| === ken is now known as Guest5525 | ||
| junyx | If I have an ubuntu server live somewhere on the internet can I mount that server as a device on my local MacOS machine and interact with the ubuntu file system? Is sshfs the right tool for that? | 01:06 |
|---|---|---|
| sarnold | sshfs is indeed a decent way to do that; there's "more native" options but I would be less interested in using them over the public internet | 01:07 |
| karenthedorf | Sounds sensible (VPN and NFS would be my first thought, but that needs more infrastructure to set up the VPN in the first place) | 01:07 |
| sarnold | but the latency on operations might be so unpleasant that you wouldn't actually like it | 01:07 |
| junyx | Ok I'll give sshfs a try then thanks | 01:07 |
| Trevor | (And please use a private key login, and disable password login.) | 01:17 |
| Trevor | ...Please. :D | 01:18 |
| karenthedorf | Amazing how many attempts I see for root/admin/superuser/etc. on any server with ssh exposed to the internet. (If you can, firewall it only to your home or business location, don't expose it to the internet) | 01:19 |
| === chris14_ is now known as chris14 | ||
| JanC | doesn't the MacOS file manager have support for SFTP ? | 01:21 |
| junyx | Apparently sshfs doesn't work on MacOS any more | 01:24 |
| sarnold | o_O weird | 01:24 |
| junyx | brew install sshfs gives this error: libfuse: Linux is required for this software | 01:24 |
| junyx | On a Mac! lol | 01:25 |
| JanC | brew is not only used on MacOS | 01:27 |
| junyx | Oh ok then | 01:27 |
| karenthedorf | There is a macos port of libfuse apparently, but brew either doesn't know about it, or sshfs doesn't work on macFuse. *shrug* | 01:30 |
| JanC | it used to work on it, at least | 01:30 |
| JanC | maybe https://www.fuse-t.org/ is useful (it seems to be available through brew also) | 01:32 |
| JanC | I don't have a MacOS machine though, so I didn't test it | 01:33 |
| junyx | Trying that one. Will let you know | 01:37 |
| junyx | I don't know. Something feels unsafe about it. I'm gonna hold off on installing it for now | 01:46 |
| sarnold | so, if sshfs is out, maybe samba or nfs over a vpn | 01:47 |
| sarnold | samba feels more likely to be better supported on macos, but it's not a perfect fit for either os | 01:47 |
| junyx | sarnold I'll check those out. Thank you | 02:21 |
| === karenthedorf is now known as Guest1047 | ||
| === karenw is now known as karenthedorf | ||
| momken | Good morning | 05:13 |
| momken | Does anyone know why I get "Failed to mount Windows share: Permission denied" when I try to access a shared folder from Ubnuntu in Ubuntu? | 05:14 |
| junyx | momken what command are you running when you see this error? | 05:29 |
| bizmate | hi all, i installed cairo dock but when i open it i can see it on the top and if i try to right click or interact with it nothing happens and it disappears as if the click event is collected by the underlying element as if Cairo is not there | 06:43 |
| Arnab | Hello everyone, | 07:11 |
| Arnab | I'm trying to configure the .desktop entry for Spring Tool Suite (STS) on my Linux system, and I'm unsure about setting the StartupWMClass correctly. Could someone please explain how to correctly determine the StartupWMClass for an application like Spring Tool Suite? What exactly should I use as the StartupWMClass value in my .desktop file? | 07:11 |
| Arnab | I'm using Ubuntu with Gnome, and any guidance or clarification would be greatly appreciated. Thank you! | 07:11 |
| Arnab | HELLO! | 07:18 |
| === Psil0 is now known as Psil0cybin | ||
| === Psil0 is now known as Psil0Cybin | ||
| stuffandthings | There might be a bug in a recent update for timeshift or something related to it. | 07:55 |
| stuffandthings | I have 2 machines, one with 23.10 and one with 24.04, both run ts just fine on the base install, but on a recent update, both are dog slow making snapshots or deleting them. BTRFS mode. | 07:56 |
| stuffandthings | everything still works fine, but it slowed down a lot on those operations | 07:57 |
| ramoreno | aaaaaaaa | 08:06 |
| stuffandthings | journald reports errors everytime i make a snap or delete one | 08:07 |
| stuffandthings | gonna pastebin it... | 08:08 |
| stuffandthings | https://pastebin.com/FZeXWkHc | 08:09 |
| jkli | So I have an old girl chugging along on ubuntu 18 and want to migrate that girl to ubuntu 22 or 24, should I try to migrate it in stages like 18 to 20, 20 to 22, 22 to 24? Or should I try to go directly to 24? what do you think could break? I mainly run nginx and docker on it | 08:38 |
| stuffandthings | things do brake with upgrades but i think one by one is the way to go | 08:39 |
| stuffandthings | *break | 08:39 |
