/srv/irclogs.ubuntu.com/2022/10/06/#ubuntu.txt

=== EriC^^ is now known as Guest5936
lagunalorrei listened to mark shuttleworth's video today about free ubuntupro security patches for 23000 apps..and i registered for it...but after logging in at the bottom of the page it wants me to attach a machine ...what is that about00:54
lagunalorrewhat would i be attaching this machine to00:55
arraybolt3[m]lagunalorre: You attach your (free) Ubuntu Pro subscription to the computer you want to have Ubuntu Pro work on.00:55
lagunalorrearraybolt3 ok...this one and a backup laptop...but there is only one token on the page00:56
sarnoldthat's fine, you can use the token on multiple computers00:56
arraybolt3[m]lagunalorre: It's kinda like a license key, as I understand it. When you update your system, it tells Canonical "I'm using Ubuntu Pro, here's the key that proves I'm licensed to do so", and then Canonical's servers can look at that key and say "Yep, this system is ready to use Ubuntu Pro, send it the Ubuntu Pro updates."00:56
lagunalorresarnold..oh ok00:57
lagunalorrearraybolt3 ok thanks for explaining that00:57
lagunalorrei haven't run into any security problems lately..and it would be tough since i am behind a firewall00:58
lagunalorrebut i registered for it anyway00:58
rob0Firewalls can't protect you as much as you may think. If a vulnerable bit of software on your system reaches out and hits something hostile, the firewall can't block that.01:00
lagunalorrerob0 but the firewall shuts down all ports except port 80...no more ftp weakness or dns weakness or any other port....and an updated browser does a lot to protect the only open port 8001:01
arraybolt3[m]Firewalls prevent software from sending data out or receiving data in without your permission, but if a piece of software is allowed through, the firewall likely won't do anything with the data that goes through. That's the weak link.01:02
arraybolt3[m](But then again, your browser is covered even without Ubuntu Pro, so if you apply updates, it shouldn't matter either way.)01:02
lagunalorrearraybolt3 yes but i don't allow apps to go out or anything to come in except for the browser01:02
lagunalorrearraybolt3 and all dns traffic is now passing through the port 80 to cloudflare only01:03
arraybolt3[m]Right, but if a piece of malicious data is downloaded by the browser from a website you visit, and that data glitches the browser and causes it to execute code it didn't mean to, then you're hacked. (Again, this is just the "how it would happen" scenario - keeping a system updated prevents that from happening in all but the rarest of situations, and you would be protected even without Ubuntu Pro.)01:03
arraybolt3[m](They call it a buffer overflow vulnerability - it's both fascinating and terrifying. It's also a good part of why I'm somewhat vigilant about keeping my system updated. :P)01:04
lagunalorrearraybolt3...yes but the browser is also clamped down not only by recent updated browser code but also ublock adblock noscript and so on01:04
arraybolt3[m]Very good.01:05
* arraybolt3[m] also uses an adblocker everywhere01:05
lagunalorrei tried to put sudo pro attach longtokennumber but it says pro is not an executable command01:06
lagunalorrewhen i tried to copy and paste the command it does not work01:07
arraybolt3[m]lagunalorre: That means you need to update the Ubuntu Advantage client. Lemme find the command...01:07
arraybolt3[m](It should autoinstall eventually, but it's not quite there yet.)01:07
sarnoldinstall ubuntu-advantage-tools01:07
arraybolt3[m]lagunalorre: Run `sudo apt install ubuntu-advantage-tools` first, then try again.01:08
arraybolt3[m]I just did it, now running "pro --version" works for me.01:08
lagunalorrearraybolt3 yes it is starting to install some stuff now01:09
lagunalorrearraybolt3 ok it enabled a couple of services and installed some dhcp patches...and i guess it is uptodate01:10
arraybolt3[m]You followed this whole guide, right? https://discourse.ubuntu.com/t/ubuntu-pro-beta-tutorial/3101801:11
sarnolddhcp was just coincidental, that would have been installed even without ubuntu pro https://ubuntu.com/security/notices/USN-5658-101:11
