[02:04] <Psi-Jack> heh. So what's the real difference between here, and the main #ubuntu channel really anyway? heh
[02:09] <arraybolt3> Psi-Jack: #ubuntu = strictly support, generally strictly on-topic. #ubuntu-discuss = anything about Ubuntu, including non-support, semi-topical. #ubuntu-offtopic = free for all mess
[02:09] <arraybolt3> (well, not quite free for all but still a bit of a mess :P the Ubuntu Code of Conduct still applies but there isn't any topic at all)
[02:10] <Psi-Jack> Cool. So maybe a little more on the higher challenging topics would be here, such as AppArmor things, for example? *wiggles his eyebrows*
[02:12] <arraybolt3> AppArmor things are perfectly fine in #ubuntu (support topics of any difficulty are good there), but if you're thinking about enhancing/fixing/griping about AppArmor, this is the place.
[02:15] <Psi-Jack> Yeah. I mean, a new area of concern has been this specific lockdown of unprivileged_userns. While some things sorta kinda work, other things are outright being denied. Something as simple as discord's ipc unix socket, for a systemd user service, is being denied access to connect and read/write to the discord-ipc-0 socket for example. And I'm not
[02:15] <Psi-Jack> sure, personally, how to get that working without doing the nasty disable unprivileged_userns sysctl option.
[02:15] <lotuspsychje> good morning
[02:18] <Psi-Jack> Good aftermorning. :)
[05:21] <luna_> morning
=== EriC^^_ is now known as EriC^^
[07:15] <luna_> updating Debian and Ubuntu Servers at work today
[07:16] <oerheks> snap refresh
[07:16] <luna_> oerheks: still at the apt update apt upgrade step ;)
[07:17] <luna_> but i am sure a snap refresh will come later today too (4 times) :D
[07:17] <oerheks> snapd got an update recently too
[07:18] <luna_> oerheks: then i have more to do, these machines have not been updated since April-May but they are standing at a school thats having summer break now from 10th of June to 10th of August so having time to update stuff when they are not running actual production 24/7 :P
[07:19] <oerheks> oh dear
[07:24] <luna_> https://social.linux.pizza/@bittin/112608103026405646
[07:28] <oerheks> pump up the volume?
[07:31] <luna_> its up
[07:31] <luna_> anyways /me continues to work
[14:33] <daftykins> school kids working 24x7? now there's inaccuracy ;)
[15:15] <ice9> why until now the main ubuntu repo is not using HTTPS ?
[15:16] <ice9> package integrity checking upon download is not enough
[15:16] <ravage1> and why is it not enough?
[15:19] <ice9> because if there is MiTM on your network, the attacker can see what packages you are downloading and this is not good for privacy; also if the signing key of Ubuntu's repo is stolen somehow, the attacker can replace a package being downloading over HTTP and sign it with the authentic key
[15:20] <ravage1> then choose a mirror that supports https if you think that is a privacy problem for you
[15:20] <ravage1> https://launchpad.net/ubuntu/+archivemirrors
[15:21] <ice9> I'm talking about the main server as the main source and the default mirror. also 3rd party mirrors will sync from the main repo using HTTP right?
[15:21] <ravage1> usually rsync
[15:21] <ravage1> if the repo key is stolen you have a much bigger problem
[15:21] <ravage1> https does not help you then either
[15:31] <ogra_> yeah ... thats just fake security 
[15:31] <luna_> daftykins: well i am the IT Admin and also involved in several open source projects and have a partner, but almost done now, just gonna update some snap packages on the last machine
[15:33] <daftykins> every weekend is downtime though to my mind
[15:35] <luna_> daftykins: i am not hired to work on weekends ;) :P
[15:35] <luna_> but yeah true
[15:35] <ogra_> you should work on weekends, double pay and such 😉
=== madmax__ is now known as madmax