| Andreios | Why does ufw block incoming ipv6 connections? I can't have open ports on ipv6. | 08:47 |
| stuffandthings | https://pastebin.com/B5BRWeTZ - Look for the line "***Here is where it got stuck***", this is what always happens with timeshift while taking a snapshot on ubuntu, with recent updates. Was fine on stock 23.10 and 24.04. | 08:54 |
| tekisui09 | any idea to fix tearfree for nvidia ? | 09:01 |
| === Psil0 is now known as Psil0Cybin | ||
| tekisui09 | 18.04 was easy to fix | 09:07 |
| bizmate | hi all, i installed cairo dock but when i open it i can see it on the top and if i try to right click or interact with it nothing happens and it disappears as if the click event is collected by the underlying element as if Cairo is not there | 09:07 |
| tekisui09 | have you tried starting it with terminal ? | 09:08 |
| bizmate | i also tried to join https://glx-dock.org/subscribe.php but the form is insecure and wont let users join | 09:08 |
| bizmate | tekisui09, i ll try now | 09:09 |
| tekisui09 | it might give some error messages | 09:09 |
| tekisui09 | ok.. | 09:09 |
| === Psil0 is now known as Psil0Cybin | ||
| bizmate | lots of warnings https://bpa.st/563A but if i start it from the terminal i cant even see the UX | 09:12 |
| bizmate | actually it does show up, but still i cannot interact with it | 09:13 |
| tekisui09 | it says the latest stable version is 3.4.0 | 09:17 |
| tekisui09 | seems you have 3.4.1 ? | 09:17 |
| tekisui09 | dunno | 09:17 |
| tekisui09 | https://github.com/Cairo-Dock | 09:18 |
| blinky | I need help with something. | 09:18 |
| blinky | Anyone online? | 09:18 |
| tekisui09 | hey blinky | 09:18 |
| blinky | Hey tekisui09 | 09:18 |
| blinky | How do I install this - https://github.com/Martichou/rquickshare/tree/master | 09:19 |
| blinky | I'm new to ubuntu | 09:19 |
| tekisui09 | lots of programs are on synaptic package manager | 09:21 |
| tekisui09 | at preferences | 09:22 |
| Psil0Cybin | blinky: u have the .deb file rite? | 09:25 |
| blinky | yes | 09:25 |
| blinky | which one is better? .deb, .snap or .appimage? | 09:25 |
| blinky | or .rpm? | 09:26 |
| Psil0Cybin | i do not know the program i tend to go with snaps if they are offered due to Virtualization | 09:26 |
| blinky | I see | 09:26 |
| Psil0Cybin | RPM + Deb = same thing just for diff systems | 09:26 |
| Psil0Cybin | do you want to go with snap? I do not know your software and trust level | 09:26 |
| blinky | So I have the .snap | 09:26 |
| Psil0Cybin | but if you want to go with the .deb since you are using ubuntu ';sudo dpkg -i r-quick-share_${VERSION}.deb' | 09:26 |
| Psil0Cybin | you would type that. | 09:26 |
| Psil0Cybin | snap install --dangerous r-quick-share_${VERSION}.snap | 09:27 |
| Psil0Cybin | i would tend to get it from the snap store, though like snap install etc if it iis offered do not know the software i am even looking at just thought i would kind of guide you to a few places you caan read highly on it, once you have time if you are new to Linux. | 09:28 |
| blinky | Sure! Please suggest some readings. | 09:28 |
| blinky | Thank you for your help @Psil0Cybin . I have successfully installed rquickshare on my ubuntu laptop. | 09:29 |
| Psil0Cybin | sure well what are you trying to read up on when it comes to Linux specifically, first off just read more about whati s snap vs regular app images https://phoenixnap.com/kb/flatpak-vs-snap-vs-appimage | 09:31 |
| momken | junyx I don't use any terminal commmand. I go to "smb://10.154.6.22" and try to mount folder "share_momken" by double clicking on it in Nautilus | 09:31 |
| Psil0Cybin | i prefer snaps + flathub if its RHET based over the rest right now, as I feel like it is more of a security 1up | 09:31 |
| Psil0Cybin | momken using a mouse is good, i used it once when i played lemmings, never again | 09:32 |
| blinky | Psil0Cybin, I see | 09:32 |
| bizmate | tekisui09 it looks like Cairo has 3.5 out already https://github.com/Cairo-Dock/cairo-dock-core/tags | 09:37 |
| bizmate | i think 3.4.1 is the one supposed to be stable for CairoDock | 09:38 |
| bizmate | for Ubuntu | 09:45 |
| jkli | have you guys patched the regression cve for ssh? | 09:53 |
| jkli | how the heck do I patch that on ubuntu 18? | 09:54 |
| LuckyMan | jkli, I think Ubuntu 64bits is not affected | 10:04 |
| LuckyMan | anyway if it would be affected, a patch would soon arrive in your updates, specially if you have Ubuntu pro | 10:06 |
| bizmate | is finder the app for opening and viewing folders? I cannot see an icon for it in my taskbar | 10:14 |
| bizmate | not sure where it has gone | 10:15 |
| bizmate | it looks like any action to open a folder just opens disk analyzer instead | 10:15 |
