[00:33] <oerheks> ok, last intel vuln https://cacheoutattack.com/
[00:34] <oerheks>  yes, unless you happen to have a CPU released after Q4 2018.
[00:36] <oerheks>  CVE-2020-0549
[00:39] <oerheks> https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling
[00:41] <daftykins> pokémon with microcode!
[00:43] <oerheks> angrybirds
[00:44] <oerheks> aarch starts to get more interesting
[01:02] <oerheks> wiki is up2date too .. https://en.wikipedia.org/wiki/Transient_execution_CPU_vulnerabilities
[01:13] <oerheks> bad bad intel https://mdsattacks.com/files/ridl-addendum2.pdf
[01:14] <daftykins> RIDL me this
[02:34] <oerheks> Starting with Qt 5.15, long term support (LTS) will only be available to commercial customers.  ... https://www.qt.io/blog/qt-offering-changes-2020
[03:02] <Bashing-om> oerheks: Well ^ - will have to be the more selective as to what QT items are included in UWN issues :(
[03:20] <lotuspsychje> good morning
[05:29] <lotuspsychje> !19.04
[05:29] <lotuspsychje> great
[05:30] <lotuspsychje> tnx 4 the edit
[07:14] <lordievader> Good morning
[07:46] <ducasse> good morning
[08:35] <marcoagpinto> Hello guys
[08:35] <marcoagpinto> >:) <- cola demon
[09:25] <marcoagpinto> lotus psychic!
[09:25] <marcoagpinto> :)
[09:26] <marcoagpinto> morning
[09:35] <lotuspsychje> !hardware
[09:49] <lotuspsychje> marcoagpinto: your bug has been triaged bug #1860899
[09:50] <marcoagpinto> lotuspsychje: thanks for telling me :)
[09:50] <lotuspsychje> there was already an upstream proposal
[09:50] <marcoagpinto> I received the reply
[09:50] <marcoagpinto> :)
[09:51] <marcoagpinto> it is a useful feature
[09:51] <lotuspsychje> pray for the cola deamon it will be granted :p
[09:51] <marcoagpinto> ;)
[09:53] <marcoagpinto> it is good to have a new computer... now I can run my VMs here and copy files to a shared folder
[09:53] <marcoagpinto> :)
[11:23] <tomreyn> 18.04.4 point-release coming up shortly
[11:49] <marcoagpinto> good to know :)
[12:01] <marcoagpinto> tomreyn: "shortly"=="today"?
[12:52] <marcoagpinto> pragmaticenigma: Hello!
[12:52] <pragmaticenigma> yo
[12:52] <marcoagpinto> y0
[12:56] <marcoagpinto> guys?! Is there a way to see all files in a website?
[12:56] <marcoagpinto> I ask this because old wordlists of the UK speller have traffic
[12:56] <marcoagpinto> how do people know their name?
[13:05] <pragmaticenigma> marcoagpinto: Unless the web site maintainer offers an index page, the only way is to crawl through every single page to find what is offered publically.,.
[13:06] <marcoagpinto> pragmaticenigma: But how did they know about files from 2018?
[13:06] <marcoagpinto> I deleted the 2018 files
[13:06] <marcoagpinto> (this morning)
[13:07] <pragmaticenigma> marcoagpinto: There is a site call Internet Archive... chances are, they crawled that section back then, and someone found the list there
[13:08] <marcoagpinto> ohhhhhhhh
[13:08] <marcoagpinto> but isn't it stored in the internet archive?
[13:08] <marcoagpinto> the statistics claim they are downloaded from my site
[13:10] <marcoagpinto> pragmaticenigma: https://i.imgur.com/54mbTwK.png
[13:11] <pragmaticenigma> marcoagpinto: Welcome to the world of the Internet and Security Researchers/Hackers
[13:11] <marcoagpinto> what?
[13:12] <pragmaticenigma> The current trend is to scan Internet Archive for things that may have been accidentally made public once upon a time. Then said researcher will go to the hosting site to see if those files are still available
[13:12] <pragmaticenigma> as well as see if other files have been left in the open
[13:13] <marcoagpinto> 1647 people downloaded the wordlist from December this month
[13:13] <marcoagpinto> :)
[13:14] <marcoagpinto> I still don't understand what you mean?