lagunalorrearraybolt3 i am not sure why a dhcp patch was necessary as that is only local traffic between this laptop and the wifi router01:12
lagunalorrearraybolt3 but anyway it is installed01:12
arraybolt3[m]You still need to attach your system to Ubuntu Pro and then activate the extra updates.01:12
lagunalorrearraybolt3 how do you activate the updates01:13
arraybolt3[m]sudo pro attach [YOUR_TOKEN]01:13
arraybolt3[m](Replacing [YOUR_TOKEN] as applicable.)01:13
lagunalorrearraybolt3 yes i already did that and it enabled 2 services01:13
arraybolt3[m]Then:            sudo pro enable esm-apps --beta01:13
arraybolt3[m]And you did the sudo pro enable esm-apps --beta step?01:14
lagunalorreit enabled esm-infra and livepatch01:14
arraybolt3[m]OK, then you still need to run "sudo pro enable esm-apps --beta". So far only part of Ubuntu Pro is enabled.01:15
arraybolt3[m]The above command enables the rest of it.01:15
arraybolt3[m](Here's hoping they make this more user-friendly in the future!)01:15
lagunalorrearraybolt3 ok it says esm-apps enabled01:16
arraybolt3[m]Nice! Now you should be able to do "sudo apt update && sudo apt full-upgrade".01:16
user9dcould someone survive on a 8GB RAM laptop with 1TB swap partition on the their HDD + Ubuntu 22.04 live ISO burned to a DVD that is used to boot into Ubuntu 22.04 for an average of 3.92 day uptime while using that system as a computer for daily activities of talking on irc + creating random programs in Bash 5, Perl 5, Python3, and PHP 7 for 5 years straight?01:28
arraybolt3[m]user9d: No. I see a week link here.01:28
arraybolt3[m]user9d: If you used an Ubuntu 22.04 live ISO as your main operating system solely for five years, you won't get any security updates during that time as the DVD is read-only and won't accept the security updates.01:29
arraybolt3[m]user9d: As a result, it would be just as bad as using an EOL version of Ubuntu.01:29
arraybolt3[m]What would work would be to install Ubuntu directly to a USB drive that can accept updates. Then I can see this working (though a 1 TB swap partition?!?!?! That's quite overkill.)01:29
arraybolt3[m]However, even with a USB drive installation, you probably wouldn't last for 5 years as the USB drive would likely wear out before then.01:30
arraybolt3[m]Since you'll never need the 1 TB of swap for anything (due to the speed of the partition and the intended use cases), I'd just install Ubuntu to a large portion of the hard drive, and leave yourself some swap space to cope with the 8 GB of RAM. Probably 8 GB of swap would help here, more if you intend on really pushing the system (though it will get slower when it starts swapping to disk).01:32
user9dwhy does linux care as much about security as windows os because my android 7 smartphone hasn't system updated in 5 years?01:34
arraybolt3[m]user9d: Because cellphone manufacturers don't care to keep their hardware from going obsolete and would rather make it so people have to upgrade or risk getting hacked.01:35
=== keypushe- is now known as keypusher
user9dwhat's the point of preventing getting hacked on Ubuntu when 99.9% of the time you are hacked it feels like you're 99.9% secure because it's so fast?01:37
arraybolt3[m]user9d: Good question, but I think this would be more on-topic in #ubuntu-discuss. Care to ask it over there?01:37
rob0DNS over https (DoH) is port 443; DNS over TLS (DoT) is port 853.01:39
rob0lagunalorre: ^^01:39
lagunalorrerob0 why is an extraport being opened for dns when all traffic could be handled through port 80 only02:08
rob0most web traffic has been https (443) for a long time02:09
lagunalorrerob0 yes i remember the port 443 for https compared to http at port 8002:09
lagunalorrerob0 but why don't they shut everything down except port 80..since all video communications can be handled directly through the browser02:10
lagunalorreas well as secure sockets02:11
lagunalorrerob0 nobody uses ssh,ftp,gopher,udp, or any of that other stuff anymore that was present 30 years ago02:12
rob0nobody?  I sure do.02:12
