| lotuspsychje | good morning | 00:54 |
|---|---|---|
| MrCollins | hello | 00:59 |
| lotuspsychje | hey MrCollins | 00:59 |
| MrCollins | hows it | 00:59 |
| lotuspsychje | early woken, still bit blurry | 01:00 |
| lotuspsychje | coffee to the rescue | 01:00 |
| MrCollins | I hear ya | 01:00 |
| MrCollins | You must be in Europe or Asia? :) | 01:00 |
| jeremy31 | Middle Europe IIRC | 01:00 |
| lotuspsychje | belgium | 01:01 |
| MrCollins | cool. | 01:01 |
| MrCollins | Always wanted to visit Europe etc. | 01:02 |
| jeremy31 | MrCollins: you should visit topyli | 01:02 |
| MrCollins | not trying to make this offtopic. | 01:02 |
| MrCollins | Croatia? im lost lol | 01:03 |
| jeremy31 | MrCollins: Finland | 01:03 |
| MrCollins | I would like to! | 01:03 |
| MrCollins | I am American but of mainly Irish descent. Maybe thats why, when the rare occasion presents itself, I drink half the bar! | 01:04 |
| lotuspsychje | scandinavian countrys are nice, great gov and highspeed internet | 01:04 |
| MrCollins | My grandfather visited France in 1944 :) Thats the last of us to have been across the pond. | 01:05 |
| MrCollins | I digress | 01:05 |
| daftykins | sacré bleu | 01:05 |
| MrCollins | to the rules hehe | 01:05 |
| ducasse | good morning | 07:36 |
| === akem__ is now known as akem | ||
| TJ- | ouch! just discovered a remotely exploitable kernel/DRI/GEM bug with a CVE from 2015 that hasn't been fixed | 17:41 |
| TJ- | sorry, from 2013 ! | 17:41 |
| daftykins | :o | 17:41 |
| tomreyn | uh | 17:41 |
| TJ- | CVE-2013-7445 | 17:41 |
| daftykins | fossa kernel? | 17:42 |
| TJ- | https://ubuntu.com/security/CVE-2013-7445 which, via links, eventually leads via https://bugs.freedesktop.org/show_bug.cgi?id=106136 to https://gitlab.freedesktop.org/drm/intel/-/issues/110 | 17:42 |
| ubot5 | Freedesktop bug 106136 in DRM/Intel "per-process/context memory usage accounting for i915" [Enhancement,Resolved: moved] | 17:42 |
| TJ- | 7 months ago: "As there is no activity, closing this issue." | 17:42 |
| TJ- | basically; a crafted web page can cause a browser to consume all memory via allocating multiple CANVAS elements which consume GEM objects which are not accounted for | 17:43 |
| leftyfb | CVE's shouldn't be allowed to "As there is no activity, closing this issue." without a fix being released | 17:49 |
| TJ- | I only came across by tracing some vulnerabilities reported by debsecan, due to BugHunter1000's comments in #ubuntu earlier | 17:50 |
| tomreyn | this must be the first time bugzie did something useful. | 17:51 |
| tomreyn | i'm glad you spotted this, and am wondering how many other cve's are in deferred state because upstream moved bugtrackers or considered bugs stale. | 17:53 |
| TJ- | the SUSE security team say it's too complex to fix, so left alone | 17:53 |
| TJ- | but upstream should really be on something like this like flies on a ...! | 17:53 |
| tomreyn | if this is 'just' a dos issue on desktops then maybe it's not that bad. | 17:53 |
| tomreyn | yes :-/ | 17:54 |
| TJ- | it's not - there's a comment about servers running video pipelines being affected too | 17:54 |
| TJ- | I think I'll bring it up in -hardened | 17:54 |
| leftyfb | tomreyn: is that really bugzie? | 17:55 |
| tomreyn | leftyfb: i do not know, i just notice behavorial similarities. ;) | 17:55 |
| tomreyn | leftyfb: actually, no, probably not. | 17:57 |
| tomreyn | this person has a much higher level of understanding of what they're talking about (not ubuntu specifically, but security, linux in general). so i jumped to conclusions, sorry. | 17:59 |
| TJ- | BugHunter1000 was wrong about there being lots of outstanding vulns - they didn't do even basic background checks of the CVEs/packages reported by debscan as I have | 18:00 |
| tomreyn | yes, that's what made me think it may be him initally | 18:04 |
| TJ- | I don't have time to develop a simple proof/exploit right now - working towards an important deadline tomorrow on something else. Anyone here fancy trying to create one? Looks like it *might* only need a simlpe HTML page with a looping Javascript creating and drawing into multiple canvas elements (so the backing pages are dirty) and not releasing/freeing them | 18:06 |
