releases/	01:55
blackflow	oh, shi- it's 4am.... I have to scram.	01:56
unclefoo	leftyfb: So you just navigate to the HTTP site, download the ISO then install it.	01:57
hggdh	keep in mind that all Ubuntu packages are signed, and installation will abort if the package signature does not match	01:58
leftyfb	unclefoo: crazy right?	01:58
leftyfb	hggdh: but the lizard people!	01:58
blackflow	hggdh: unless your ubuntu is trojaned, which is teh whole point, trusting that initial installation because ISOs are obtained over http and checksums too.	01:59
hggdh	leftyfb: but the children! Who will protect the children?	01:59
blackflow	Elon Musk!	01:59
hggdh	if the signing key have been compromised, there is not much that can be done. Trojaning the repository is secondary	02:00
unclefoo	hggdh: I don't understand what you mean. You're talking about the collections of packages that ship with the ISO?	02:00
hggdh	if the sources are compromised... then there will be a good signature, and there is nothing HTTPS will do to solve it	02:01
hggdh	unclefoo: the ISO carries also the public keys, so there is a chance of compromising it, yes. It will always boil down to one critical path, somewhere	02:02
unclefoo	So, I understand that we're fucked if the Ubuntu devs all get compromised, or their release boxes do or anything like that.	02:03
leftyfb	turn off computer, find large rock to live under. That's the only solution	02:03
unclefoo	I just want to verify the ISO I install is the one signed by some dev.	02:03
hggdh	aye	02:03
leftyfb	unclefoo: then use the md5 available on the site	02:03
hggdh	you have a series of hashes to compare with	02:03
unclefoo	But the md5 comes over HTTP	02:04
blackflow	hggdh: no, see the problem here is that the official Ubuntu documentation on verifying the checksums is by using gpkg hpk to download the key, which is NOT over TLS or verified with another key first.	02:04
unclefoo	So the attacker just going to change that too.	02:04
* leftyfb sigh		02:04
blackflow	the problem is that Ubuntu doesn't display prominently on, say, ubuntu.com, over https, what the signature of that key is. that per se would be "good enough".	02:04
hggdh	oh, so we are also talking about DNS poisoning?	02:04
hggdh	and how HTTPS solves it?	02:05
unclefoo	Right, if Ubuntu announced "THESE ARE THE RELEASE PUBLIC KEYS", I would be kind of happy.	02:05
blackflow	like gentoo does it: https://www.gentoo.org/downloads/signatures/	02:05
hggdh	please do not get me wrong. HTTPS is important	02:05
blackflow	hggdh: https at least offers _some_ protection against threat actors who don't have the resources to corrupt a CA and mitm you.	02:05
unclefoo	Right.	02:05
blackflow	any skiddie with a wifi sniffer can MITM your http connection	02:05
unclefoo	Like someone who knows my wifi password.	02:05
unclefoo	exactly	02:05
hggdh	blackflow: and I hijacked your DNS, which now servers my gentoo page...	02:06
unclefoo	Doesn't matter because you don't have the cert.	02:06
unclefoo	well the corresponding private key at lesat.	02:06
blackflow	hggdh: AND you also have a valid cert on that?	02:06
unclefoo	Unless you use your DNS poisoning to attack the CA domain validation.	02:06
hggdh	unclefoo: but I have also created my own keys. AND I have re-packaged everything	02:06
unclefoo	But my user agent will refuse the connection.	02:06
unclefoo	Because it can't verify the cert chain.	02:07
blackflow	right. and with HSTS it will even refuse temporary override on bad cert.	02:07
hggdh	also, keep in mind that cert validation is done by the root, not by the user cert	02:07
leftyfb	blackflow: That would require the "kiddie" created their own custom malicious ubuntu iso and serving it up to you .... you are targeted. At that point, you've got bigger problems to deal with	02:07
hggdh	<sigh/>. I created, once, this very attack. I had all certs in the root chain "redone". Validation was perfect	02:08
