[04:30] <lotuspsychje> good morning
=== tds3 is now known as tds
[06:39] <ducasse> good morning
[11:20] <seyyed_> Hi, I wanna know why we have multiple public key "Ubuntu Archive Automatic Signing Key". I have heared about 4 type of package: unviverse, main, ... . these mentioned public key are for them? all of them or specific? why multiple?
[11:20] <seyyed_> Also is there any philosphy behind words automatic and archive?
[11:25] <seyyed_> Additionally I've removed all of them and all repository. could you help me how to restore them? I've checked those in "Software and update->Ubuntu software" but still nothing has been added. sometime after checking those box and closing the window, it prompt to reload and refresh cache, unfortunately this will stuck and no thing will happen!
[11:29] <seyyed_> I know it's not a supportive channel but plz helllllp :'''''(
[11:30] <lotus|NUC> seyyed_: are you trying to discuss things, or do you need actual ubuntu support?
=== seyyed_ is now known as seyyed
[12:11] <seyyed> I think this is not support I just want to know. it's curiosity
[12:12] <seyyed> all I need is here thanks
[12:12] <seyyed> https://wiki.ubuntu.com/SecurityTeam/FAQ#GPG_Keys_used_by_Ubuntu
[14:25] <zmagii> Xfce FTW
[15:00] <Sven_vB> I just read about the KRACK attack. is there currently any way to reasonably protect a home wifi?
[15:01] <Sven_vB> or do I have to give up on my "wireless router" and go all VPN
[15:01] <Sven_vB> ?
[15:02] <daftykins> i think that was an ancient one that relied on older standards
[15:02] <daftykins> VPNs have absolutely no relevance to that situation, just turning off wifi is what you'd think of first :)
[15:02] <Sven_vB> https://www.krackattacks.com/ says "Update October 2018:" and that paragraph sounds like it got even worse.
[15:03] <Sven_vB> I meant to use the wifi as a public medium over which I spawn a secured VPN.
[15:03] <daftykins> having a consumer router is a big downside to begin with as they get abandoned for support and generally don't get fixes released often to their firmware
[15:04] <daftykins> that again doesn't make any sense, then
[15:05] <Sven_vB> well with the VPN I wouldn't need to rely on the access point's security, would I? I'd treat it as hostile as a hotel Wifi would be
[15:06] <Sven_vB> I have an OpenWRT based "travel firewall" for that purpose, it connects to a hostile wifi and spawns my own well-maintained and hopefully secure wifi.
[15:06] <Sven_vB> well, that responsibility would now have to be on all clients
[15:08] <Sven_vB> they would use the well-maintained wifi just to connect to a VPN server on the OpenWRT.
[15:09] <daftykins> you started off by referring to home wifi but have already changed the scenario
[15:09] <daftykins> i find people that pay for these VPN services a bit nuts
[15:09] <Sven_vB> oh I'm sorry. I consider my cable uplink at home hostile, because I don't own the device.
[15:10] <Sven_vB> I would host my own VPN server of course.
[15:10] <Sven_vB> in my LAN
[15:10] <daftykins> most folk in the US can buy their own cable 'modems', but any service your ISP would always be able to see what's going on, so it's kinda ridiculous
[15:10] <daftykins> your packets are always going to egress somewhere
[15:11] <daftykins> nah that's not necessary at all, there are other protection available - but just don't use wifi if you don't think you can trust it
[15:11] <Sven_vB> there's a firewall between my cable modem and my LAN, so I hope my cable provider can only see traffic that's meant to go to the internet.
[15:11] <daftykins> a more sane angle to take is - what's special about you? why would anyone be wanting to jump on your wifi specifically?
[15:12] <daftykins> yes pretty much everyone is running a NAT firewall at home, though if it's a consumer device it's likely trash
[15:14] <Sven_vB> I live in europe and I store credentials to webmaster websites of my clients, so (my non-lawyer interpretation of) GDPR regulations says I have to at least try and protect the best I can.
[15:14] <Sven_vB> as long as none of my clients' services get hacked it's no problem of course.
[15:16] <daftykins> right so those could be stored in an encrypted keepass db, which is another change of topic :)
[15:16] <Sven_vB> "just don't use wifi if you don't think you can trust it" <-- that's exactly my problem at the moment, to decide how much can I trust it.