| bizmate | is nautilus supposed to be installed? | 10:17 |
| bizmate | ping? | 10:19 |
| bizmate | basically i have this problem too | 10:22 |
| bizmate | https://askubuntu.com/questions/1511664/how-do-i-access-file-and-other-directory-home-icon-missing-in-24-04 | 10:22 |
| bizmate | do i need to install nautilus? | 10:24 |
| bizmate | again? | 10:24 |
| === chris14_ is now known as chris14 | ||
| sixwheeledbeast | is it not installed? I use another flavour so not sure what vanilla ubuntu is using for file manager now. | 10:37 |
| stuffandthings | should be nautilus | 10:48 |
| === stuffandthings is now known as stuffandthings_g | ||
| === stuffandthings_T is now known as stuffandthings | ||
| the_bofh | hey there, just a quick question on the latest OpenSSH vulnerability; I've got dpkg -s openssh-server | grep Version ==> Version: 1:8.9p1-3ubuntu0.10 | 11:06 |
| the_bofh | Canonical's pages say it's the patched version but I haven't run any apt updates or anything of that sort to some of my servers in months, so I'm wondering if there's a versioning discrepancy or do I actually have a fixed version (22.04.x) ... | 11:07 |
| ravage | https://packages.ubuntu.com/jammy/ssh | 11:07 |
| ravage | https://changelogs.ubuntu.com/changelogs/pool/main/o/openssh/openssh_8.9p1-3ubuntu0.10/changelog | 11:07 |
| the_bofh | ravage: yep, that's the one! been wondering how can some of my Ubuntu Servers already be running that version, did it auto-patch via snap or something? | 11:08 |
| ravage | probably unattended-upgrades is running | 11:08 |
| ravage | unattended-updates | 11:08 |
| ravage | check for both. i dont recall the name | 11:09 |
| ravage | need my coffee first | 11:09 |
| ravage | https://help.ubuntu.com/community/AutomaticSecurityUpdates | 11:09 |
| the_bofh | ravage: ah yes! it must be unattended-updates, systemctl shows that it's been up and running for almost half a year now :o) *cough* | 11:12 |
| the_bofh | I saw the CVE and was wondering how some of my servers showed up as being up-to-date although I haven't updated them in a while, but that'd explain it for sure. | 11:13 |
| Guest20 | 管理员给个微信号,我加你 | 11:18 |
| ravage | english please | 11:18 |
| ravage | also the Administrator is not in today | 11:19 |
| Guest20 | fuck you | 11:20 |
| ravage | have a nice day too | 11:20 |
| Guest20 | fuck | 11:20 |
| Guest20 | this | 11:20 |
| Guest20 | shi | 11:20 |
| Guest20 | shit | 11:20 |
| Guest20 | fuck | 11:20 |
| Guest20 | you | 11:20 |
| Guest92 | a | 11:22 |
| Guest92 | fuck | 11:22 |
| Guest92 | this | 11:22 |
| Guest92 | shit | 11:22 |
| Guest92 | fuck | 11:22 |
| Guest92 | this | 11:22 |
| Guest6 | fuck | 11:25 |
| Guest6 | this | 11:25 |
| Guest6 | shit | 11:25 |
| Guest6 | fuck | 11:25 |
| Guest6 | this | 11:25 |
| Guest6 | shit | 11:25 |
| Saksham_Baba | I have this rule where I only talk to strangers on the Internet about pizza. So, thin crust or deep dish? | 11:26 |
| Guest66 | fuck | 11:27 |
| Guest66 | this | 11:27 |
| Guest66 | shit | 11:27 |
| Guest66 | fuck | 11:28 |
| Guest66 | this | 11:28 |
| Guest66 | shit | 11:28 |
| Guest66 | fuck | 11:28 |
| Guest66 | this | 11:28 |
| Guest66 | shit | 11:28 |
| Guest91 | who wanna join the fuck party with me tonight | 11:41 |
| Guest91 | i have huge dick | 11:41 |
| Guest91 | I fuck you | 11:41 |
| Guest91 | u fuck me | 11:41 |
| Guest91 | let's cum | 11:41 |
| Guest91 | cum | 11:41 |
| Guest91 | cum | 11:41 |
| Saksham_Baba | Let’s just skip to the important stuff: Chunky or smooth peanut butter? | 11:45 |
| * zaggynl slaps Guest91 around a bit with a large trout | 11:45 | |
| Guest91 | yeah | 11:46 |
| Guest91 | fuck | 11:46 |
| Guest91 | cum | 11:46 |
| BluesKaj | Hi all | 11:54 |
| Guest91 | hi | 11:54 |
| Guest91 | let's have a group fuck party today | 11:55 |
| Guest91 | send me ur dick pic | 11:55 |
| Guest91 | let me fuck u | 11:55 |
| Guest91 | and you fuck me as well | 11:55 |
| Guest91 | we can cum on each other's chest | 11:55 |
| Guest91 | BluesKaj | 11:55 |
| Guest91 | send dick pic | 11:56 |
| Guest91 | see if yours or mine is bigger longer darker | 11:56 |
| BluesKaj | fuck off asshole | 11:56 |
| Guest91 | i'm horny | 11:56 |
| Guest91 | yeah cmon let's fuck!!!! | 11:56 |
| Guest91 | fuck HARD | 11:56 |
| BluesKaj | !ops | 11:56 |
| ubottu | Help! Channel emergency! (ONLY use this trigger in emergencies) - CarlFK, DJones, el, Flannel, genii, hggdh, ikonia, krytarik, mneptok, mwsb, nhandler, ogra, Pici, popey, sarnold, tomreyn, Unit193, wgrant | 11:56 |
| Guest91 | REALLY HARD!!!!!!!!! | 11:56 |
| Guest91 | !ops | 11:56 |
| Guest91 | fuck | 11:57 |
| kimo | !ops | 11:57 |
| Guest91 | yeah | 11:57 |
| kimo | what !ops mean? | 11:57 |
| Guest91 | !ops | 11:57 |
| Guest91 | !ops | 11:57 |
