/srv/irclogs.ubuntu.com/2020/01/28/#ubuntu-discuss.txt

oerheksok, last intel vuln https://cacheoutattack.com/00:33
oerheks yes, unless you happen to have a CPU released after Q4 2018.00:34
oerheks CVE-2020-054900:36
oerhekshttps://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling00:39
daftykinspokémon with microcode!00:41
oerheksangrybirds00:43
oerheksaarch starts to get more interesting00:44
oerhekswiki is up2date too .. https://en.wikipedia.org/wiki/Transient_execution_CPU_vulnerabilities01:02
oerheksbad bad intel https://mdsattacks.com/files/ridl-addendum2.pdf01:13
daftykinsRIDL me this01:14
oerheksStarting with Qt 5.15, long term support (LTS) will only be available to commercial customers.  ... https://www.qt.io/blog/qt-offering-changes-202002:34
Bashing-omoerheks: Well ^ - will have to be the more selective as to what QT items are included in UWN issues :(03:02
lotuspsychjegood morning03:20
lotuspsychje!19.0405:29
ubot5Ubuntu 19.04 (Disco Dingo) was the 30th release of Ubuntu, supported ended January 2020. see !eol and https://lists.ubuntu.com/archives/ubuntu-security-announce/2020-January/005263.html05:29
lotuspsychjegreat05:29
lotuspsychjetnx 4 the edit05:30
lordievaderGood morning07:14
ducassegood morning07:46
marcoagpintoHello guys08:35
marcoagpinto>:) <- cola demon08:35
=== lotuspsychje_ is now known as lotuspsychje
marcoagpintolotus psychic!09:25
marcoagpinto:)09:25
marcoagpintomorning09:26
lotuspsychje!hardware09:35
ubot5For lists of supported hardware on Ubuntu see https://wiki.ubuntu.com/HardwareSupport - To help debugging and improving hardware detection, see https://wiki.ubuntu.com/DebuggingHardwareDetection09:36
lotuspsychjemarcoagpinto: your bug has been triaged bug #186089909:49
ubot5bug 1860899 in nautilus (Ubuntu) "Add extra information to tabs in folders" [Wishlist,Triaged] https://launchpad.net/bugs/186089909:49
marcoagpintolotuspsychje: thanks for telling me :)09:50
lotuspsychjethere was already an upstream proposal09:50
marcoagpintoI received the reply09:50
marcoagpinto:)09:50
marcoagpintoit is a useful feature09:51
lotuspsychjepray for the cola deamon it will be granted :p09:51
marcoagpinto;)09:51
marcoagpintoit is good to have a new computer... now I can run my VMs here and copy files to a shared folder09:53
marcoagpinto:)09:53
tomreyn18.04.4 point-release coming up shortly11:23
marcoagpintogood to know :)11:49
marcoagpintotomreyn: "shortly"=="today"?12:01
marcoagpintopragmaticenigma: Hello!12:52
pragmaticenigmayo12:52
marcoagpintoy012:52
marcoagpintoguys?! Is there a way to see all files in a website?12:56
marcoagpintoI ask this because old wordlists of the UK speller have traffic12:56
marcoagpintohow do people know their name?12:56
pragmaticenigmamarcoagpinto: Unless the web site maintainer offers an index page, the only way is to crawl through every single page to find what is offered publically.,.13:05
marcoagpintopragmaticenigma: But how did they know about files from 2018?13:06
marcoagpintoI deleted the 2018 files13:06
marcoagpinto(this morning)13:06
pragmaticenigmamarcoagpinto: There is a site call Internet Archive... chances are, they crawled that section back then, and someone found the list there13:07
marcoagpintoohhhhhhhh13:08
marcoagpintobut isn't it stored in the internet archive?13:08
marcoagpintothe statistics claim they are downloaded from my site13:08
marcoagpintopragmaticenigma: https://i.imgur.com/54mbTwK.png13:10
pragmaticenigmamarcoagpinto: Welcome to the world of the Internet and Security Researchers/Hackers13:11
marcoagpintowhat?13:11
pragmaticenigmaThe current trend is to scan Internet Archive for things that may have been accidentally made public once upon a time. Then said researcher will go to the hosting site to see if those files are still available13:12
pragmaticenigmaas well as see if other files have been left in the open13:12
marcoagpinto1647 people downloaded the wordlist from December this month13:13
marcoagpinto:)13:13
marcoagpintoI still don't understand what you mean?13:14
marcoagpinto:p13:14
marcoagpintoand 7682 people the January file13:15
pragmaticenigmamarcoagpinto: In that case, I assume someone else has made a program that is using your wordlists13:15
