| -queuebot:#lubuntu-devel- Unapproved: calamares-settings-ubuntu (noble-proposed/universe) [1:24.04.20 => 1:24.04.21] (lubuntu, ubuntustudio) | 04:37 | |
| === guiverc2 is now known as guiverc | ||
| wxl | arraybolt3: what's up with matrix right now? i can't seem to connect on element | 17:56 |
|---|---|---|
| arraybolt3 | me neither, it kicked me out too | 17:56 |
| wxl | ruh roh | 17:56 |
| arraybolt3 | part of me wonders if that xz exploit was just used to hack the server :P | 17:56 |
| === arraybolt3 is now known as arraybolt3-dange | ||
| === arraybolt3-dange is now known as arraybolt3-cmp | ||
| arraybolt3-cmp | Just in case my bouncer was compromised, I just changed my bouncer IRC nick to indicate that this instance could be compromised while I migrate to a local client. | 18:03 |
| arraybolt3-cmp | going to disconnect from this in a bit | 18:03 |
| wxl | did you check with the other matrix council folks to see if they have any idea? | 18:03 |
| arraybolt3-cmp | not yet, dont' know how to reach most of them | 18:05 |
| arraybolt3-cmp | ravage I can reach though | 18:05 |
| wxl | seems to me that there should be some sort of backup communication method amongst you that can be relied on in cases like this | 18:05 |
| arraybolt3-cmp | yeah there probably should be | 18:06 |
| wxl | for that matter, it makes me think that ubuntu infra could really use a status page | 18:06 |
| arraybolt3 | agreed | 18:06 |
| arraybolt3 | sigh, now I have to fix my connection to OFTC too... | 18:06 |
| arraybolt3 | who really has time to fight with backdoors | 18:06 |
| wxl | wait what's the issue with oftc? i'm still connected there | 18:07 |
| arraybolt3-cmp | no issue in particular with them, but... | 18:08 |
| arraybolt3-cmp | * The server my bouncer runs on runs Noble. | 18:08 |
| arraybolt3-cmp | * I keep it up to date | 18:08 |
| arraybolt3-cmp | * I probably installed the backdoored liblzma at some point | 18:08 |
| wxl | ah right. probably this morning :) | 18:08 |
| arraybolt3-cmp | fill in the rest of the gaps yourself :) | 18:08 |
| arraybolt3-cmp | oh no, the backdoor was introduced a month ago according to vorlon | 18:08 |
| wxl | oh yikes | 18:09 |
| wxl | thankfully all of my daily drivers are running in lts'es. well, except the laptop but i actually haven't used that in a while. even then, it's not a development release | 18:09 |
| arraybolt3 | and with that I am safe | 18:11 |
| wxl | going back to what you said before, please don't tell me our matrix server is running on a development release????? | 18:11 |
| arraybolt3 | shoot, you know what else could be compromised that I need to fix? | 18:13 |
| arraybolt3 | My GPG key of all things. | 18:13 |
| arraybolt3 | It's on a Noble VM that I also religiously keep up to date. | 18:14 |
| arraybolt3 | hawieubfisdbvisurghiawe | 18:14 |
| arraybolt3 | and there's probably an SSH key I could stand to decouple from LP | 18:14 |
| wxl | sigh | 18:37 |
| wxl | well ping me if it looks like matrix is back up | 18:37 |
| arraybolt3 | will do | 18:39 |
| wxl | arraybolt3: a thought that might save you some trouble: have thomas check the logs and see if there have been any unexpected ssh connections. if not, shut down sshd, update, start sshd, and continue like normal | 19:06 |
| arraybolt3 | the problem is we don't know if it's just an sshd compromise. Lots of parts of the system use compression and a lot of that could be xz based. | 19:08 |
| arraybolt3 | If it turns out that it *also* plants a root shell that connects to a C&C server... you see where this is going. | 19:08 |
| wxl | i guess so. maybe what would be better is actually shutting the server down | 19:09 |