blackflow	the point is, users have no way to verify those keys with "reasonable level of trust".	02:08
blackflow	leftyfb: yeah but no if it were offered over https	02:08
hggdh	blackflow: you go to my site, with my certificates, with my* root chain. I server it over HTTPS, and validation is correct.	02:09
leftyfb	blackflow: anyone can get a cert and service it up if you're hijacking DNS	02:09
blackflow	hggdh: no	02:09
leftyfb	service/serve	02:09
unclefoo	You can't change the root certs in my browser.	02:09
hggdh	blackflow: again. I hhave done that as a PoC	02:09
blackflow	sounds like you don't know how that works. your root chain would need to be installed on my computer first.	02:09
unclefoo	Exactly.	02:09
hggdh	but I am NOT changing your roots. I am using the same CA	02:09
leftyfb	uh	02:09
blackflow	hggdh: which one? one of the public ones in ca-certificates?	02:09
leftyfb	this is 100% possible	02:10
hggdh	I buy a cert from Verisign	02:10
hggdh	you are no wiser	02:10
unclefoo	For your domain	02:10
hggdh	and I got in	02:10
unclefoo	Or for ubuntus domain?	02:10
blackflow	it's possible alright, but how likely? back to the original statement of "having resources to corrupt a CA", or to buy unauthorized but valid cert from a bad one.	02:10
leftyfb	again how likely	02:11
leftyfb	we can play this game all niht	02:11
leftyfb	night*	02:11
leftyfb	"but what if"	02:11
hggdh	yep	02:11
blackflow	then let's drop https completely.	02:11
leftyfb	just download the damn iso like millions of others and get over it	02:11
leftyfb	or don't	02:11
unclefoo	In 5 years going to hear about the Ubuntu-ISO-Botnet-Variant-88XX	02:11
hggdh	this is one of the reasons (among a truckload of them) I have very wary of X.509	02:11
leftyfb	unclefoo: and I'll track you down and apologize	02:12
blackflow	you are saying that just because SOME threat actors have the ability to obtain a valid but illegal cert, then EVERY actor can too	02:12
unclefoo	leftyfb: We'll get beers.	02:12
leftyfb	I don't drink beer	02:12
hggdh	why not. Microsoft found it the hard way	02:12
leftyfb	too many chemtrails in it ;)	02:12
hggdh	(as many others)	02:12
blackflow	security is not a switch, not black and white, its'a process. there are levels, probabilities. using https solves a number of intrusion vectors. not all, but non-zero also.	02:12
hggdh	even more the amount of CAs that come embedded is... absolutely amazing. any CA would do the trick	02:13
unclefoo	Right, but we're getting Certificate Transparency.	02:13
blackflow	yup. any one of them in ca-certs can be used	02:13
hggdh	blackflow: correct. And security is layered, so you end up with (sigh) protection in depth	02:13
leftyfb	unclefoo: file a bug on launchpad against ubuntu to host the signatures publicly behind https like gentoo does	02:14
blackflow	the question is. Can Kremlin do it to plant racy Stormy Daniels pics on your computer? sure. Can Herp Derp, the kid down the street, do it? Probably not. Can that kid sniff your wifi and mitm your http (no s) connections? probably yes.	02:14
hggdh	I do contract work -- I am a consultant. I can count on my fingers the number (out of, probably, the low hundreds) of companies I have been in that I would trust my data	02:15
unclefoo	leftyfb: Maybe. Good to talk about it before making a ruckus though.	02:15
blackflow	some routers STILL are not patched for KRACK. I had a live demo to a company the other day.	02:15
hggdh	oh routers are another bascket of worms	02:15
hggdh	as are, pretty much, all IoT crap	02:16
blackflow	exactly. so it's so easy to plant a trojaned ISO to someone in your network doing it over wifi. :) with a bit of effort, and no need to corrupt a CA, that someone will have no means to verify the ISO because the key is obtained over http that you're mitm-ing, too ;)	02:16