rob0well,not much ftp, and gopher is gone02:12
lagunalorrerob0 well you do so at your own risk...because opening your ports to the world leaves you vulnerable for exploits that can take advantage of inadequate buffer issue02:13
lagunalorrerob0 then they can install malicious code, rootkits, and trojan horses and all kinds of crap which are real headaches to deal with02:15
rob0I'm aware of risks, thanks. I don't lose sleep over sshd.02:15
lagunalorrerob0 i have even seen them try to embed code in simple email docs02:18
lagunalorrerob0 or use emailed links to try to lure the browser into unsafe sights of malicious coders02:19
lagunalorrerob0 that typically take advantage of buffer issues or sometimes take advantage of javascript or jre's...that is why everybody uses noscript and turns javascript off in the browser and never installs java runtime environments02:22
lagunalorrerob0 and most people try to even limit browser activites in a sandboxed fashion02:23
lagunalorrerob0 where the sandbox is isolated from the rest of the directories of your system02:24
seanhello all02:25
seanwhat do you all think of the ubuntu DDE ??02:26
lagunalorresean..what is DDE the old dynamic data exchange topic02:27
lagunalorresean when you use acronyms..we have no idea what you are referring to02:27
arraybolt3[m]I think he means Deepin Desktop Environment.02:29
lagunalorrearraybolt3 oh02:29
lagunalorrearraybolt3 i am surprised mark shuttleworth is such a young man that i saw in the video...i knew he had been around for a long time with ubuntu...so i thought he was much older like bill gates02:33
ice9why skypeforlinux process have 119 threads??03:08
sarnoldprobably one for every button, one for the camera, microphone, one for smoothing and compressing video, one for compressing audio, a bunch for dns lookups, a bunch for network communications..03:11
oerhekshow many treads has vscode?03:22
=== guiverc2 is now known as guiverc
=== LabMonkey is now known as Mechanismus
noarbwhat are the benefits of using the evdev subsystem versus libusb and hidapi? I have a feeling the differences are historical and how they were developed, but I'm not sure03:36
jhutchinslagunalorre: I think you have an unrealistic sample of "everybody" who is paranoid about web browsing.04:04
jhutchinsMost people do not take elaborate precautions, they just install a browser and browse.04:05
lagunalorrehutchins well the online world is full of victims who weren't paranoid04:05
jhutchinslagunalorre: Again,  I am suspicious of your sampling method.  You appear to be suffering from selection bias.04:06
lagunalorrejhutchins...well i have a small sample size of careful people....namely 1 me..i am not sure it is biased...because of so many naive victims of the hostile internet04:07
jhutchinslagunalorre: How have you determined that there are "many naieve victims"?04:08
lagunalorrejhutchins nearly every day you hear of internet victims falling prey to all kinds of malicious code and other scams04:08
jhutchinslagunalorre: How do we know if these are actually common, or are edge cases that make a sensational story?04:09
lagunalorrejhutchins...no they are real...i have encountered lots of attempts to sabotage or steal info/monetary assets over the last 50 or so years04:10
jhutchinslagunalorre: This does not indicate that they were successful.04:11
lagunalorrejhutchins no they haven't been so far as i am concerned but i have heard of many other victims that did not take adequate action to protect themselves against an incredibly hostile internet04:12
jhutchinslagunalorre: I am aware of a fairly large number of users who simply are reasonably careful about what they click on and where they disclose sensitive information and have not had any trouble over the years.04:12
jhutchinslagunalorre: I should also point out that by citing a sample extending 50 years you are straying from your original topic which was web browsing.04:13
lagunalorrejhutchins...yes but thieves and saboteurs and conmen existed way back in the old bbs days before the internet04:14
jhutchinsI just realised that this is #ubuntu and we are WAY off-topic, I'm going to drop it.04:14