[13:14] <marcoagpinto> :p
[13:15] <marcoagpinto> and 7682 people the January file
[13:15] <pragmaticenigma> marcoagpinto: In that case, I assume someone else has made a program that is using your wordlists
[13:15] <marcoagpinto> ohhhhhhhh
[13:16] <pragmaticenigma> and instead of being a nice netizen, they are using your hosting of the file to provide the list to their application
[13:16] <marcoagpinto> :(((((((((((
[13:16] <marcoagpinto> deep linking
[13:16] <marcoagpinto> :(((((
[13:16] <pragmaticenigma> no
[13:16] <pragmaticenigma> static linking
[13:20] <marcoagpinto> anyway, from now on I will only keep the wordlists from the current and previous year
[13:22] <pragmaticenigma> marcoagpinto: If it was me, I'd start maintaining those wordlists on something like github/gitlab where you can track the differences made, but only the newest file is made available. Then you can link from your site to your code repository holding the wordlist
[13:22] <pragmaticenigma> That would ensure everyone that downloads it will grab the latest copy, and doesn't waste your site's bandwidth
[13:29] <marcoagpinto> ohhhhhhhh
[13:29] <marcoagpinto> I also have it in GitHub
[13:30] <marcoagpinto> and 70+ persons downloading my tool?
[13:30] <marcoagpinto> in the past it was some 4 or so downloads per month
[13:30] <marcoagpinto> now I got 70+ just this month?
[13:51] <pragmaticenigma> must be gaining interest
[14:02] <marcoagpinto> :)
[14:03] <marcoagpinto> a citizen of the universe!!!! We will change the world!
[14:03] <marcoagpinto> :)
[14:03] <marcoagpinto> "Together we will change the world! I have a dream: a spiritual, scientific and technological advanced civilisation with space travel technology, where life instead of price has value, happening in my lifetime."
[16:48] <lotuspsychje> !info linux-image-generic eoan
[16:48] <pragmaticenigma> Ubuntu 20.04 is so great... it needs no kernel!!!
[16:48] <daftykins> psst that's 19.10
[16:49] <lotuspsychje> daftykins: yeah i know its for a user in #u
[16:49] <pragmaticenigma> doh!
[16:49] <daftykins> nah not you lotus :P
[16:49]  * pragmaticenigma likes number more than these funny names
[16:50] <lotuspsychje> oh lol
[16:50] <daftykins> i'm definitely getting to the point where i can't recall every intel core generation name, 'buntu release, android release, macOS release...
[16:50] <lotuspsychje> so many codenames indeed
[16:50] <hggdh> too many code names for too many different projects
[16:51] <daftykins> of course instantly disregarding non-LTS helps
[16:51] <lotuspsychje> heh
[16:57] <pragmaticenigma> that too
[16:58] <pragmaticenigma> but focal hasn't started to trigger 20.04 for me yet
[16:58] <pragmaticenigma> getting there
[19:38] <sarnold> tomreyn: plutes description there is kind of all over the place.. did he say how long his computer hangs?
[19:39] <tomreyn> sarnold: no, not yet
[19:39] <tomreyn> sarnold: what do you mean by "all over the place", as in they said so previously?
[19:40] <sarnold> tomreyn: heh, just that he's not fantastic at describing what's going on
[19:40] <tomreyn> ah yes
[19:40] <sarnold> starts out with something like "why do I keep disconnecting from irc" then reports some 18 ms time difference from a touch pad and then complains that he has to hard reset with a power button
[19:44] <tomreyn> yes, very x->y. also a bit too paranoid.
[19:44] <tomreyn> (a little bit paranoid is good, though)
[19:45] <daftykins> a user beginning to ask questions who has yet to find the correct ones :)
[19:46] <sarnold> lol
[19:46] <sarnold> I'll have to try to remember that :)
[20:04] <tomreyn> there are bios updates for your basement incl. CVE references: https://www.supermicro.com/products/system/3U/6038/SSG-6038R-E1CR16L.cfm
[20:06] <sarnold> tomreyn: <3 <3 <3
[20:07] <daftykins> basement o0
[20:07] <tomreyn> the latest is about SMM + TXT, CVE-2019-0152
[20:08] <sarnold> awwwwww crud. supermicro doesn't seem to participate in the thing that lets fwupdmgr work :(
[20:08] <tomreyn> no :-/
[20:09] <daftykins> last i looked most functions weren't even supported by any packages versions in 'buntu
[20:09] <daftykins> *packaged
[20:10] <sarnold> I'm not too worried about the CPU vulns: I've got the cpu microcode packages installed, and this machine never does anything remotely close to executing untrusted code
[20:10] <sarnold> but still it'd be nice to get updates :(
[20:10] <tomreyn> basement runs ucode revision 0x43, date = 2019-03-01, whereas Intel SA-00240 went public on nov 12
[20:10] <tomreyn> just saying ;)
[20:11] <daftykins> sounded like sandybridge era from the link so does it even apply?