hggdh	blackflow: NOW this is more realistic. You did not download from the official repos, you are using an ISO laying around	02:17
blackflow	no you used KRACK to break into the wifi network, guessed the router panel password which was, believe it or not, "admin", or the factory sticker with the admin password is still on the back side of it, you changed the DNS and anyone in that wifi network is loading the iso from your laptop, even though they're accessing http://ubuntu.com ;)	02:20
hggdh	the whole thing ends up with what is usually called "due diligence". If no due diligence performed, then nothing can be guaranteed	02:20
hggdh	put in a different way: how many of us always check the received cert in an HTTPS session?	02:21
blackflow	and ubuntu does no due diligence, by not offering https downloads. that's the whole point.	02:21
unclefoo	hggdh: My browser always does.	02:21
unclefoo	And I always verify the domain.	02:21
hggdh	no. Your browser always check that the certificate CN matches the FQSN, and that the browser's sotred CA chain is verified	02:22
hggdh	which is, already, a corruption of the standard.	02:23
hggdh	now enters unicode, and bets are off	02:23
blackflow	depends. browsers have protection against mixed charsets.	02:23
hggdh	blackflow: oh, OK. So you are going to trust something that may, or may not, be correct? It depends, right?	02:24
blackflow	(I'm assuming you're talking about IDN homograph attack)	02:24
unclefoo	I think we all agree that security is a spectrum.	02:24
hggdh	among others, yes	02:24
hggdh	unclefoo: thank you. This is indeed the point	02:24
blackflow	all I'm saying is, since having https offers MORE protection thatn not having https, why not have https.	02:24
unclefoo	Serving your distros installation media over HTTP seems like far down the insecure side of the spectrum.	02:24
unclefoo	Would you check your email over an HTTP connection?	02:25
blackflow	exactly. or at least serving the keys, which also happens over HTTP it appears.	02:25
hggdh	blackflow: I agree with you there. HTTPS does not solve the world's problem, but helps	02:25
blackflow	it doesn't help against Kremlin, but it sure denies Herp Derp, the kid down the street, from MITM-ing your pr0n ;)	02:26
hggdh	the thing is if the ONLY validation you have is HTTPS, then you are dead anyways.	02:26
hggdh	again, I like multiple layers	02:26
hggdh	I would like to have HTTPS on the repos as well.	02:27
blackflow	hggdh: I agree, but..... which of the multiple layers is offered here by Ubuntu? The download is over HTTP, the keys are obtained over HTTP. nowhere is any due diligent attempt to offer _some_ level of connection encryption when fetching those.	02:27
hggdh	(and this has been discussed ad nauseam within Ubuntu)	02:27
unclefoo	Any links to the discussions?	02:28
hggdh	you have the keys off a key server; you have the keys in a signed package; you have the kernel signed with a different key	02:28
blackflow	hggdh: the keys from the key servers are obtained over http	02:29
unclefoo	How do I know which key from the key server?	02:29
unclefoo	It doesn't so much matter that the key is obtained over HTTP if I know what the right public key is.	02:29
unclefoo	But since I don't know, HTTPS is nice.	02:30
hggdh	the packages are signed, you need to grab the signing key from them	02:30
unclefoo	I see.	02:30
blackflow	gpkg --keyserver hkp://keyserver.ubuntu.com ... see that hkp there?	02:30
blackflow	*gpg (lol)	02:30
hggdh	unclefoo: I do not remember there, I think at least one of the discussions was on a ML. ubuntu-devel?	02:31
hggdh	don't remember	02:31
blackflow	hggdh: the issue here, and this whole discussion, was about that first step of gettin ubuntu installed, and veryfing the ISO to begin with. If that's verified and you have it installed, with keys and all, then it's no problem. but that first verification is a problem.	02:31