| Guest91 | !ops | 11:57 |
| Guest91 | !ops | 11:57 |
| kimo | is it a irc command? | 11:57 |
| BluesKaj | yup | 11:57 |
| sixwheeledbeast | switching the bat-singal on | 11:58 |
| kimo | XD | 11:58 |
| ravage | most of the time it has a broken light bulb though | 11:58 |
| Saksham_Baba | Choose your own adventure: Brunch date, hiking date, or movie date? | 11:58 |
| === LanDi1 is now known as LanDi | ||
| fweht | why dont i see my pinned folders from the file manager in the open file dialogue in vscode? | 12:41 |
| fweht | ah sorry i do see the pinned folders but i also see all the folders which i unpinned like Videos, Photos, etc. | 12:42 |
| Bodsda | Hi, I'm having an issue with my mouse. When holding down the LMB it will randomly produce a ButtonRelease event even if I am still holding it. This is happening with both bluetooth and wired, through a hub and through on-board USB slots. xev recognises the ButtonPress and the phantom ButtonRelease events. This is happening on both Ubuntu 24.04 and | 12:43 |
| Bodsda | Fedora 40. I'm at a loss on how to troubleshoot further, I don't think it's a hardware issue identically affecting 2 different mice. Any ideas? | 12:43 |
| i-have-got-a-rea | I HAVE GOT A REALLY LONG DICK! | 12:48 |
| fweht | also how to set xkbmap options permanently? | 12:51 |
| spicy-frog | I want my dick sucked | 12:52 |
| toomany | Hello World! | 13:35 |
| toomany | hi | 13:40 |
| Liblx | hi toomany | 13:40 |
| toomany | wanna have sex? | 13:40 |
| Liblx | Since some days I get multiple message boxes saying errors occured but no reason mentioned. I've got Ubuntu 22.04. How can I find more about these errors? | 13:42 |
| Guest72 | what are some decent websites for gay porn | 13:42 |
| Guest72 | seriously | 13:42 |
| pragmaticenigma | !ops | Guest72 | 13:43 |
| ubottu | Guest72: Help! Channel emergency! (ONLY use this trigger in emergencies) - CarlFK, DJones, el, Flannel, genii, hggdh, ikonia, krytarik, mneptok, mwsb, nhandler, ogra, Pici, popey, sarnold, tomreyn, Unit193, wgrant | 13:43 |
| Guest72 | suck my dik | 13:43 |
| Guest72 | d | 13:43 |
| Guest72 | i | 13:43 |
| Guest72 | c | 13:43 |
| Guest72 | k | 13:43 |
| Guest72 | suck it | 13:43 |
| lotuspsychj3 | Liblx: usualy when Ubuntu gives an error, you can unfold the details on that window | 13:45 |
| Guest3210 | Fedora is the best Linux distro | 13:45 |
| Guest3210 | Fedora is the best Linux distro | 13:45 |
| Guest3210 | Fedora is the best Linux distro | 13:45 |
| Guest3210 | Fedora is the best Linux distro | 13:45 |
| Guest3210 | Fedora is the best Linux distro | 13:45 |
| lotuspsychj3 | Liblx: other than that, you can check your journal logs or dmesg too | 13:45 |
| Liblx | lotuspsychj3: not with these. just little windows. nothing in. | 13:45 |
| Guest51 | Fedora vs Ubuntu, which one si better? | 13:46 |
| Guest51 | is | 13:46 |
| lotuspsychj3 | Liblx: check /var/crash dir too, maybe related items in there | 13:46 |
| Liblx | thanks lotuspsychj3 | 13:47 |
| Liblx | i check that first | 13:47 |
| Liblx | any experience with many error boxes without any info? | 13:47 |
| i_am_muscular | ooooof | 13:48 |
| pragmaticenigma | Liblx: in the past, when I've gotten those, it has been from packages installed from 3rd party repositories. Which may not be compiled with options for Ubuntu to see what errors are emitted from the application when it crashes. Also, custom programs I have written that I have setup to run in cron have also triggered vague error messages when they fail. | 13:50 |
| i_am_muscular | Fedora is the best | 13:50 |
| Liblx | lotuspsychj3: thank you very much. i'll check those. | 13:51 |
| pragmaticenigma | Liblx: your best option is what was mentioned earlier, look in /var/crash to see what's in there. If anything, there will hopefully be an execution path of the application that crashed. /var/crash is the staging area for Ubuntu for crash reports, pending the user to click submit | 13:51 |
| Liblx | lotuspsychj3: that's exactly what i need. and there are about 4 files inside. | 13:52 |
| Liblx | thanks | 13:53 |
| fweht | how to make setxkbmap permanent? | 14:14 |
| pragmaticenigma | fweht: Usually you add it to the end of the file in `~/.profile` (if the .profile doesn't exist you can create it) | 14:17 |
| fweht | thank you! | 14:17 |
| fweht | `/etc/X11/xorg.conf.d` also ok? | 14:19 |
| pragmaticenigma | fweht: no | 14:22 |
| fweht | because it doesnt work or bc bad customs? | 14:23 |
| pragmaticenigma | xorg is deprecated, so it's will eventually go away or become less common. xorg.conf files should be reserved for things specific to the display server to work, not customizations. making such things global is not a good idea because it can come back to haunt later, when something goes wrong but now the keyboard isn't working right because you can't get to the configuration file | 14:25 |
