| 7 Jul 2024 |
|  Traxys changed their profile picture. | 10:23:32 |
| Traxys changed their profile picture. | 10:25:21 |
|  Toast joined the room. | 17:30:29 |
 matthewcroughan | The arm64 community server is down again | 19:58:50 |
| matthewcroughan | when it is in this state, does anybody know what's happening/ | 19:59:00 |
| matthewcroughan | * when it is in this state, does anybody know what's happening? | 19:59:01 |
| matthewcroughan | Would it be too much to ask for some sort of status endpoint that could be polled to know what the status | 19:59:17 |
| matthewcroughan | * Would it be too much to ask for some sort of status endpoint that could be polled to know what the status is? | 19:59:19 |
| matthewcroughan | I presume it's just in the middle of a reboot or something | 19:59:38 |
| matthewcroughan | Who is it that controls aarch64.nixos.community anyway? | 20:25:58 |
| matthewcroughan | It looks like it is still vulnerable to regresshion | 20:26:06 |
| matthewcroughan | Is it adisbladis or anyone you know? | 20:26:30 |
 emily | note that the OpenSSH version is not a reliable indicator of that (but an old version + the derivation the server comes from not containing the .patch is) | 20:27:53 |
| emily | (not sure if you already took that into account) | 20:28:03 |
| matthewcroughan | Yeah I just saw the version + the config not containing LoginGracePeriod 0 | 20:28:19 |
| matthewcroughan | so maybe it's patched, I didn't look at that | 20:28:26 |
| emily | try nix derivation show $(readlink -f $(which ssh)) | 20:29:00 |
| matthewcroughan | The server is in a bit of a memory exploded state | 20:29:27 |
| matthewcroughan | dmesg has logs I see on my scrappy servers when bad memory things happen :D | 20:29:41 |
| matthewcroughan | Looks like the only patches are
"patches": "/nix/store/isik6ifcjxpw22sfh3kz37galficc78c-locale_archive.patch /nix/store/6id7rg81nbkx9r9pxvax7nssr11xdaas-gss-serv.c.patch?id=a7509603971ce2f3282486a43bb773b1b522af83 /nix/store/ybb4xs45dkngdf3x1xnxqgzn5zmv5alf-dont_create_privsep_path.patch /nix/store/7jbzj9s2wkbznn93ga3aqka6vfx06gjg-ssh-keysign-8.5.patch",
| 20:30:27 |
| matthewcroughan | * Looks like the only patches are
"patches": "/nix/store/isik6ifcjxpw22sfh3kz37galficc78c-locale_archive.patch /nix/store/6id7rg81nbkx9r9pxvax7nssr11xdaas-gss-serv.c.patch?id=a7509603971ce2f3282486a43bb773b1b522af83 /nix/store/ybb4xs45dkngdf3x1xnxqgzn5zmv5alf-dont_create_privsep_path.patch /nix/store/7jbzj9s2wkbznn93ga3aqka6vfx06gjg-ssh-keysign-8.5.patch",
| 20:30:30 |
| matthewcroughan | So yes, it is in fact vulnerable :D | 20:31:20 |
| emily | then I guess it's vulnerable | 20:31:24 |
| matthewcroughan | Shall we do a wordpress and hack it to fix it? | 20:31:43 |
| matthewcroughan | It'd probably just end up rebooting into the generation with the vulnerability anyway | 20:32:13 |
| emily | good luck, I don't think anyone has exploited it on a 64-bit system | 20:32:25 |
| matthewcroughan | Ah right, forgot about that | 20:32:39 |
 zowoq | In reply to @matthewcroughan:defenestrate.it
Who is it that controls aarch64.nixos.community anyway? The nixos infra team: https://matrix.to/#/#infra:nixos.org | 23:03:25 |
 hexa | yes and no | 23:04:29 |