hggdh	it is always a problem, a known issue with distribution (where is the key, who has the key)	02:32
hggdh	this is why off-channel validation is important (and almost never done)	02:32
blackflow	right, and my whole point is that, some level of trust can be established if the keys were offered on a page over https, like that gentoo link above.	02:32
blackflow	and I'll take some over none any day ;)	02:33
unclefoo	Right, that's a good summary I think.	02:33
hggdh	blackflow: I absolutely agree. The Ubuntu public keys should be published in a clear, HTTPS-encapsulated site	02:33
hggdh	and clearly pointed to in many different places	02:34
hggdh	(I thought we had something like that somewhere, but wiki.u.c is very slow)	02:35
blackflow	precisely. I mean, y'all have been joking earlier about lizard people and conspiracies, but let's look at the facts: snaps are being trojaned because they can be. gentoo github was compromised because some herpderm didn't use 2FA. mint's ISOs were trojaned. Arch AUR packages were trojaned. there's a LOT of incentive to compromise linux distros infrastructure. let's not kid ourselves with	02:35
blackflow	lizzard people and conspiracy theories, the threat is _very_ real.	02:35
unclefoo	The fingerprints in this tutorial https://tutorials.ubuntu.com/tutorial/tutorial-how-to-verify-ubuntu#3 (pointed out by blackflow) are in fact the fingerprints for the keys that signed by Ubuntu ISO.	02:37
unclefoo	But it doesn't do a good job advertising that they are the legit keys, imo.	02:37
hggdh	agree	02:38
hggdh	but I am being called now for a movie	02:39
blackflow	I've read somewhere that Cosmic will be all about increasing security. Cheers to that, let's make it better! now I really have to scram. it's now 5am and the sun is coming out. I can see the horizon line changed from pitch black to black / deep blue line :)	02:39
unclefoo	cya guys	02:39
blackflow	o/	02:39
unclefoo	blackflow, hggdh Here we go, https://wiki.ubuntu.com/SecurityTeam/FAQ	02:48
unclefoo	Towards the bottom.	02:48
lotuspsychje	good morning to all	04:00
Bashing-om	WB lotuspsychje .	04:11
lotuspsychje	tnx Bashing-om	04:27
lotuspsychje	nice job on uwn Bashing-om	04:31
Bashing-om	lotuspsychje: tnx .. "WE" do try . Do better with better word smiths :)	04:34
lotuspsychje	:p	04:34
lotuspsychje	2 jimbuntus	05:11
lotuspsychje	hmm whats a logbot	05:12
Bashing-om	GN all ..laters \o	05:41
ducasse	good morning	06:21
lordievader	Good morning	06:22
ducasse	hi lordievader - all well today?	06:23
lordievader	Yeah, doing good.	06:23
ducasse	lots to do today?	06:24
lordievader	Yeah, as usual.	06:24
lordievader	You?	06:25
ducasse	i'm about to start the last artful->bionic upgrade, since it goes eol tomorrow - have kept postponing. also a couple of routeros upgrades to do.	06:26
lordievader	I believe most of my machines are quite up to date. Lets see.	06:29
lordievader	Oldest is Debian 9.2.	06:30
ducasse	that's not too old, afaik? i should also do something about my fileserver, but i'll do that when i'm ready to swap out the system disk - do a fresh install.	06:34
lordievader	Nope, current stable. Wonder why not all are 9.5 though.	06:35
ducasse	dunno, haven't run debian in ages. thinking of spinning up a machine with testing or sid, though, just to get familiar with it again.	06:38
lordievader	I like Debian more for vms than Ubuntu.	07:37
ducasse	as host or guest?	07:40
lordievader	Guests	07:46
lordievader	My hypervisors are mostly Gentoo with one Ubuntu exception.	07:46
oerheks	morning :-)	09:14
* tsimonq2 spits out drink		09:18
tsimonq2	Gentoo?!	09:18
blackflow	Y U HATE GENTOO! let's hear it.	09:22
oerheks	never ran gentoo	09:24
tsimonq2	Gentoo makes your computer a freaking space heater. :P	09:25
oerheks	fedora, suse, ubuntu, debian ..	09:25
tsimonq2	^	09:25
oerheks	fedora got the nicest visual boot	09:25