arraybolt3jhutchins: I actually am kind of paranoid about internet security also, not because of sample sizes of people who were or weren't pwned, but because of knowing that tools for pwning exist and that they have been deployed in terrifying ways in the past.04:14
arraybolt3For instance, the Blackhole Exploit Kit exists, and one time a malicious advertisement that I believe did a drive-by download ended up on Spotify.04:15
lagunalorrejhutchins and got worse and more plentiful when the lines were open to the world wide web of many hostile countries and gangs04:15
arraybolt3My way of protection is - a) Only visit trusted sites on my main computer, b) use an adblocker, and c) visit untrusted sites in a QEMU virtual machine.04:15
arraybolt3jhutchins: Oh, just saw your thing about off-topic. I was going to say something, but I thought discussing how to secure Ubuntu and if it was necessary was on-topic.04:15
arraybolt3(Maybe only kinda on-topic, but still...)04:16
jhutchinsarraybolt3: That may be, but we've gone beyond "how" into "why".04:16
lagunalorrejhuthins don't set people up to be victims because of laxadaisical attitudes....let them know it is better safe than sorry04:17
jhutchinsJust because you're paranoid doesn't mean they're not out to get you.04:20
lagunalorrejhutchins i am a qualified doctor and i don't believe in giving information that would cause some people to be harmed04:22
lagunalorrejhutchins as a doctor i don't take advantage of people nor do i want to see that happen to them by anyone else04:22
jhutchinslagunalorre: This is still  off-topic here.04:24
lagunalorrejhutchins well i guess security issues can be discussed elsewhere04:24
jhutchinslagunalorre: Perhaps ubuntu-offtopic.04:24
jhutchinsIf your system has a sync interval of 34m, and you suspect that something has caused drift in less than that time, is there any way (using only systemd/timesyncd) to request an immediate sync?05:39
ice9what's the difference between a package in "jammy" and "now"?05:43
tarzeauare people using jammy with or without jammy-updates?05:53
tomreyntarzeau: hopefully with?05:54
tarzeauis with recommended?05:54
tarzeaui was refering to the sources.list entry, not whether one updates or not05:54
tarzeauis without possible and supported too?05:54
tomreynhaving bug and security fixes makes sense to me05:54
jhutchinstarzeau: I suppose it depends on what you want out of it.05:55
tarzeauosn05:55
tarzeauisn't security in jammy-security separately?05:55
tarzeaujhutchins: i want stable computers for a lot of users05:55
tarzeauand i appear to have a problem with phased updates and jammy-updates that packages disappear (get moved to phased updates), while i have phased updates participation disabled05:56
arraybolt3!phasedupdates | tarzeau, you might find some info to help with that here05:56
ubottutarzeau, you might find some info to help with that here: Since Ubuntu 21.04, APT now implements phased updates. This can hold back updates on some systems while they are being phased in. See https://help.ubuntu.com/community/PhasedUpdates for more info.05:56
tarzeauthus some xymon-client/hobbit-plugins reports packages not installed from repo05:56
arraybolt3There's instructions on how to make your system ignore update phasing, as well as some reasoning behind why it's not necessary.05:56
tarzeauarraybolt3: thank you for the link, all read, and got it finally as wanted: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/198167205:57
ubottuLaunchpad bug 1981672 in aptitude (Ubuntu) "phased updates API and client for aptitude" [Wishlist, Triaged]05:57
tomreyntarzeau: https://wiki.ubuntu.com/SecurityTeam/FAQ#How_are_the_.22-updates.22_and_.22-security.22_pockets_different.3F05:57
tarzeauarraybolt3: it might not be necessary, but it's a wanted way simply because we don't have auto-app-crash-reporter running, we don't want to take part on phased updates05:57
arraybolt3tarzeau: Whatever works for you. If you know the risks and are like, "Yeah, I want to install it anyway", then great. That's what the setting is there fore.05:58