| tomreyn | my javascript skills are lacking. maybe this can be a start: https://codepen.io/2toria/pen/BipvF | 18:10 |
| TJ- | anyone with less than 32GB RAM can test my demo (ensure you've not got anything important running!) | 18:35 |
| tomreyn | TJ-: where can i find that? i've got an intel grapjhics laptop running ubuntu 18.04 (i think, haven't used it in a while) with 8 ? GB RAM. | 18:37 |
| TJ- | I've got it created 1920x1080 canvas every second; for up to 1000 iterations - might need to do more and reduce the delay to trigger it earlier | 18:37 |
| TJ- | tomreyn: I'll send a link privately | 18:37 |
| tomreyn | thanks, got it. i'll need to update it first of all, will take a while. | 18:40 |
| TJ- | tomreyn: I need to head home now for dinner; will be back on later | 18:40 |
| tomreyn | ok | 18:40 |
| tomreyn | i'll be around for some more hours | 18:41 |
| TJ- | tomreyn: reduce the sleep to 10 and increase the loop iterations to 99999999 - and in a terminal do "watch -n 1 free" | 18:41 |
| TJ- | I'm feeling like posting a Hacker News item on this to ensure it gets eyeballs on it! | 18:42 |
| * TJ- zooms off | 18:42 | |
| tomreyn | geez, 2 GB upgrades | 18:49 |
| daftykins | what for? | 18:51 |
| tomreyn | 18.04, i just didn't have this system running for a good while ;) | 19:14 |
| TJ- | and back! | 19:19 |
| tomreyn | TJ-: wb. just started it up | 19:24 |
| tomreyn | ram is going down | 19:24 |
| TJ- | thanks. wondering if I should adapt so the current iteration number is drawn inside the new canvas so we can see how far its got especially id/when it starts to die | 19:25 |
| tomreyn | i should probably have diusabled swap | 19:25 |
| tomreyn | a larger memory allocation poer cycle would be good | 19:26 |
| TJ- | "sudo swapoff" ? | 19:26 |
| tomreyn | yes, next run i'll do that | 19:27 |
| TJ- | also may need to randomise the colour and alpha so as to avoid any possible samepage merging | 19:28 |
| tomreyn | TJ-: it's surviving, though | 19:31 |
| tomreyn | available mem never gets entirely depleted, i guess it does GC still | 19:32 |
| tomreyn | i'll try without swap | 19:32 |
| TJ- | tomreyn: not sure if this is the way to trigger it; didn't see any exploit examples so may need to experiment somewhat | 19:32 |
| tomreyn | firefox's about:performance says the POC tab only consumes 2.1 MB RAM, so obviously the memory is consumed elsewhere | 19:37 |
| tomreyn | top says reserved memory allocation on the firefox container the tab runs in is constantly growing though | 19:38 |
| tomreyn | "Gah, your tab just crashed." :) | 19:42 |
| sarnold | check slabtop while running it | 19:44 |
| tomreyn | too late, system sully loaded, can't do anything | 19:47 |
| tomreyn | *fully | 19:47 |
| sarnold | oops | 19:47 |
| sarnold | well, *next* time you run it.. :) | 19:47 |
| tomreyn | geez this thing went hot | 19:48 |
| tomreyn | i guess the fans must be dusty | 19:48 |
| tomreyn | anyways, i guess it works then, tj | 19:49 |
| tomreyn | now i got to have food, bbl | 19:49 |
| TJ- | tomreyn: there's a new version available at the original URL; with this you can set the iteration and delay_ms at top of the HTML | 19:53 |
| TJ- | sarnold: you want to test this too? | 19:53 |
| sarnold | TJ-: nope :) | 19:53 |
| sarnold | TJ-: I already had my fill of i915 memory allocation problems this year | 19:54 |
| TJ- | I've brought my 32GB Ryzen to a stop! | 19:54 |
| TJ- | sarnold: this is across all GPUs | 19:54 |
| sarnold | oh fun | 19:56 |
| TJ- | around 200 iterations and it was making this Zen2 Ryzen laptop with 32GB sluggish | 19:58 |
| Ussat | People still use firefox ? | 19:58 |
| TJ- | Ussat: that is a snide remark | 19:59 |
| daftykins | i'll always consider it my primary | 20:00 |
| daftykins | Ussat: this isn't the first time that you've made unhelpful remarks | 20:00 |
| Ussat | 1) it was a question, and 2) was an honest question | 20:01 |
| Ussat | so....keep YOUR snide remarks out | 20:01 |