oerheks	no resolution change at all	09:26
blackflow	gentoo taught me all I know about linux distros, how they work inside, how to fix things when they break. it completely demystified it. it's a very valuable distro.	09:30
oerheks	i wasted so many hours trying suse without internet/docs...	09:31
oerheks	only when a professional helped me in 2008, i got started	09:32
blackflow	hah I got started with linux around that time as well. and with OpenSuSE. 10.3 was my first ever linux distro as a full daily driver (ditched windows xp).	09:39
oerheks	i feel silly when i say all my hardware since then is pretty good recognised, all the problems in #u i never experienced myself	09:41
oerheks	so i think the number of users are huge, if they have no issues too	09:42
blackflow	the part I disliked about OpenSuSE is, incredibly, YaST. it's not really optional, as it introduces a lot of config abstraction in the backend so even if you wanted to change things without a panel, using those abstractions anyway was the only way, or you risk breakage on next update of something.	09:45
oerheks	the first magical line on fedora: yum install yumex	09:46
lordievader	I agree, through the well documented installation procedure of Gentoo you learn a lot about Linux.	09:46
oerheks	then installing the good-bad-ugly	09:47
oerheks	gentoo and arch, seems like i have to try this too	09:47
Tegu	after thos, linux from scratch. (I have yet to try it)	10:34
BluesKaj	Hi folks	11:29
daftykins	heya \o	11:31
BluesKaj	hi daftykins	11:31
daftykins	hot weather continuing over there?	11:31
BluesKaj	no, it's gone, 26 today	11:32
daftykins	oh that'd be plenty to me xD	11:32
BluesKaj	hot out west again tno	11:32
BluesKaj	cold here last night, 10C	11:35
daftykins	mm had a cool couple of nights where i had to close the windows again	11:39
BluesKaj	yup	11:40
daftykins	i'm off to London on Friday, bit concerned as there's meant to be an ongoing heatwave so it'll heat up to the 30s up there	11:40
daftykins	i'd rather hide from the heat back home :D	11:40
BluesKaj	same	11:41
BluesKaj	guess the ocean moderates the temps there a lot	11:42
daftykins	mmm the tides coming up the English Channel i think	11:43
daftykins	and coming back down from the North sea probably	11:43
BluesKaj	I'm 25 km from one of the Great Lakes here and that helps somewhat	11:43
daftykins	if i remember right a friend said they factor in hugely for your snowfall too, we might see a light dusting of snow one night every few years, super mild weather	11:45
daftykins	i should be packing tools for this trip, hmm	11:49
BluesKaj	bermuda current makes all the difference for the British Isles and Europe ...no such thing here	11:49
daftykins	mmm that's the one, i can't remember what it was that causes it, but in the winters lately it all changes direction and we end up with siberian air that brought us snow	11:53
BluesKaj	yeah, you guys in the UK mainland are actually much further north in latitude than we are , even here in "Northern Ontario"	11:57
daftykins	well i'll be flying up there on Friday :D the island of mine is quite southern in comparison - https://goo.gl/maps/Y7p8wreLMNu	11:59
BluesKaj	yeah, I'm familiar with your location	11:59
daftykins	ah my mistake :) just checking	12:00
BluesKaj	I'm, a bit of geography nut	12:01
BluesKaj	I like to know where people I chat with are located	12:01
daftykins	:D	12:02
lotuspsychje	good afternoon to all	12:26
lotuspsychje	atariOs !	12:29
lotuspsychje	lol	12:29
BluesKaj	hey lotuspsychje	12:34
lotuspsychje	hey BluesKaj	12:35
lotuspsychje	painted the shutters today	12:35
* tomreyn waves		13:00
lotuspsychje	hey there tomreyn	13:00
daftykins	ah you heard about all the painting i was doing and got jealous eh lotus? :D	13:00
tomreyn	hey lotus	13:00
lotuspsychje	yeah lol	13:01
lotuspsychje	!info libinput bionic	13:03
ubot5	Package libinput does not exist in bionic	13:03