| pragmaticenigma | also, the appropriate place for a global change like that would be /etc/profile ... but again not recommended for the similar reasons. .profile is read by the login manager which is a preferred approach, as when you exit an active session, the customizations are removed for the login manager screen | 14:26 |
| Guest24ddt | fuck me | 14:29 |
| zaggynl | whew | 14:31 |
| * Liblx closes temporarily because of the spam. | 14:31 | |
| fweht | pragmaticenigma: thanks for the info! | 14:33 |
| fweht | if xorg goes away, does that mean i cant use xfce anymore :( | 14:34 |
| pragmaticenigma | fweht: xfce developers are hard at work on wayland compatibility https://wiki.xfce.org/releng/wayland_roadmap | 14:35 |
| fweht | sweeeet | 14:35 |
| pragmaticenigma | from the last article I recall, xfce runs in wayland. There's just miscellaneous tools and applications that XFCE project make that still need porting | 14:37 |
| === PowaBanga_ is now known as PowaBanga | ||
| fweht | really cool | 14:44 |
| fweht | i still need to checkout gnome classic shell though, maybe ill like it even better than xfce, but xfce is pretty cool imo | 14:45 |
| tuxick | trying autoinstall on noble-server-cloudimg-amd64.img gives me "Skipping autoinstall module. Expected one of the Ubuntu installer snap packages to be present: subiquity, ubuntu-desktop-installer" | 15:02 |
| tuxick | am i doing something wrong? | 15:02 |
| ogra_ | tuxick, i think the cloud images only have cloud-init on them and no installer at all | 15:27 |
| ogra_ | for autoinstall you will likely need the normal server image | 15:28 |
| ogra_ | (try asking on #ubuntu-server, they might know even more) | 15:28 |
| tuxick | ok thanks | 15:29 |
| === ayjay_t_ is now known as ayjay_t | ||
| madog | hi | 18:11 |
| belovedsandworm | sup boo | 18:11 |
| madog | i im rollapp | 18:11 |
| madog | can you hack rollapp | 18:12 |
| madog | hi | 18:14 |
| bparker | https://ubuntu.com/security/notices/USN-6859-1 | 18:19 |
| bparker | where's the patches for 20.04 ? | 18:19 |
| nyo2 | hi I font my sshd port changed, can it happen by itself for some odd reason? | 18:20 |
| pragmaticenigma | bparker: it's not required for 20.04... 20.04 isn't running a vulnerable version | 18:20 |
| tomreyn | bparker: 20.04 LTS is also known by its release name, "focal". And when you click on the link on the bottom of the page you listed, you'd have learnt what pragmaticenigma just explained. | 18:21 |
| tomreyn | s/listed/posted/ | 18:21 |
| pragmaticenigma | bparker: also see this: https://ubuntu.com/security/CVE-2024-6387 | 18:22 |
| -ubottu:#ubuntu- A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6387> | 18:22 | |
| tomreyn | the link listed under Refences, that is | 18:22 |
| tomreyn | *References | 18:22 |
| bparker | thanks | 18:23 |
| tomreyn | nyo2: i can't think of a reason the port sshd is listening on would change by itself, no. maybe the external port changed due to firewall / NAT reconfiguration? | 18:24 |
| nyo2 | no firewall is ok | 18:24 |
| nyo2 | I have just run rkhunter to see if there are other things... | 18:24 |
| nyo2 | so it is just hacking ok | 18:25 |
| nyo2 | but ssh has only key auth so they font the key to enter as well as the username.... | 18:26 |
| tomreyn | rkhunter is not entirely useless when you expect the system has been compromized AND backdoored. it's hardly a useful intrusion detection and not an intrusion prevention tool, though | 18:26 |
| nyo2 | this is a pc at home, I am on holiday, it manages security cameras... | 18:27 |
| nyo2 | I can ssh to it still | 18:27 |
| nyo2 | it is ubuntu 23.10, has it a vulnerable sshd ? | 18:28 |
| pragmaticenigma | nyo2: How are you able to connect if the port changed, how did you figure out the new port remotely? | 18:28 |
| nyo2 | I did nmap | 18:29 |
| nyo2 | it went to port 22 so I tried it and it worked with key auth | 18:30 |
| tomreyn | 23.10 is known as mantic, and ubuntu.com/security/CVE-2024-6387 can be read as "mantic is affected, openssh version 1:9.3p1-1ubuntu3.6 provides the fix" | 18:30 |
| -ubottu:#ubuntu- A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6387> | 18:30 | |
| nyo2 | if I recall right it also says host changed | 18:30 |
| tomreyn | note that mantic (23.10) has almost reached end of life. | 18:30 |
| nyo2 | ok so is just that | 18:30 |
| nyo2 | yes I have to upgrade but to keep a story short, the server was a pc that I barely use and I had to run for holidays and haven't had time to update ubuntu | 18:31 |