| Ussat | a remark is different from a question | 20:01 |
| TJ- | Just like me saying that intelligent people use Firefox | 20:02 |
| Ussat | That is a remark, I asked a question | 20:02 |
| daftykins | it's quite obvious that you're being dishonest - and trying to stir up conflict with that reply even, on ignore you go | 20:02 |
| TJ- | Now to test and measure this on a range of browsers | 20:03 |
| Ussat | OH noes....ignore | 20:03 |
| sarnold | Ussat: oh heck yeah, chromium-browser never felt like 'linux'. granted firefox is getting further and further away from that feeling :( | 20:03 |
| Ussat | I switched all my browsers to Chrome | 20:04 |
| sarnold | Ussat: it used to be that firefox could be made to handle ^W and ^U like vim / emacs / bash etc but they took that away from me a while ago.. | 20:04 |
| sarnold | middle-click paste was a big one | 20:04 |
| sarnold | does chromium-browser navigate to an url on middle-click paste? | 20:04 |
| TJ- | chromium/chrome/blink are becoming the new Internet Explorer | 20:05 |
| Ussat | Not sure what you mean by chromium-browser......I guess thats the chrome upstream ? and yes | 20:05 |
| Ussat | its configureable | 20:05 |
| sarnold | hmm I may need to give it another look | 20:06 |
| sarnold | pentadactyl used to be reason enough to stick with firefox, but the webmumble things that replaced the old plugin interface just aren't as good | 20:07 |
| Ussat | I like chrome because it seemlessly syncs across all my systems, devices | 20:08 |
| TJ- | most browsers do I think | 20:09 |
| TJ- | certainly Firefox does | 20:09 |
| Ussat | Firefox does not sync browsing history, or open tabs | 20:10 |
| TJ- | Yes it does | 20:11 |
| Ussat | Not from what I have seen, but its doesnt matter, I prefer Chrome, one of the reasons is the many usefull plugins | 20:12 |
| TJ- | https://support.mozilla.org/en-US/kb/view-synced-tabs-other-devices | 20:13 |
| Ussat | Again, the main reason is the extensions I use | 20:13 |
| sarnold | heh, that sounds like my firefox use.. tridactyl, noscript, privacybadger, open in browser | 20:19 |
| Ussat | Eventually, I imagine I will migrate away from chrome to the new MS Edge, since its so much better on my battery on my Surface Pro 7 | 20:20 |
| daftykins | lol | 20:21 |
| Ussat | OH...I thought you had me on ignore..... | 20:22 |
| Ussat | I was so upset when you said that | 20:22 |
| Ussat | I mean the new Edge is basically Chrome, so...why not ? | 20:23 |
| tomreyn | hey small-data, how are you? | 22:43 |
| small-data | tomreyn: never better! you?? | 22:44 |
| tomreyn | good, thanks. but i really just wondered whether you're human. ;) | 22:45 |
| small-data | haha, that depends on who you talk to | 22:45 |
| tomreyn | i hadn't seen you talk before, just joingn more ubuntu channels, was wondering | 22:46 |
| tomreyn | and then there was the nickname. ;-) ok, time to dig a hole in the ground to dig this conspiracy theory in. | 22:46 |
| small-data | was looking for help with a problem, tried a couple other channels just to see what was up. | 22:47 |
| small-data | ha, no worries. ttyl, need to reboot now and see if I can make any progress. | 22:47 |
| tomreyn | good luck. | 22:47 |
| jeremy31 | Should ask them what Distro they use? | 22:52 |
| sarnold | he's here because the recent grub update to ubuntu pointed out problems in his firmware, so it's probably ubuntu | 22:53 |
| jeremy31 | sarnold: I saw them post the same thing on #linuxmint-help yesterday | 22:53 |
| sarnold | jeremy31: lol | 22:53 |
| sarnold | I thought mint didn't bother passing along updates? | 22:53 |
| jeremy31 | sarnold: That changed, they used to hold back kernel and firmware updates | 22:54 |
| daftykins | i thought there was doubt over the timely release of security updates? | 22:55 |
| jeremy31 | Mint still uses Ubuntu repos for 90+% of packages | 22:57 |
| jeremy31 | aldcor was on #linuxmint-help asking the same question as in #ubuntu. I gave him some advise on #linuxmint-help about questions in #ubuntu | 22:59 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!