blackflow	there's a whole lot of them, from the "libinput" source package	13:06
blackflow	https://launchpad.net/ubuntu/+source/libinput	13:06
lotuspsychje	so if cosmic has it, its not in backports?	13:06
blackflow	backports aren't made for all packages	13:07
lotuspsychje	so ppa it is then cause proposed might give a new nightmare	13:08
tomreyn	how do you actualy tlel what's in proposed? neither packages.ubuntu.com nor rmadison can tell.	13:09
BluesKaj	use launchpad for proposed ppas	14:19
BluesKaj	one can search in launchpad, tomreyn	14:22
tomreyn	thanks, i assumed that's possible. not sure convenient, though ;)	14:55
tomreyn	s/sure/super/	14:55
lotuspsychje	or would apt-cache say, once enabled in repos?	14:56
lotuspsychje	but then its too late of course	14:56
oerheks	this hans__ dude is not even running ubuntu	15:08
oerheks	troll	15:08
lotuspsychje	yeah he was offensive yesterday	15:09
lotuspsychje	one to keep an eye on	15:10
lotuspsychje	hans_lotuspsychje, wrong, 32bit ubuntu will run just fine on 64bit hardware	15:15
lotuspsychje	welcome Android361abc	15:20
oerheks	Android should be added to bug 1	15:21
ubot5	bug 1 in Ubuntu Malaysia LoCo Team "Microsoft has a majority market share" [Critical,In progress] https://launchpad.net/bugs/1	15:21
oerheks	hips	15:21
lotuspsychje	lol	15:21
lotuspsychje	bbl chicken wok a la lotus	15:25
lotuspsychje	why did the chicken cross my pan?	15:25
oerheks	is this wr dude hans_ _ sidekick ? lolz	15:31
tomreyn	#	16:22
blackflow	lotuspsychje: to get to the inner side of your mouth? :D	16:32
lotuspsychje	:p	16:42
oerheks	zesle .. format C: and reinstall	16:43
blackflow	zesle... sounds like nestle and thus like some toy you get packaged up in the cereal box... Zesle(r) - Web Panels for Linux Kids!	16:45
nacc	lol	16:45
nacc	web panels are such a terrible idea	16:45
blackflow	if someone really needs one, there's really just one way to go for sure. centos + cpanel.	16:46
blackflow	everything else, with the exception of plesk that I don't recommend for other reasons, is toys, broken, insecure, and more mess than there should be.	16:46
blackflow	(mind you, cpanel is a HUGE mess of things, it starts with "Disable SELinux" ffs -- but of all panels, it works best)	16:47
hggdh	cockpit is nice	16:48
blackflow	isn't that just web interface for systemd?	16:48
lotuspsychje	its a all-in-one app	16:49
hggdh	anyway, he had problems to begin with when he installed zesle. If he had Apache installed previously, then zesle would only install with a --force-overwrite	16:49
lotuspsychje	blackflow: but yes, manages also systemd	16:49
nacc	hggdh: unless they did an evil version bump	16:49
blackflow	I mean, does it just manage services and containers, or does it set up the whole hosting environemnt with httpd + email + accounts + domains + dns?	16:49
blackflow	usually people craving for panels need that, one-click full stack deployment.	16:50
hggdh	nacc: indeed. Still, he should --purge zesle, god knows what it brought in	16:50
lotuspsychje	one for you hggdh	16:50
nacc	hggdh: yep	16:50
hggdh	nacc: actually, no evil version bump. If he first installed apache, then zesle installation would fail with a similar conflict; if, conversely, he first installed zesle, then apache install would fail with a conflict (as would any updates)	16:53
nacc	hggdh: ah ok, i hadn't looked closely yet	16:54
hggdh	no matter what, nobody knows what changes were introduced, so I would consider his current web install as tainted	16:54
nacc	yeah	16:54
nacc	and i wouldn't ever trust some repo that wants its own apache	16:54
hggdh	+1	16:54
oerheks	blackflow, system-config-printer ... but i dont see why one needs this to run from commandline	16:55
blackflow	oerheks: they're not even using ubuntu.... just want that utility, I guess	16:58
oerheks	cups cli is what he needs	16:59
oerheks	anyway, i am off, biking with Drabber	16:59