| arraybolt3 | thought about that... what I did was just disconnected from it, wiped all my IRC data from it, and changed my IRC passwords. The server is still on since i didn't want to disrupt anyone, but I've disconnected from it. | 19:10 |
| arraybolt3 | and wiped anything important from it and deauthed anything useful on it | 19:10 |
| wxl | we could shut it down right now | 19:11 |
| wxl | tsimonq2, teward: thoughts? ^ | 19:11 |
| teward | i has ping on IRC which I don't read regularly, anyone want to give me a summary? | 19:26 |
| teward | oh the xz exploit? | 19:27 |
| teward | wxl: not affected, this is why I use LTSes and not devel releases or interims for our shit | 19:27 |
| teward | blah random swear sorry | 19:27 |
| arraybolt3 | devel release is used by our sandbox server | 19:27 |
| arraybolt3 | but I think only Simon has access there | 19:27 |
| teward | then @tsimonq2 should drop the nuke/hammer | 19:28 |
| teward | or just give me permission to `shred` the disk xD | 19:28 |
| teward | but i digress | 19:28 |
| arraybolt3 | wxl though if you're logged in still, feel free to issue a `shutdown now` | 19:28 |
| teward | @tsimonq2 WAKE UP MFER | 19:28 |
| teward | (I'll ping on Element too) | 19:28 |
| arraybolt3 | good luck, chat-server.ubuntu.com is down | 19:28 |
| arraybolt3 | which is why we're all over here on IRC now | 19:28 |
| arraybolt3 | lol | 19:29 |
| wxl | shut down | 19:29 |
| arraybolt3 | oh, that's probably from wxl | 19:29 |
| arraybolt3 | awesome | 19:29 |
| wxl | oh oops i poofed simon XD | 19:31 |
| teward | FORTUNATELY | 19:32 |
| teward | I have simons email and phone numbers xD | 19:32 |
| teward | i did check with the Security team | 19:32 |
| teward | the affected `xz` never got out of -proposed in Noble | 19:32 |
| teward | and was purgified by Security | 19:32 |
| teward | no already-released Ubuntu variants are affected | 19:33 |
| teward | so none of the infra *I* maintain here is affected. | 19:33 |
| arraybolt3 | right, the problem mentioned in ubuntu-release is the possibility that the malicious code in -proposed could have backdoored things built against it IIUC. | 19:33 |
| arraybolt3 | and Many Things stuck in -proposed just came through into -release | 19:33 |
| arraybolt3 | teward: btw I need my notes.lubuntu.me password to be sent into a conflict with the Death Star and a new one put in its place plz thank you :) | 19:40 |
| teward | right but it looks like Debian already has a reverted version, 5.6.1+really5.4.5-* possibly already available | 19:40 |
| wxl | of course we didn't have proposed enabled on the sandbox | 19:40 |
| teward | so it might just be a nuke-redo-everything | 19:40 |
| arraybolt3 | right | 19:40 |
| wxl | any clues on what's up with matrix yet? | 19:43 |
| arraybolt3 | still no clue | 19:44 |
| teward | i'll poke a contact | 19:44 |
| teward | because things | 19:44 |
| arraybolt3 | sigh, this is like the fifth or sixth total password reset I've done in my life... and I'm convinced all websites need to have a generalized *fast* and easy method for doing this. | 19:46 |
| arraybolt3 | The fact that every site has a different dance for getting to the password reset feature is ridiculous. | 19:46 |
| wxl | wait you were running a noble with proposed as your daily driver????? | 19:50 |
| arraybolt3 | I was not. | 19:59 |
| arraybolt3 | I'm worried about the possibility of backdoored applications built against the malicious liblzma that may have made it into -release. | 19:59 |
| wxl | oic | 19:59 |
| arraybolt3 | I don't know if it's even possible for this to go wrong, but if the backdoor didn't introduce API breaking changes, I can see it being an issue. | 20:00 |
| arraybolt3 | s/API/ABI/ | 20:00 |
| arraybolt3 | and whoever did this is pretty clever so they could have / probably did pull that off. | 20:00 |