[20:11] <sarnold> good question, intel might already be pretending these cpus don't exist
[20:12] <daftykins> that's definitely the case for laptop + desktop sandybridge and prior
[20:12] <daftykins> kinda why i consider haswell a minimum as the microcode in firmware updates from system manufacturers seems more readily available
[20:14] <oerheks> my next machine will be a ryzen, or something after 2018 https://cacheoutattack.com/
[20:14] <oerheks> https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling
[20:14] <tomreyn> For CVE-2019-0151, SA-00240 lists Intel® Xeon® Processor E3 v3 Family, which is what's installed (E5-2630 v3)
[20:14] <oerheks>  CVE-2020-0549  CVE-2020-0548
[20:15] <tomreyn> bah 6.5 only, i hardly move out of bed for that now!
[20:15] <daftykins> :D
[20:16] <oerheks> but you must buy a new one, hurry
[20:17] <tomreyn> oh right, the new windows 10 is out, need to upgrade hardware
[20:17] <oerheks> heh, i am still working on a vista machine
[20:17] <tomreyn> or gnome.shell for that matter
[20:17] <daftykins> what do you mean 'new 10' ?
[20:20] <tomreyn> i'm trolling, but wasn't there some new sub-version release lately?
[20:20] <daftykins> no 1909 was the last, long time now
[20:20] <daftykins> maybe March/April for a next, but i haven't heard a peep
[20:21] <tomreyn> ah well 1909 apparently released in november, not that long ago
[20:22] <daftykins> sometimes feels like it in this line of work :D
[20:22] <daftykins> oerheks: what's the Vista machine doing? :)
[20:23] <oerheks> sticker is removed, now a big ubuntu sticker/patch
[20:23] <oerheks> silly i3, running LTS+HWE
[21:49] <Kireji> I just found my ubuntu instance using curl to access motd, and reporting in the user agent string the distribution,details of the hardware platform and cpu and the current uptime.
[21:49] <Kireji> not happy :(
[21:49] <Kireji> imo, it's an egregious privacy violation, one that I never consented to
[21:49] <daftykins> chin up, there are more important things in life
[21:49] <Kireji> code: https://www.pastiebin.com/5e30ac25cc099
[21:50] <tomreyn> hmm i wasn't aware it send this much, that's ugly indeed.
[21:51] <Kireji> IE
[21:51] <Kireji> curl/7.58.0-2ubuntu3.8 Ubuntu/18.04.3/LTS GNU/Linux/4.15.0-74-generic/x86_64
[21:51] <Kireji> Intel(R)/Xeon(R)/CPU/E3-1270/v6/@/3.80GHz
[21:51] <Kireji> uptime/1702729.26/13617744.16 cloud_id/unknown
[21:51] <Kireji> it needs to get fixed
[21:51] <daftykins> ooh out of date kernel there :) -76 today
[21:52] <Kireji> "there are more important things in life"
[21:52] <daftykins> yep
[21:53] <tomreyn> Kireji: fwiw you can opt-out by editing /etc/default/motd-news
[21:54] <Kireji> tomreyn: done first
[21:54] <Kireji> it's about 10y too late tho
[21:55] <Kireji> *sigh*
[21:55] <tomreyn> this was only introduced a few years ago, though
[21:55] <daftykins> the facts don't matter when there's sensationalism to enjoy, tomreyn ;)
[21:57] <tomreyn> it's more than that imo, there's clearly no need to send all these details, and it's not part of the announced and (semi) gui opt-outable telemetry collection
[21:58] <tomreyn> and it's in violation of GDPR
[21:59] <daftykins> maybe so for GDPR, i can't recall if there's a prompt about that during server install - as i was thinking of server with that complaint
[21:59] <tomreyn> and some of these details are the kind of info gchq and spooks would ask you to store about your users if you wanted to make them happy and they wanted to be able to have a central go-to to get data for their targetted attacks.
[22:00] <tomreyn> motd news is on both servers and desktops, i think
[22:01] <daftykins> but any related prompts during installation is what i mean
[22:01] <tomreyn> i don't recall such prompts on servers, there is a prompt on gnome-shell which is shown as part of gnome-initial-configuration
[22:02] <tomreyn> sarnold: do you happen to have an opinion on this?
[22:02] <tomreyn> (and one that you feel like voicing)
[22:08] <tomreyn> (and i don't want uk to leave in almost all other aspects)
[22:21] <oerheks> if motd is an issue, how about updates/server, apt-transport-https, dns, time sync ..
[22:32] <tomreyn> the unique machine id isn't transferred, that's true.
[22:33] <tomreyn> (not in this context anyways.)
[23:45] <sarnold> tomreyn: I know that we find it useful to have rough ideas of which releases people are running on which processors; the uptime is helpful for spotting customers "stressing" clouds, where they'll boot one million or two million ubuntu instances in an afternoon every day for a week
[23:53] <daftykins> :D