lotuspsychje	lol i thought ive read bikini	17:04
leftyfb	we're getting a lot of them these days huh?	17:10
lotuspsychje	yeah leftyfb	17:11
lotuspsychje	user count seem to increase last days	17:11
lotuspsychje	and i think we have a nice volunteers team active at this time too	17:11
lotuspsychje	stable and professional crew :p	17:14
leftyfb	I mean the .... challenging users	17:16
leftyfb	though 18.04 does seem to have a lot of problems with video drivers with all the questions/issues that have been coming up	17:17
lotuspsychje	leftyfb: hmm dont you think compared to unity, graphics issues have reduced?	17:17
leftyfb	Unity really shouldn't made much difference in video driver issues, it's just a DE	17:18
lotuspsychje	well, the real deal will be at .1	17:19
lotuspsychje	then we might know whats top priority	17:19
lotuspsychje	leftyfb: in your opinion what would be top issue on bionic graphics?	17:24
leftyfb	drivers	17:24
lotuspsychje	on random cards?	17:24
leftyfb	people seem to have a lot of issues installing drivers for both nvidia and ati	17:24
leftyfb	more than usual	17:25
leftyfb	at least from what I've seen	17:25
lotuspsychje	390 seems to be pretty stable doesnt it?	17:25
lotuspsychje	i think bionics top issue on .1 will be gnome3 overall on my opinion	17:26
lotuspsychje	unless they release some good changes	17:27
lotuspsychje	oh well, 1 week patience :p	17:28
lotuspsychje	!17.10	17:28
ubot5	Ubuntu 17.10 (Artful Aardvark) was the 27th release of Ubuntu. Download at http://releases.ubuntu.com/17.10/ - Release Info: https://wiki.ubuntu.com/ArtfulAardvark/ReleaseNotes	17:28
lotuspsychje	did you upgrade ducasse	17:29
ducasse	yep, but got disk problems	17:29
lotuspsychje	whats up	17:29
lotuspsychje	zfs?	17:30
ducasse	i suspect it's a btrfs thing	17:30
lotuspsychje	didnt know you are playing with btrfs?	17:30
lotuspsychje	hey evening pragmaticenigma	17:30
ducasse	i'll look more at it tomorrow	17:31
lotuspsychje	kk	17:31
pragmaticenigma	'alo	17:31
lotuspsychje	pragmaticenigma: 1724 and rolling well	17:31
EriC^^	hey all	17:34
lotuspsychje	hey EriC^^	17:34
EriC^^	hey lotuspsychje	17:34
lotuspsychje	whats up EriC^^	17:35
pragmaticenigma	??	17:35
EriC^^	not much	17:35
lotuspsychje	whats that pragmaticenigma	17:35
pragmaticenigma	confusion	17:35
lotuspsychje	you seem to confuse alot pragmaticenigma :p	17:36
lotuspsychje	only coffee or alcholo?	17:36
lotuspsychje	oh dear	17:36
lotuspsychje	we might need a new !qemu 2011	18:09
pragmaticenigma	??	18:14
lotuspsychje	!qemu	18:15
ubot5	qemu is an emulator you can use to run another operating system - see https://help.ubuntu.com/community/WindowsXPUnderQemuHowTo	18:15
lotuspsychje	its dated pragmaticenigma	18:15
pragmaticenigma	Because it references Windows XP?	18:16
lotuspsychje	no, you can see last edited on the wiki's at bottom of page pragmaticenigma	18:16
pragmaticenigma	I guess I don't understand why it needs updating... qemu is still a hardware emulation provider	18:17
pragmaticenigma	and there are newer more mainstream emulators that have been released since 2011 that are probably favored over qemu... since I'm not certain qemu isolates the guest OS away from the host OS	18:18
pragmaticenigma	actually on that page lotuspsychje is a note that it will not work under 10.04 (which was probably the last edit) and I would assume it still does not work on newer editions	18:20
lotuspsychje	https://www.unixmen.com/how-to-install-and-configure-qemu-in-ubuntu/	18:20
lotuspsychje	something like this	18:20
pragmaticenigma	how did you even find this?	18:20
lotuspsychje	my best friend google!	18:26
pragmaticenigma	yeah, but that implies you went looking for it	18:33
lotuspsychje	yes?	18:33
pragmaticenigma	what inspired you to go looking for it	18:33
lotuspsychje	i just dont like seeing old ubuntu versions on wiki's	18:33
lotuspsychje	even if its still relevant	18:34