[15:16] <daftykins> if you think that GDPR means you need to go nuts about your home wifi and use a VPN service, you're miles from reality
[15:17] <Sven_vB> no not VPN service. that would defeat the purpose of keeping the packets restricted to my LAN only. :)
[15:17] <Sven_vB> at least not an external VPN
[15:18] <Sven_vB> so I guess you consider WPA2-PSK as state of the art security still?
[15:18] <daftykins> lol, of course not - it's ancient
[15:19] <Sven_vB> then I misunderstood your "go nuts"
[15:19] <daftykins> personally i have a ubiquiti access point which is configured to provide a main SSID to my LAN, then a guest SSID that connects to a separate subnet for my client devices to plug into
[15:20] <Sven_vB> "client devices" as in business clients visiting your office?
[15:20] <daftykins> i set up and work on client equipment as i work from home, so those only get online from an isolated network
[15:23] <Sven_vB> oh I see
[15:23] <Sven_vB> so if their hardware goes mad it cannot (easily) hack into your personal-use LAN
[15:24] <daftykins> and the AP itself is still supported and received firmware updates
[15:25] <daftykins> but it's a modular network rather than having some all-in-one consumer router, so i can just unplug that and replace it when the time comes
[15:26] <Sven_vB> is "all-in-one consumer router" meant as price category, or as doing the cable uplink role, or something other even?
[15:27] <Sven_vB> my cable modem thingy offers WiFi as well, but as said I don't trust that device so I don't use its WiFi and treat its ethernet ports as public internet.
[15:28] <daftykins> It's a class of device. If it can do wifi it's not a cable modem, it's likely a full combo modem/router
[15:29] <Sven_vB> yeah the terminology is squishy even in my native tongue so I've probably translated it wrong earlier.
[15:33] <daftykins> the same thing happens in English really, some terms have begun meaning different things to different people
[15:34] <daftykins> a while ago i was working with an electrician on the refurbishment of a client's office, i said the router was going in the rack cabinet on the wall and the wifi access point was going to be mounted on the ceiling of the office - he was puzzled and asked why the wifi wasn't coming from the router, but he was clearly thinking about domestic consumer equipment
[15:34] <Sven_vB> It just came to my mind that it probably depends a lot on the AP implementation, so I should rather ask #OpenWRT .
[15:35] <daftykins> well yes, absolutely none of this has had anything to do with ubuntu
[15:36] <daftykins> i think you're taking things too far though, GDPR only says you must go to a reasonable effort to ensure security of things
[15:36] <Sven_vB> well, the discussion with you helped me reach the conclsion that I want to switch my gateway to OpenWRT. :)
[15:37] <daftykins> devices that keep getting updates are always good
[15:38] <Sven_vB> the GDPR stuff is just one part of the truth. there may or may not be other concerns. ;)
[15:38] <daftykins> ok well when you ask people things on IRC, you are wasting their time when you don't state the truth up front
[15:41] <Sven_vB> I thought GDPR by itself was a good enough reason to keep my LAN secure, so I considered the additional reasons unimportant. I wasn't expecting that to have an impact on your advice. I'm sorry if that wasted some thoughts.
[15:43] <Sven_vB> nevertheless, thanks for your thoughts and the insight!
[18:30] <lotuspsychje> you can poll here if you like odp
[18:30] <odp> i need to buy a new video card. is nvidia still better supported than radeon cards?
[18:30] <daftykins> life looks easier for nvidia users, i'd say
[21:39] <tomreyn> odp: there are some amd cards which work pretty well out of the box now, and with open source drivers. if you need the highest performance, nvidia would be the choice. the downside of nvidia are that its drivers are still proprietary (the open source driver there is not good for lack of documentation provided), which means it can become vaporware at some point when nvidia chooses to no longer support it.
[22:41] <JanC> not to mention some FLOSS stuff is not supported on nvidia's proprietary drivers, and then you have to fall back on the not-so-useful FLOSS drivers for nvidia
[22:41] <daftykins> like what?
[22:43] <JanC> OTOH, there is some scientific libraries that assume CUDA, where only nvidia would work IIRC