| === led_dark_2 is now known as led_dark_1 | ||
| dutchie | hi, is this the right place to ask about the canonical-livepatch service? I'm having it failing with 403 errors, even after I've disabled and re-enabled it | 10:17 |
|---|---|---|
| dutchie | during refresh: cannot check: cannot send status to server: bad server status 403 (URL: https://livepatch.canonical.com/api/machine/c13151cc85df441a84c14fa33a7ed6e3): {"error": "Not checking for new patches based on reported livepatch state. State: kernel-upgrade-required"} | 10:21 |
| tomreyn | dutchie: i assume you'd need to contact your canonical sales rep directly about it. but before you do, check whether you can curl https://livepatch.canonical.com/ | 10:40 |
| dutchie | I am just using the free tier, so I don't have a sales rep | 10:40 |
| tomreyn | see also https://wiki.ubuntu.com/Kernel/Livepatch about requirements | 10:41 |
| tomreyn | and verify that your api key is properly registered | 10:41 |
| tomreyn | the contact provided at https://snapcraft.io/canonical-livepatch is mailto:snaps@canonical.com | 10:41 |
| dutchie | ah, that's probably a reasonable starting point | 10:43 |
| dutchie | it used to be working and I'm not sure what changed | 10:43 |
| tomreyn | i'm just another boring user, could not tell. | 10:44 |
| tomreyn | i assume that https://auth.livepatch.canonical.com/ enables you to manage your tokens. | 10:48 |
| frickler | dutchie: this latest lsn says that the patches can't be livepatched, so you need to do a real kernel update https://lists.ubuntu.com/archives/ubuntu-security-announce/2019-November/005193.html | 10:49 |
| frickler | in particular I think you can't do a live microcode update | 10:50 |
| dutchie | these are VPSs so microcode isn't an issue, and I feel like the 403 is orthogonal to that | 10:50 |
| dutchie | I should reboot anyway though | 10:50 |
| frickler | dutchie: well, that's what I read into your "State: kernel-upgrade-required" | 10:51 |
| dutchie | hmm, true | 10:51 |
| dutchie | ok, it seems to be good after a reboot | 10:53 |
| frickler | there are also rumours that that new microcode can severely impact performance. well at least for those who consider 20% or so severe | 10:54 |
| dutchie | great, all sorted now, thanks tomreyn and frickler | 10:59 |
| tomreyn | dutchie: so it was just the reboot? | 10:59 |
| tomreyn | frickler: do you happen to have a link ready to such reports? | 10:59 |
| frickler | tomreyn: it's on the wiki page you cited: "Livepatch Security Notices (LSN) are only available by subscribing to the Ubuntu Security Announcements mailing list." you can then check the archives for LSNs from that mailman link | 11:12 |
| tomreyn | frickler: thanks, but i'm asking about "rumours that that new microcode can severely impact performance", sorry if this was unclear. i did find https://www.phoronix.com/scan.php?page=article&item=intel-jcc-gaming about performance impact for gaming. | 11:15 |
| frickler | tomreyn: ah, there were some things on twitter regarding it, let me check if I can still find them | 11:16 |
| OerHeks | all Intel patches have impact, nothing new about that | 11:17 |
| frickler | https://twitter.com/damageboy/status/1194751035136450560 is where I saw the 20% mark | 11:18 |
| tomreyn | 20% seems unlikely for generic workloads. intel says 0-4%, with some spikes doing worse, which was apparently confirmed at https://www.phoronix.com/scan.php?page=article&item=intel-jcc-microcode | 11:23 |
| tomreyn | so it's 20% for array.sort() before compiler patches. | 11:29 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!