[10:17] <dutchie> hi, is this the right place to ask about the canonical-livepatch service? I'm having it failing with 403 errors, even after I've disabled and re-enabled it
[10:21] <dutchie> during refresh: cannot check: cannot send status to server: bad server status 403 (URL: https://livepatch.canonical.com/api/machine/c13151cc85df441a84c14fa33a7ed6e3): {"error": "Not checking for new patches based on reported livepatch state. State: kernel-upgrade-required"}
[10:40] <tomreyn> dutchie: i assume you'd need to contact your canonical sales rep directly about it. but before you do, check whether you can     curl https://livepatch.canonical.com/
[10:40] <dutchie> I am just using the free tier, so I don't have a sales rep
[10:41] <tomreyn> see also https://wiki.ubuntu.com/Kernel/Livepatch about requirements
[10:41] <tomreyn> and verify that your api key is properly registered
[10:41] <tomreyn> the contact provided at https://snapcraft.io/canonical-livepatch is mailto:snaps@canonical.com
[10:43] <dutchie> ah, that's probably a reasonable starting point
[10:43] <dutchie> it used to be working and I'm not sure what changed
[10:44] <tomreyn> i'm just another boring user, could not tell.
[10:48] <tomreyn> i assume that https://auth.livepatch.canonical.com/ enables you to manage your tokens.
[10:49] <frickler> dutchie: this latest lsn says that the patches can't be livepatched, so you need to do a real kernel update https://lists.ubuntu.com/archives/ubuntu-security-announce/2019-November/005193.html
[10:50] <frickler> in particular I think you can't do a live microcode update
[10:50] <dutchie> these are VPSs so microcode isn't an issue, and I feel like the 403 is orthogonal to that
[10:50] <dutchie> I should reboot anyway though
[10:51] <frickler> dutchie: well, that's what I read into your "State: kernel-upgrade-required"
[10:51] <dutchie> hmm, true
[10:53] <dutchie> ok, it seems to be good after a reboot
[10:54] <frickler> there are also rumours that that new microcode can severely impact performance. well at least for those who consider 20% or so severe
[10:59] <dutchie> great, all sorted now, thanks tomreyn and frickler
[10:59] <tomreyn> dutchie: so it was just the reboot?
[10:59] <tomreyn> frickler: do you happen to have a link ready to such reports?
[11:12] <frickler> tomreyn: it's on the wiki page you cited: "Livepatch Security Notices (LSN) are only available by subscribing to the Ubuntu Security Announcements mailing list." you can then check the archives for LSNs from that mailman link
[11:15] <tomreyn> frickler: thanks, but i'm asking about "rumours that that new microcode can severely impact performance", sorry if this was unclear. i did find https://www.phoronix.com/scan.php?page=article&item=intel-jcc-gaming about performance impact for gaming.
[11:16] <frickler> tomreyn: ah, there were some things on twitter regarding it, let me check if I can still find them
[11:17] <OerHeks> all Intel patches have impact, nothing new about that
[11:18] <frickler> https://twitter.com/damageboy/status/1194751035136450560 is where I saw the 20% mark
[11:23] <tomreyn> 20% seems unlikely for generic workloads. intel says 0-4%, with some spikes doing worse, which was apparently confirmed at https://www.phoronix.com/scan.php?page=article&item=intel-jcc-microcode
[11:29] <tomreyn> so it's 20% for array.sort() before compiler patches.