| Psi-Jack | heh. So what's the real difference between here, and the main #ubuntu channel really anyway? heh | 02:04 |
|---|---|---|
| arraybolt3 | Psi-Jack: #ubuntu = strictly support, generally strictly on-topic. #ubuntu-discuss = anything about Ubuntu, including non-support, semi-topical. #ubuntu-offtopic = free for all mess | 02:09 |
| arraybolt3 | (well, not quite free for all but still a bit of a mess :P the Ubuntu Code of Conduct still applies but there isn't any topic at all) | 02:09 |
| Psi-Jack | Cool. So maybe a little more on the higher challenging topics would be here, such as AppArmor things, for example? *wiggles his eyebrows* | 02:10 |
| arraybolt3 | AppArmor things are perfectly fine in #ubuntu (support topics of any difficulty are good there), but if you're thinking about enhancing/fixing/griping about AppArmor, this is the place. | 02:12 |
| Psi-Jack | Yeah. I mean, a new area of concern has been this specific lockdown of unprivileged_userns. While some things sorta kinda work, other things are outright being denied. Something as simple as discord's ipc unix socket, for a systemd user service, is being denied access to connect and read/write to the discord-ipc-0 socket for example. And I'm not | 02:15 |
| Psi-Jack | sure, personally, how to get that working without doing the nasty disable unprivileged_userns sysctl option. | 02:15 |
| lotuspsychje | good morning | 02:15 |
| Psi-Jack | Good aftermorning. :) | 02:18 |
| luna_ | morning | 05:21 |
| === EriC^^_ is now known as EriC^^ | ||
| luna_ | updating Debian and Ubuntu Servers at work today | 07:15 |
| oerheks | snap refresh | 07:16 |
| luna_ | oerheks: still at the apt update apt upgrade step ;) | 07:16 |
| luna_ | but i am sure a snap refresh will come later today too (4 times) :D | 07:17 |
| oerheks | snapd got an update recently too | 07:17 |
| luna_ | oerheks: then i have more to do, these machines have not been updated since April-May but they are standing at a school thats having summer break now from 10th of June to 10th of August so having time to update stuff when they are not running actual production 24/7 :P | 07:18 |
| oerheks | oh dear | 07:19 |
| luna_ | https://social.linux.pizza/@bittin/112608103026405646 | 07:24 |
| oerheks | pump up the volume? | 07:28 |
| luna_ | its up | 07:31 |
| luna_ | anyways /me continues to work | 07:31 |
| daftykins | school kids working 24x7? now there's inaccuracy ;) | 14:33 |
| ice9 | why until now the main ubuntu repo is not using HTTPS ? | 15:15 |
| ice9 | package integrity checking upon download is not enough | 15:16 |
| ravage1 | and why is it not enough? | 15:16 |
| ice9 | because if there is MiTM on your network, the attacker can see what packages you are downloading and this is not good for privacy; also if the signing key of Ubuntu's repo is stolen somehow, the attacker can replace a package being downloading over HTTP and sign it with the authentic key | 15:19 |
| ravage1 | then choose a mirror that supports https if you think that is a privacy problem for you | 15:20 |
| ravage1 | https://launchpad.net/ubuntu/+archivemirrors | 15:20 |
| ice9 | I'm talking about the main server as the main source and the default mirror. also 3rd party mirrors will sync from the main repo using HTTP right? | 15:21 |
| ravage1 | usually rsync | 15:21 |
| ravage1 | if the repo key is stolen you have a much bigger problem | 15:21 |
| ravage1 | https does not help you then either | 15:21 |
| ogra_ | yeah ... thats just fake security | 15:31 |
| luna_ | daftykins: well i am the IT Admin and also involved in several open source projects and have a partner, but almost done now, just gonna update some snap packages on the last machine | 15:31 |
| daftykins | every weekend is downtime though to my mind | 15:33 |
| luna_ | daftykins: i am not hired to work on weekends ;) :P | 15:35 |
| luna_ | but yeah true | 15:35 |
| ogra_ | you should work on weekends, double pay and such 😉 | 15:35 |
| === madmax__ is now known as madmax | ||
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!