| nyo2 | also because after update I should have checked if everything was working ok, scripts, etc | 18:31 |
| pragmaticenigma | nyo2: the exploit is extremely difficult to pull off and most exploits at this time are using it as a denial of service. Chances of your home connection being the target of a hacker are limited, but not entirely none. However, the goal of an attacker would be to not give away any indication they were on your system. So to randomly change a port doesn't sound like anything more than a forgetfullness about how you configured things before | 18:32 |
| pragmaticenigma | you left home. | 18:32 |
| tomreyn | don't allow for password authentication to sshd, use key authentication only. don't expose it ont he default port. better yet, hide it behind a modern vpn such as wireguard instead. | 18:33 |
| nyo2 | if I just update sshd with apt will I solve this? I have not physical access to this pc so if something during the sshd update goes wrong I cannot access to this pc | 18:33 |
| nyo2 | yes the port change is strange, an attacker could just have had left things as they were and the system compromised | 18:34 |
| bparker | tomreyn: does disabling passwords even prevent this recent CVE from being exploited though? | 18:34 |
| pragmaticenigma | if you are concerned, the only thing I would do remotely is power down the system. trying to update the system over ssh is not recommended | 18:34 |
| nyo2 | I have key auth only on that host | 18:34 |
| bparker | pragmaticenigma: lmao | 18:35 |
| nyo2 | yes I thought the same but cameras are needed | 18:35 |
| bparker | nobody is going to do that, and that's quite an alarmist position | 18:35 |
| tomreyn | bparker: i'm not sure about this, i haven't seen enough technical details about the vulnerability to tell. this was a generic recommendation. | 18:35 |
| bparker | almost everyone updates their system over ssh, especially on servers | 18:35 |
| bparker | without issues 99% of the time | 18:35 |
| pragmaticenigma | bparker: perhaps you haven't enjoyed a mid update network decides to go down while remotely running an apt update... but I have... and it sucks when you can't reach the machine anymore | 18:35 |
| nyo2 | if I just update sshd with apt, config files remains the same? | 18:36 |
| bparker | pragmaticenigma: no, because I use screen/tmux | 18:36 |
| pragmaticenigma | especially since the update in question is to update sshd, the very thing they're connected through | 18:36 |
| bparker | so the network is not tied to the update | 18:36 |
| bparker | nyo2: yes | 18:37 |
| nyo2 | ok going to update sshd | 18:37 |
| pragmaticenigma | nyo2: as mentioned earlier, make sure you are using tmux or screen when doing that | 18:37 |
| nyo2 | I know screen | 18:37 |
| pragmaticenigma | if the connection goes down, your session terminates and so does the update | 18:37 |
| nyo2 | screen has terminated after I sent sudo screen apt-get upgrade sshd | 18:40 |
| pragmaticenigma | nyo2: Launch screen as a local user, then run your `sudo apt-get` commands inside the screen session | 18:41 |
| nyo2 | ok | 18:42 |
| nyo2 | problem is that now it wants to update also other packages, 450 mb in total | 18:42 |
| nyo2 | I am wondering if should avoid this update | 18:42 |
| nyo2 | alsa-ucm-conf apt apt-utils bind9-dnsutils bind9-host bind9-libs dpkg libapt-pkg6.0 libdpkg-perl libpulse-mainloop-glib0 libpulse0 linux-firmware ppa-purge snapd vim-common vim-tiny xxd | 18:43 |
| nyo2 | is what it wants to update | 18:43 |
| nyo2 | something can go wrong, also because the connection is from an usb-modem | 18:43 |
| nyo2 | so I think better I leave it as it is... | 18:44 |
| pragmaticenigma | nyo2: can't really make that determination for you. personally, I wouldn't. But I also don't let updates lapse as long to accumulate such a massive update size. | 18:46 |
| nyo2 | ok thanks you all guys | 18:46 |
| pragmaticenigma | if all that's attached are cameras, and you don't have any other machines with sensitive stuff at home running... just take care of it when you get back | 18:46 |
| nyo2 | I leave as it is, in the end that computer doesn't has sensitive data | 18:46 |
| nyo2 | just my gmail psw | 18:46 |
| nyo2 | but without OTP they cannot access | 18:47 |
| nyo2 | thanks again, bye | 18:47 |
| junyx | Anyone have any experience installing ubuntu on a framework laptop? Just curious of any issues faced | 18:53 |
| pragmaticenigma | I though Ubuntu was one of the choices for install direct from the factory | 18:53 |
| junyx | pragmaticenigma I'm not seeing that on the website but I do recall that was the option before | 18:54 |
| junyx | I think they only do windows 11 now | 18:54 |
| junyx | :( | 18:54 |
| oerheks | framework gives guides | 18:55 |