tarzeautomreyn: that faq entry explains the difference between -updates and -security, and we have -security, but no phased updates nor -updates. what am i not seeing?05:59
tarzeauarraybolt3: the most annoying part about phased updates is they can get updated while some already have it, some other machines don't, and they start from 0% with another new version again - me ending with machines with 3 different versions of software (happened shortly with systemd)06:00
tomreyntarzeau: so, for security updates, my understanding is that they are published on -security first, then also on -updates. but this would not matter to you if you have -security, i guess. but what matters to you, you said, is stability, which probably means you want bug fixes. those surely can go to 'jammy-updates' months before they hit 'jammy'06:00
tomreyntarzeau: i don't know about / can't comment on the phased updates issue you're dicsussing.06:01
arraybolt3tarzeau: There's a setting for making machines all "phase together", which I didn't document in the above link. Info on that is here: https://askubuntu.com/a/1431742/159846706:02
tarzeauarraybolt3: i was aware of that setting, thanks for pointing out06:03
tomreynjhutchins: sudo kill -1 $(pgrep --full --oldest systemd-timesyncd)06:05
tomreynjhutchins: tcpdump tells me this make timesyncd connect to ntp.canonical.com:12306:08
jhutchinstomreyn: Thanks.  Seems pretty roundabout.06:21
=== Mibix is now known as Mibixaurus
marcin_Hi, I have xubuntu-22.04 but I am pretty sure the issue is related to ubuntu. I am trying to import gpg public key, and I am receving an error07:06
marcin_gpg --import public.key07:06
marcin_gpg: nie odnaleziono poprawnych danych w formacie OpenPGP.07:06
marcin_gpg: Ogółem przetworzonych kluczy: 007:06
marcin_on another ubuntu station, I can import it07:06
marcin_I did not find anything in the net :(07:07
SteelRosemarcin_: can you please translate the error to English?08:00
marcin_@steelRose: gpg: no correct/proper data found in OpenPGP format08:04
SteelRosemarcin_: how did you transfer the file over to the affected Ubuntu system?08:06
marcin_copied form 1password, where I store it, and try to store it with echo, echo -n, vi & nano08:07
marcin_none worked08:07
SteelRosemarcin_: why don't you scp the file?08:09
SrainUser111Hi08:10
SrainUser111How do I add a sudo user, and i must be administrator??08:10
marcin_SteelRose: i can not do it with scp08:10
SteelRosemarcin_: another option would be to select everything with the mouse, save it to the clipboard... then, on the target host run: cat > foobar.gpg   and paste everything... then hit ctrl-d to save08:10
SteelRoseSrainUser111: you must be either root to do it or have your user already added to the sudoers file08:11
SrainUser111ok08:11
marcin_SteelRose: I will try08:12
SteelRoseSrainUser111: if regular users could promote themselves to root that would be a security flaw...08:12
marcin_and let you know08:12
SteelRosemarcin_: OK08:12
=== ss is now known as Guest1629
marcin_SteelRose: I did: gpg --import, pasted everything. pressed enter, then Ctrl + D and still the same08:29
SteelRosemarcin_: did you paste the contents to a file before doing the import?08:34
marcin_yes, then cat it08:34
SteelRosemarcin_: no :-) Please take a look at this: https://pastebin.com/amJSsSS008:36
nikolamI can't ser Other os to boot as defaut in XUbuntu's GNOME. I think I tried all I found.09:16
=== mkv is now known as m4v
alkisgnikolam: run `sudo -i` first, and then:09:26
alkisgmkdir -p /etc/default/grub.d &&09:26
alkisgwget https://gitlab.com/sch-scripts/sch-scripts/raw/main/share/sch-scripts/grub.cfg -O /etc/default/grub.d/sch-scripts.cfg && update-grub09:26
alkisgIt makes grub show the menu, REMEMBER the last default, and boot it in 5 seconds09:26
alkisgSo if you reboot from windows, it'll boot windows, if you reboot from linux, it'll boot linux09:27
ikoniaanyone know if ubuntu is shipping their work on microk8 anywhere outside of snap packages ?09:38
nikolamalkisg: I'll try it and report. I think I used to try saved and savedefault, will try it his way.09:59
nikolamThanks09:59