marcoagpintoohhhhhhhh13:15
pragmaticenigmaand instead of being a nice netizen, they are using your hosting of the file to provide the list to their application13:16
marcoagpinto:(((((((((((13:16
marcoagpintodeep linking13:16
marcoagpinto:(((((13:16
pragmaticenigmano13:16
pragmaticenigmastatic linking13:16
marcoagpintoanyway, from now on I will only keep the wordlists from the current and previous year13:20
pragmaticenigmamarcoagpinto: If it was me, I'd start maintaining those wordlists on something like github/gitlab where you can track the differences made, but only the newest file is made available. Then you can link from your site to your code repository holding the wordlist13:22
pragmaticenigmaThat would ensure everyone that downloads it will grab the latest copy, and doesn't waste your site's bandwidth13:22
marcoagpintoohhhhhhhh13:29
marcoagpintoI also have it in GitHub13:29
marcoagpintoand 70+ persons downloading my tool?13:30
marcoagpintoin the past it was some 4 or so downloads per month13:30
marcoagpintonow I got 70+ just this month?13:30
pragmaticenigmamust be gaining interest13:51
marcoagpinto:)14:02
marcoagpintoa citizen of the universe!!!! We will change the world!14:03
marcoagpinto:)14:03
marcoagpinto"Together we will change the world! I have a dream: a spiritual, scientific and technological advanced civilisation with space travel technology, where life instead of price has value, happening in my lifetime."14:03
lotuspsychje!info linux-image-generic eoan16:48
ubot5Package linux-image-generic does not exist in eoan16:48
pragmaticenigmaUbuntu 20.04 is so great... it needs no kernel!!!16:48
daftykinspsst that's 19.1016:48
lotuspsychjedaftykins: yeah i know its for a user in #u16:49
pragmaticenigmadoh!16:49
daftykinsnah not you lotus :P16:49
* pragmaticenigma likes number more than these funny names16:49
lotuspsychjeoh lol16:50
daftykinsi'm definitely getting to the point where i can't recall every intel core generation name, 'buntu release, android release, macOS release...16:50
lotuspsychjeso many codenames indeed16:50
hggdhtoo many code names for too many different projects16:50
daftykinsof course instantly disregarding non-LTS helps16:51
lotuspsychjeheh16:51
pragmaticenigmathat too16:57
pragmaticenigmabut focal hasn't started to trigger 20.04 for me yet16:58
pragmaticenigmagetting there16:58
=== angik1 is now known as angik
sarnoldtomreyn: plutes description there is kind of all over the place.. did he say how long his computer hangs?19:38
tomreynsarnold: no, not yet19:39
tomreynsarnold: what do you mean by "all over the place", as in they said so previously?19:39
sarnoldtomreyn: heh, just that he's not fantastic at describing what's going on19:40
tomreynah yes19:40
sarnoldstarts out with something like "why do I keep disconnecting from irc" then reports some 18 ms time difference from a touch pad and then complains that he has to hard reset with a power button19:40
tomreynyes, very x->y. also a bit too paranoid.19:44
tomreyn(a little bit paranoid is good, though)19:44
daftykinsa user beginning to ask questions who has yet to find the correct ones :)19:45
sarnoldlol19:46
sarnoldI'll have to try to remember that :)19:46
tomreynthere are bios updates for your basement incl. CVE references: https://www.supermicro.com/products/system/3U/6038/SSG-6038R-E1CR16L.cfm20:04
sarnoldtomreyn: <3 <3 <320:06
daftykinsbasement o020:07
tomreynthe latest is about SMM + TXT, CVE-2019-015220:07
sarnoldawwwwww crud. supermicro doesn't seem to participate in the thing that lets fwupdmgr work :(20:08
tomreynno :-/20:08
daftykinslast i looked most functions weren't even supported by any packages versions in 'buntu20:09
daftykins*packaged20:09
sarnoldI'm not too worried about the CPU vulns: I've got the cpu microcode packages installed, and this machine never does anything remotely close to executing untrusted code20:10
sarnoldbut still it'd be nice to get updates :(20:10
tomreynbasement runs ucode revision 0x43, date = 2019-03-01, whereas Intel SA-00240 went public on nov 1220:10
tomreynjust saying ;)20:10
daftykinssounded like sandybridge era from the link so does it even apply?20:11
sarnoldgood question, intel might already be pretending these cpus don't exist20:11