| oerheks | https://guides.frame.work/Guide/Ubuntu+24.04+LTS+Installation+on+the+Framework+Laptop+13/331 | 18:55 |
| pragmaticenigma | junyx: I just noticed that too, I know that they test their machines using Ubuntu. They do have a focus on making sure their machines are linux compatible as much as possible. | 18:55 |
| pragmaticenigma | junyx: Here's some documentation on Ubuntu/Fedora support for Framework machines: https://knowledgebase.frame.work/en_us/officially-supported-vs-compatible-linux-distributions-ByVPFgyTs | 18:57 |
| junyx | Thanks pragmaticenigma | 18:57 |
| tomreyn | their online shop has a "DIY Edition" (building the device and installing Linux yourself) vs "Pre-Built" option. the latter comes with the Windows OS pre-installed. | 18:57 |
| junyx | tomreyn yeah that's pretty cool. I want to build it myself. I've never built a full laptop before | 18:57 |
| pragmaticenigma | junyx: Interesting fact: Framework builds all their machines at the factory, the DIYs go through the extra step of being disassembled before they get sent to you. | 18:58 |
| JanC | thats' part of QA I suppose | 18:59 |
| pragmaticenigma | indeed | 18:59 |
| JanC | anyway, offtopic for this channel, so probably better move this to #ubuntu-offtopic or #hardware or so | 18:59 |
| junyx | JanC are you an op of the channel? | 19:00 |
| JanC | no, why is that relevant? | 19:01 |
| junyx | pragmaticenigma yeah that's weird that they disassemble it at the factory. Is it just for people who want the experience of building their own? | 19:01 |
| junyx | Sounds like it would just increase their operating costs | 19:03 |
| pragmaticenigma | junyx: components have to be tested assembled to provide accurate QA. but we should probably focus on Ubuntu going forward | 19:06 |
| JanC | at least here; there are other channels available :) | 19:08 |
| sony | hello | 19:20 |
| === P1ro_ is now known as P1ro | ||
| === jimmyb0 is now known as jimmyb | ||
| === dstein64- is now known as dstein64 | ||
| tekisui09 | hello anyway to solve tearfree ? | 20:26 |
| tekisui09 | on 18.04 it was a simple fix | 20:26 |
| pragmaticenigma | tekisui09: without details of your current system, it's really hard to provide an answer to your question | 20:27 |
| tekisui09 | ah it has nvidia gpu, i read nvidia and ubuntu are not best friend | 20:28 |
| pragmaticenigma | those are not the kind of details we're needing | 20:28 |
| tekisui09 | well there some glitch with ubuntu and nvidia | 20:29 |
| tekisui09 | it was easy to fix on 18.04 | 20:29 |
| oerheks | on what ubuntu version now? | 20:30 |
| pragmaticenigma | That doesn't help me to help you in any way. I need details about your current system What version of ubuntu, what type of CPU, what type of GPU, how much RAM, are you running a Wayland session or X-server. Are you trying to run games under steam using proton, and if so have you checked to see if said games are well supported | 20:30 |
| tekisui09 | 22.04 | 20:30 |
| oerheks | i would start wirth details about what nvidia gpu | 20:30 |
| tekisui09 | it´s more watching movies, it tears | 20:31 |
| tekisui09 | geforce gt530 | 20:31 |
| tekisui09 | x.org | 20:31 |
| oerheks | nvidia-driver-390 should work fine | 20:37 |
| oerheks | maybe you can add !HWE | 20:37 |
| oerheks | !hwe | 20:38 |
| ubottu | The Ubuntu LTS enablement stacks provide newer kernel and X support for existing LTS releases, see https://wiki.ubuntu.com/Kernel/LTSEnablementStack | 20:38 |
| epaphus | Hi. I have UIbuntu 22.04 Jammy. I noticed that the regreSSHion vulnerability in OpenSSH affects versions " versions from 8.5p1 to 9.7p1 running on glibc-Linux, are vulnerable" I run OpenSSH_8.9p1 so.. does this mean iam vulnerable? I have the updates applied . | 20:38 |
| oerheks | yes, see the changelog? https://launchpad.net/ubuntu/+source/openssh | 20:40 |
| tomreyn | epaphus: can you tell by looking at https://ubuntu.com/security/CVE-2024-6387 ? | 20:40 |
| -ubottu:#ubuntu- A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6387> | 20:40 | |
| oerheks | not vulnerable anymore, if you rebooted | 20:40 |
| tekisui09 | ok, thanks i will first try to switch the driver, then need to tinker a bit more | 20:40 |
| epaphus | oerheks help me to understand? https://ubuntu.com/security/CVE-2024-6387 its not obvious... i ran apt-get update and it didnt find any new packages to apply. How can I make sure the correct package was applied that fixes this? | 20:41 |
| -ubottu:#ubuntu- A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6387> | 20:41 | |
| tomreyn | epaphus: use apt list --installed openssh or dpkg -l openssh to tell which version you have installed. don't rely on the version number the running openssh process reports. | 20:43 |
