[01:43] <lotuspsychje> good morning
[03:28] <arraybolt3[m]> Ooh, it's hard to pick a favorite thing about Ubuntu, but I love that it's free, fast, works on my devices, and has a system of installing and uninstalling software that doesn't slowly shred your system to pieces the way Windows' software installation system works. And the fact that it's open-source is also really nice.
[03:31] <Bashing-om> arraybolt3[m]: We have the source code - and there are no secrets !
[03:33] <arraybolt3[m]> I also like Canonical's business model with Ubuntu Advantage and ESM (making Ubuntu free, but you can buy an extra 5 years of support along with a bunch of tools that only enterprises really want). To me, it feels like they hit the sweet spot between making it free for the people who need it and paid (but not too pricey) so that they can stay in business.
[03:34] <arraybolt3[m]> (Plus they made UA free for individuals so that the average person can get Livepatch if they really need it - also awesome, though I don't need it and leave it disabled.)
[03:35] <arraybolt3[m]> Oh, and the fact that you're not just allowed to, but even somewhat encouraged to hack into the guts of the system and make it your own thing (thus how flavors exist).
[03:38] <Bashing-om> arraybolt3[m]: It is yours - do with it as you wish (are have the abilities) SABDFL appears to have a lot of bussiness acumen :P
[05:17] <enigma9o7[m]> It's hard to pick one favorite thing, but my top 2 favorite things about ubuntu are A> reliable repositories with tons of software  and B> well documented, in that web search finds solutions most of the time.   
[05:30] <marcoagpinto> heya
[10:19] <Fallen> My favorite thing about Ubuntu is all the amazing people in the community making it their own and being so energetic <3
[10:20] <lotus|NUC> agree fallen
[16:57] <bn_work> hi, any recommendations on using either the `traceroute` vs `inetutils-traceroute` package?  ie:  which is better?  are the params the same between them?
[17:46] <arraybolt3[m]> bn_work: Sounds like a question for #ubuntu - more people who may know the answer are probably there.
[17:48] <bn_work> arraybolt3, lol, I got sent over here because they considered it "off-topic" from "support-related topics"
[17:49] <arraybolt3[m]> Oh ok that's funny.
[17:49] <daftykins> good to see that some things never change
[17:49] <arraybolt3[m]> Hmm...
[17:52] <arraybolt3[m]> Maybe rather than saying "which is better", you can think of specific things that would make something better or worse (speed, stability, etc.) and ask about those things so that there's an objective answer to your question, then try asking again. I'll back you up.
[18:00] <leftyfb> arraybolt3[m]: got some documentation showing that secure boot makes FDE "better"?
[18:01] <arraybolt3[m]> Yeah, the fact that Ubuntu with FDE leaves /boot unencrypted and therefore vulnerable to attack.
[18:01] <arraybolt3[m]> Swap out the kernel for one with a keylogger, steal the FDE password, boom you're in.
[18:02] <daftykins> unless you - https://help.ubuntu.com/community/Full_Disk_Encryption_Howto_2019
[18:02] <leftyfb> arraybolt3[m]: let me ask you, how does the "trusted" kernel get signed?
[18:02] <arraybolt3[m]> Even with /boot encrypted, GRUB could be hacked to do the same thing in the absence of Secure Boot.
[18:02] <arraybolt3[m]> But that becomes impossible when you enable Secure Boot.
[18:03] <arraybolt3[m]> leftyfb: By Microsoft's third-party key.
[18:03] <arraybolt3[m]> Or by the end user if they prefer.
[18:03] <arraybolt3[m]> That's why the BIOS password is an important part of the equation.
[18:03] <leftyfb> in the linux world, it's done by the end user
[18:03] <leftyfb> or a malicious program
[18:04] <arraybolt3[m]> But even with the Microsoft-signed key, it still prevents a malicious bootloader with a keylogger from being installed since any modification renders the bootloader unusable.
[18:04] <leftyfb> so how does one upgrade kernels on ubuntu with SB enabled?
[18:05] <arraybolt3[m]> leftyfb: Ubuntu does that automatically since it has signed kernels.
[18:06] <sarnold> bn_work: mtr is also fantastic :)
[18:06] <arraybolt3[m]> And I think even if you enroll your own key, Ubuntu does it automatically by signing your kernel for you upon installation.
[18:07] <leftyfb> the point you're missing is, while the machine is running in it's trusted environment, a malicious program could whip up a self-signed malicious kernel and set it to boot
[18:07] <leftyfb> SB really isn't preventing anything in the real world. Other than linux installations 
[18:07] <arraybolt3[m]> Not if you stick with the MS key.
[18:08] <arraybolt3[m]> Also if a malicious program gets a hold of your computer with root access, you're doomed anyway. But Secure Boot + FDE could really throw a wrench in the works of an evil maid attack.
[18:08] <arraybolt3[m]> Shoot, that would be helpful even without a BIOS password. If you made sure /boot was also encrypted.
[18:11] <ogra> bn_work, the official replacement for traceroute in ubuntu (i.e. in the "main" archive) is iputils-tracepath (with the "tracepath" command)
[18:13] <bn_work> sarnold: yes, I had forgotten about that and only started using it in the last few years, maybe that is a better alternative!
[18:14] <bn_work> arraybolt3[m]: I did ask a specific Q, ie:  "are the params the same between them?"  
[18:14] <bn_work> ogra: ok, thanks
[21:28] <JanC> a malicious program can only sign a malicious kernel if it has access to it...
[21:28] <JanC> if it has access to the key...
[21:32] <tomreyn> both, i guess, if this is public key crypto.
[21:33] <tomreyn> i mean public+private
[21:34] <tomreyn> then a private key is needed, and a message that will be signed using the key.
[21:35] <JanC> it would need access to the signing key, which hopefully is not on a desktop system you use to experiment with random stuff  :)
[21:35] <JanC> otherwise it's quite pointless indeed