lotuspsychje	i also help alot to improve the ubuntu factoids	18:34
lotuspsychje	hence why i mentioned	18:34
daftykins	+1	18:35
daftykins	the wiki needs some serious work	18:35
hggdh	indeed. For quite some time I worked on (mostly) the bug triage pages. Then... I lapsed...	18:36
lotuspsychje	we all do what we can :p	18:37
pragmaticenigma	Hey! It's TJ- !!!	19:23
lotuspsychje	look what the cat throws in	19:23
lotuspsychje	ready for .1 :p	19:24
TJ-	G'evening :)	19:25
TJ-	No, just here for LineageOS build failures!	19:25
ducasse	\o TJ-	19:25
daftykins	\o	19:30
daftykins	welcome back :>	19:30
lotuspsychje	whats happening with that build TJ-	19:33
TJ-	lotuspsychje: what's happening is it... isn't! build failure for strange build tooling related reasons	19:34
lotuspsychje	got some errors?	19:35
leftyfb	TJ-'s back!	19:35
TJ-	lotuspsychje: yeah, weird stuff like ninja timing out talking to jack-server. I'm currently trying adding JACK_EXTRA_CURL_OPTIONS="--max-time 7200"	19:38
TJ-	I've upped Java VM heap to 6GB, reduced parallel instances to 1, changed the garbage collector	19:39
lotuspsychje	https://forum.xda-developers.com/android/software/aosp-cm-los-how-to-fix-jack-server-t3575179	19:40
TJ-	yeah, been through all that and more over the last 3 days	19:42
lotuspsychje	TJ-: how about ssl certificate?	19:45
lotuspsychje	https://groups.google.com/forum/#!topic/android-building/8SQ0-4zZDo8	19:46
TJ-	nothing like that. It's something to do with the memory overhead and/or compile jobs taking excessive time.	19:47
lotuspsychje	hmm	19:47
pragmaticenigma	joy asdf is back :-(	19:47
lotuspsychje	JACK_VM_COMMAND=${JACK_VM_COMMAND:="java -Xmx4096m"}	19:49
TJ-	hmm, this time jack-server failed to start! If the errors were consistent I might be able to track down the cause, grrr	19:49
TJ-	lotuspsychje: I've done all that, you're going over what I've done over the last 3 days	19:49
lotuspsychje	ok mate	19:49
TJ-	I'm giving it 6GB heap, was already giving it 4GB	19:50
TJ-	ahhh, this time the JDK reported insufficient memory to allocate 4GB, which makes sense since I set the minimum heap with -Xms4G	19:52
lotuspsychje	TJ-: did you go over this one https://source.android.com/setup/build/jack	19:53
TJ-	yeah, I've trawled everything relevant, including the source code but Android build system is one heck of a mess and that's being extremely polite!	19:54
lotuspsychje	lol	19:55
TJ-	At least it fails fast now - originally it was running for 6+ hours before failing	19:55
lotuspsychje	:p	19:55
lotuspsychje	cu another timezone guys	19:56
TJ-	The command bring run when it fails is from an auto-generated shell script which is 60,000 (yes, sixty thousand!) lines long and is made up of lots of sub-shells linked by && as in (do this) && (do this) && (do this) ...	19:56
daftykins	sounds like a delight to debug ;)	19:57
TJ-	daftykins: you're the master of understatement tonight!	19:59
daftykins	TJ-: :D	19:59
daftykins	TJ-: i have sad news, i gave back my painting milk crate	19:59
TJ-	I'm so glad Google were fined 4.3bm euros today; they deserve it for this build system alone	19:59
TJ-	daftykins: your what?!	19:59
daftykins	the milk crate i stood on to paint up on the scaffold :)	20:00
TJ-	Oh! wow, that was highly technical :)	20:00
TJ-	I thought you used a pogo stick :D	20:00
pragmaticenigma	TJ-: I love how Google is claiming their going to have to start charging for Android now... They already do!!!! ASOP is free and without the google stuff. Google charges for certification of Android deveices to be blessed with the Google Apps	20:14
daftykins	TJ-: hehe only on weekends	20:15
TJ-	right, Google is the new Microsoft	20:15
pragmaticenigma	Effectively a lisense and development fee for the privilege of providing a support version of Android to end users.	20:15

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!