| wxl | that would still only concern noble, right? | 20:01 |
| arraybolt3 | true | 20:03 |
| wxl | so your issue is that you used a development release as a daily driver | 20:03 |
| wxl | thank the gods i have never done that. i'd be pulling my hair out | 20:03 |
| arraybolt3 | yeah, I was. | 20:04 |
| arraybolt3 | and now I'm pulling my hair out | 20:04 |
| wxl | yeah i can imagine | 20:04 |
| arraybolt3 | aaaaand that was my last password changed | 20:22 |
| arraybolt3 | whew | 20:22 |
| wxl | sheesh i would have been at it all week if i had to change all my passwords | 20:22 |
| arraybolt3 | grr, I'm now realizing my Noble box had SSH access to my laptop. | 20:42 |
| wxl | oh jeez | 20:42 |
| arraybolt3 | theoretically that could be bad, but... hmm... | 20:42 |
| arraybolt3 | at this point I've taken care of any easy compromise issues. The possibility of an attacker managing to jump to my Jammy machine is *there*, but it would require that they do a *lot* of work in addition to the main exploit, and I doubt that happened. | 20:47 |
| arraybolt3 | but who knows... | 20:47 |
| arraybolt3 | anyway, for now my GPG key is revoked, my SSH keys are detached from anything important. | 20:48 |
| wxl | if it's some programmatic exploit, they may very well trying to exploit every other server associated with the machine they're exploiting | 20:48 |
| wxl | i mean if i was attacking ssh, i'd probably try attacking anything in the ssh config of whatever i managed to get into | 20:49 |
| wxl | i mean how many people use pubkey authentication with ssh but with no passwords on the key? too many! | 20:51 |
| arraybolt3 | I hate that you're right. | 20:52 |
| wxl | i mean if you have a password on the key, then maybe i wouldn't sweat it so much | 20:52 |
| arraybolt3 | nope, passwordless | 20:53 |
| wxl | yeah | 20:53 |
| arraybolt3 | alright, guess now I get to find an uncompromised machine to download a fresh KFocus ISO from. | 20:53 |
| wxl | were you using a password on your gpg key? | 20:53 |
| arraybolt3 | I was... but I also typed that password frequently into a posibly compromised VM. | 20:53 |
| arraybolt3 | hey guiverc | 20:54 |
| arraybolt3 | https://www.openwall.com/lists/oss-security/2024/03/29/4 if you're wondering what the talk about "compromised machines" is about | 20:54 |
| wxl | i mean i guess keylogging is a possibility? | 20:54 |
| guiverc | o/ (passing by, as about to head out & feed birbs) | 20:54 |
| arraybolt3 | I already revoked my GPG key anyway so no big deal there | 20:55 |
| arraybolt3 | the issue is my password DB. | 20:55 |
| wxl | is that not password protected?? | 20:58 |
| wxl | matrix is back ya'll | 21:59 |
| arraybolt3 | So here I am again, this time on a Fedora machine that I had laying around that I just finished getting updated. | 22:10 |
| arraybolt3 | Currently prepping to download a couple of ISOs for recovering data and reinstalling everything. | 22:10 |
| wxl | arraybolt3: not sure you saw but matrix is back | 22:19 |
| wxl | apparently the problem was a full disk. whoops | 22:19 |
| arraybolt3 | did not see that, good to know | 22:19 |
| arraybolt3 | and sheesh, I guess that explains it | 22:19 |
| wxl | i'm running at 95% on one of my machines and did bump into that issue at one point when i had downloaded too many isos. i was doing an install and you know how drives usually work with vbox where they expand to suit? well, it all pooped out mid-install. | 22:21 |
| arraybolt3 | heh, I hit 50% and start having anxiety. | 22:22 |
| arraybolt3 | I'm constantly cleaning my disk of excess garbage. | 22:22 |
| === Guest55 is now known as arraybolt3 | ||
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!