alkisg👍️10:00
=== zakalwe` is now known as zakalwe
Ricohello. using ubuntu-mate 22.04, how can I start an application (from terminal) on a specific display ? (I have 2 screens)10:25
agent_whiteRico: I would look into xdotool.10:27
SteelRoseRico: do an "echo $DISPLAY" on each screen... then set it as needed before starting the application10:27
agent_white^ that too.10:28
RicoSteelRose: it returns :0 on each screen10:28
SteelRoseRico: that's normal... try setting it to :0.0 and :0.110:29
SteelRoseDISPLAY=:0.1 ; firefox10:29
SteelRosefor example10:29
SteelRoseRico: other than that, you can tell MATE to remember where the windows were when you close the session10:30
Ricoonly :0.0 works and it opens app on the current screen10:30
ograRico, https://ubuntu-mate.community/t/open-application-on-current-workspace/1350410:33
Ricoogra: thanks, but that's not what I asked for10:35
ograRico, yu want tuy app to be tied to a certain screen (workspace) don't you ?10:35
ogra*you want your app ...10:36
agent_whiteRico: This is a more intense option, but if you use a tiling window manager, opening under your mouse cursor (or having the abiliity to quickly move/do this) is the default.10:36
Ricoogra: no. I want to be able to chose the screen on which my app will popup when I start it via terminal10:36
ogra"close the screen" ?? you mean unplug the monitor ?10:37
ograbah, can't read10:37
ograsorry10:37
agent_whiteI would whip up a little script using xdotool.10:37
agent_whiteand xrandr.10:37
ograRico, and according to that discussion you can only do this with compiz10:37
agent_whiteTo take in the screens available, resolution, shift your mouse and spawn it... is one option.10:38
ograagent_white, how would xrandr help here ?10:38
agent_whiteJust for measuring screens. Ideally, you take that full width, shift 75% either way and you will hop screens.10:38
ograit wont manage anything application specific ...10:38
agent_whiteCorrect, which is why it's good.10:39
agent_whiteUse output from xrandr to feed xdotool which can be used to manipulate x11 windows.10:39
agent_whiteOr since your monitors don't change all the time, hardcode it.10:39
agent_white(excluse xrandr)10:39
Ricostrange thing that xrandr only shows one screen10:39
ograwell, ten you should probably rather use something like devilspie and simply tell your WM where to place it ...10:39
agent_whiteRico: That's my point.10:40
agent_whiteIt sees multiple displays as one single screen. They compose it.10:40
agent_whitexdotool can help you narrow down to a specific place on your desktops to place it. Just look into it.10:40
Ricook thanks10:41
marcin_SteelRose: the same unfortunately :(11:25
TomyLoboI just found out the docker snap auto-updates daily, if there's an update available. is anyone using that in production?11:27
=== scoobydoo_ is now known as scoobydoo
TomyLoboyou can probably turn that off, but that's not a nice default. desktop users already have a different auto-update mechanism, so that should be used. server users can install unattended-upgrades if they so choose11:36
SteelRosemarcin_: can you compare the files on one server where it works and on the other where it doesn't?12:17
SteelRosemarcin_: run an md5sum private.key on both (where "private.key" is the file you want to check)12:17
alkinoHello, I want to know if it is possible to have several "desktops" with basic ubuntu?12:56
alkinoin tiling we call it "tag" sometimes12:57
SteelRosealkino: yes12:58
SteelRosealkino: do you mean virtual desktops?12:58
alkinoSteelRose: maybe, I find nothing because I don't know the name under ubuntu12:58
alkinoI will lool for that ;)12:58
alkinoit works with gnome-tweaks13:03
alkinothanks ;)13:03
BluesKajHi all13:09
SteelRosealkino: np13:21
=== diskin is now known as Guest6392
=== diskin_ is now known as diskin
=== LanDi1 is now known as LanDi
=== ajfriesen4 is now known as ajfriesen
edduhola15:01
oerheks:-)15:02
eddu:)15:04
=== LanDi1 is now known as LanDi
=== LanDi1 is now known as LanDi
=== EriC^^_ is now known as EriC^^
=== LanDi1 is now known as LanDi

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!