| epaphus | tomreyn: I tried that, but it doesnt yield anything.. dpkg-query: no packages found matching openssh | 20:50 |
| epaphus | dpkg -l | grep openssh-server | 20:51 |
| epaphus | ii openssh-server 1:8.9p1-3ubuntu0.10 | 20:51 |
| epaphus | So how can I be sure the correct update was applied? | 20:51 |
| oerheks | compare that to https://launchpad.net/ubuntu/+source/openssh ?? | 20:51 |
| oerheks | and read the changelog | 20:52 |
| sarnold | https://ubuntu.com/security/notices/USN-6859-1 | 20:53 |
| oerheks | and your dpkg log should show this update. | 20:54 |
| tomreyn | epaphus: sorry, i got the package name wrong | 20:59 |
| JanC | tearing when playing movies also depends on the application used for playing movies | 20:59 |
| JanC | (potentially depends) | 20:59 |
| pragmaticenigma | epaphus: dpkg is reporting you have `1:8.9p1-3ubuntu0.10` which matches the listed package on https://ubuntu.com/security/CVE-2024-6387 for jammy. Which means you should be patched at this point. Ultimately if you regularly apply updates as they become available to you, you really should not have anything to worry about. Validation is a good idea and the best source is to list what dpkg lists for your installed packages and compare | 21:01 |
| pragmaticenigma | that to any changelog for the package, or articles referencing the patched version for your specific ubuntu version. | 21:01 |
| -ubottu:#ubuntu- A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6387> | 21:01 | |
| epaphus | pragmaticenigma thank you! | 21:14 |
| junyx | That was pretty quick. Upgraded my server from 20.04 to 22.04 and it only took less than 20 minutes | 22:39 |
| chandoo | hi I have issues with bluetooth. i can detect the device but fail to connect | 22:42 |
| chandoo | error is "Device added successfully but failed to connect" | 22:42 |
| chandoo | its a bluetooth gps device | 22:43 |
| chandoo | how to troubleshoot this issue | 22:43 |
| chandoo | this should make serial connection via bluetooth | 22:45 |
| junyx | chandoo you can check sudo service bluetooth status | 22:48 |
| chandoo | junyx, └─nv-bluetooth-service.conf | 22:49 |
| chandoo | Active: active (running) since Tue 2024-07-02 15:06:11 EDT; 3h 43min ago | 22:49 |
| junyx | Hmm ok. So you have bluetooth active. Do you have another bluetooth device you can test? Maybe its the device you're using | 22:50 |
| chandoo | other device i have same issue | 22:50 |
| junyx | Ok. I'll let someone else answer. That's the extent of my knowledge with bluetooth | 22:51 |
| chandoo | my guess is it not able to make /dev entry for the bluetooth | 22:51 |
| chandoo | okay | 22:51 |
| junyx | chandoo what ubuntu version are you on? | 22:53 |
| chandoo | bionic 18 | 22:54 |
| chandoo | I see this in bluetoothctl Failed to connect: org.bluez.Error.InProgress | 22:54 |
| junyx | Maybe its a driver problem. I don't think new drivers are supported on 18 | 22:54 |
| chandoo | my gps is pretty old, holux gpslim 236 | 22:55 |
| chandoo | it can discover pair, but failed to connect , not sure what else i can do | 22:56 |
| chandoo | i am using Nvidia jetson nano | 22:56 |
| junyx | Unless someone else responds, my idea would be try to live load into a 22.04 or 24.04 image and see if you still have the issue. If you do then its probably an unsupported driver | 22:56 |
| junyx | If you don't* then it's probably... | 22:58 |
| chandoo | junyx, i pretty much like to have 24, I am not able to find any image for jetson nano | 23:02 |
| chandoo | nvidia only does bionic | 23:02 |
| junyx | Oh ok | 23:02 |
| chandoo | I am not sure if i can install ubuntu 24 directly | 23:03 |
| enigma9o7 | Are you using the hwe kernel? There is a chance 5.4 has the driver but not 4.15 chandoo | 23:04 |
| enigma9o7 | And they were suggesting tryint to boot ubuntu 24 live as a test; that'll give you an idea if its likely to install, and if it picks up your device that's not working on 18.04/bionic. | 23:04 |
| === Sidewyz1 is now known as Sidewyz | ||
| chandoo | Linux nano 4.9.337-tegra #1 SMP PREEMPT Tue Jun 11 16:07:05 PDT 2024 aarch64 aarch64 aarch64 GNU/Linux | 23:05 |
| enigma9o7 | There are also different versions of bluetooth, so maybe your machine is old and only supports bluetooth 1-3, and your device is new and only supports version 4-5, in which case, no drivers gunna do anything. | 23:05 |
| chandoo | okay | 23:05 |
| enigma9o7 | Hmmm well that's a custom kernel, and arm64, so I dunno about that. | 23:06 |
| enigma9o7 | ubuntu 18.04 normally has 4.15 kernel and hwe version is 5.4; so dunno why you have 4.9 | 23:06 |
| enigma9o7 | but it ay be speciality oem build | 23:07 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!