daftykinsthat's definitely the case for laptop + desktop sandybridge and prior20:12
daftykinskinda why i consider haswell a minimum as the microcode in firmware updates from system manufacturers seems more readily available20:12
oerheksmy next machine will be a ryzen, or something after 2018 https://cacheoutattack.com/20:14
oerhekshttps://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling20:14
tomreynFor CVE-2019-0151, SA-00240 lists Intel® Xeon® Processor E3 v3 Family, which is what's installed (E5-2630 v3)20:14
oerheks CVE-2020-0549  CVE-2020-054820:14
tomreynbah 6.5 only, i hardly move out of bed for that now!20:15
daftykins:D20:15
oerheksbut you must buy a new one, hurry20:16
tomreynoh right, the new windows 10 is out, need to upgrade hardware20:17
oerheksheh, i am still working on a vista machine20:17
tomreynor gnome.shell for that matter20:17
daftykinswhat do you mean 'new 10' ?20:17
tomreyni'm trolling, but wasn't there some new sub-version release lately?20:20
daftykinsno 1909 was the last, long time now20:20
daftykinsmaybe March/April for a next, but i haven't heard a peep20:20
tomreynah well 1909 apparently released in november, not that long ago20:21
daftykinssometimes feels like it in this line of work :D20:22
daftykinsoerheks: what's the Vista machine doing? :)20:22
oerhekssticker is removed, now a big ubuntu sticker/patch20:23
oerhekssilly i3, running LTS+HWE20:23
KirejiI just found my ubuntu instance using curl to access motd, and reporting in the user agent string the distribution,details of the hardware platform and cpu and the current uptime.21:49
Kirejinot happy :(21:49
Kirejiimo, it's an egregious privacy violation, one that I never consented to21:49
daftykinschin up, there are more important things in life21:49
Kirejicode: https://www.pastiebin.com/5e30ac25cc09921:49
tomreynhmm i wasn't aware it send this much, that's ugly indeed.21:50
KirejiIE21:51
Kirejicurl/7.58.0-2ubuntu3.8 Ubuntu/18.04.3/LTS GNU/Linux/4.15.0-74-generic/x86_6421:51
KirejiIntel(R)/Xeon(R)/CPU/E3-1270/v6/@/3.80GHz21:51
Kirejiuptime/1702729.26/13617744.16 cloud_id/unknown21:51
Kirejiit needs to get fixed21:51
daftykinsooh out of date kernel there :) -76 today21:51
Kireji"there are more important things in life"21:52
daftykinsyep21:52
tomreynKireji: fwiw you can opt-out by editing /etc/default/motd-news21:53
Kirejitomreyn: done first21:54
Kirejiit's about 10y too late tho21:54
Kireji*sigh*21:55
tomreynthis was only introduced a few years ago, though21:55
daftykinsthe facts don't matter when there's sensationalism to enjoy, tomreyn ;)21:55
tomreynit's more than that imo, there's clearly no need to send all these details, and it's not part of the announced and (semi) gui opt-outable telemetry collection21:57
tomreynand it's in violation of GDPR21:58
daftykinsmaybe so for GDPR, i can't recall if there's a prompt about that during server install - as i was thinking of server with that complaint21:59
tomreynand some of these details are the kind of info gchq and spooks would ask you to store about your users if you wanted to make them happy and they wanted to be able to have a central go-to to get data for their targetted attacks.21:59
tomreynmotd news is on both servers and desktops, i think22:00
daftykinsbut any related prompts during installation is what i mean22:01
tomreyni don't recall such prompts on servers, there is a prompt on gnome-shell which is shown as part of gnome-initial-configuration22:01
tomreynsarnold: do you happen to have an opinion on this?22:02
tomreyn(and one that you feel like voicing)22:02
tomreyn(and i don't want uk to leave in almost all other aspects)22:08
oerheksif motd is an issue, how about updates/server, apt-transport-https, dns, time sync ..22:21
tomreynthe unique machine id isn't transferred, that's true.22:32
tomreyn(not in this context anyways.)22:33
sarnoldtomreyn: I know that we find it useful to have rough ideas of which releases people are running on which processors; the uptime is helpful for spotting customers "stressing" clouds, where they'll boot one million or two million ubuntu instances in an afternoon every day for a week23:45
daftykins:D23:53

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!