IRC channel logs


back to list of logs

<jmd>marusich: commit your changes to the guix master?
<marusich>rekado, I submitted a patch to make MTP more painless.
***modula is now known as defaultxr
<Apteryx>Hi Guix! Any idea of which package to install to get japanese characters support in IceCat? Am I simply missing some japanese fonts?
<Apteryx>Nevermind; covered in the manual at section 6.2.3.
<Apteryx>err, 2.6.3.
***Piece_Maker is now known as Acou_Bass
***erdic_ is now known as erdic
<jmd>What is the purpose of the System Install docs recommending the use of cow-store ?
<jmd>So far as I can see, the only thing which is shared between the installation-os and the installed-os is /etc/config.scm - which is tiny. Cow-store just seems like an added confusion with very little gain.
<davexunit>it's needed to deal with stores that are bigger than what can fit in ram disk
<jmd>davexunit: But the store is on the target disk isn't it?
<davexunit>I mean, yes, but you're missing something important.
<davexunit>the installer OS is a GuixSD system, too.
<jmd>So the stores are shared. I see.
<jmd>(I think)
<davexunit>which has its own store, and for 'guix system' to do its job it needs to download or build a ton of stuff
<davexunit>which is likely to fill a ram disk
<jmd>Does that not mean that the installed OS ends up with "a ton of stuff" in its store, that it doesn't need?
<davexunit>it does need it, to create the system that will be installed on the target disk
<jmd>Right. But after it has been installed, it is no longer required.
<ZombieChicken>Anyone here using blender or uBlock Origin?
<ZombieChicken>with either Firefox or Icecat
***MinceR_ is now known as MinceR
<Shduhfhdjsj>If anyone can, run clamscan over their store and see if clamscan menions something about a ttojan. I'm not sure if it is just me or not, but I feel like someone ahould xhexk
<Shduhfhdjsj>Damn webclient a phone. Anyways, it might just be me, but yeah...
<jmd>If seems that neither "C" nor "POSIX" are acceptable locales to guix system init. Why this restriction?
<lfam>jmd: What goes wrong?
<jmd>guix system just gives an error.
<jmd>"POSIX" is not a valid locale name - or something.
<jmd>I didn't make a note of the exact wording.
<lfam>Hm, I've never had to set the locale manually at that stage so I haven't experimented
<lfam>Seems worth a bug report, at least
<ZombieChicken>Anyone alive here?
<lfam>Yes, although I wonder if a zombie chicken is really "alive" or not ;)
<ZombieChicken>Depends on how you define "alive"
<ZombieChicken>lfam: If you have icecat installed, and clamAV, please run clamscan over ~/.mozilla/ and /gnu/store/*icecat*
<lfam>I saw your message about that. Do we have clamAV in Guix?
<ZombieChicken>lfam: I ran into number of cases of a trojan popping up with anything related to Firefox, and since I can't be sure if it's just me, if it's a false positive, or something more serious I think someone else needs to check
<ZombieChicken>I have no clue
<ZombieChicken>guix package -A clam doesn't provide anything, so I'll assume no
<lfam>In any case, can you reply to your original message about this subject with more detail? Specifically, which command you ran to start clamav, and the full output of the command?
<lfam>This is good bug reporting practice :)
<ZombieChicken>I don't have full output
<lfam>Oh, are you not the reporter?
<ZombieChicken>lfam: I've submittied more than one bug report
<ZombieChicken>I mentioned it in a very typo-heavy message from a phone a while back
<ZombieChicken>if you are refering to something on a mailing list, then no, I didn't
<lfam>You're right, sorry for lazily misremembering. I saw it in the IRC log
<ZombieChicken>Yeah, it was in IRC a few hours ago. I've been scrubbing my system since
<ZombieChicken>Basically it seems to be anything related to Firefox
<ZombieChicken>and Icecat, by extension
<ZombieChicken>even the gecko directory for wine installs
<ZombieChicken>so I can't be sure it isn't just my system
<lfam>In general, I'm extremely skeptical of antivirus tools. I'm reluctant to use them on my workstation. I could try the scan on a "throwaway" installation in a few days, when I have access to a second machine
<lfam>Did you try doing a web search for the names of the files that clamav described as malicious?
<ZombieChicken>Eh, I think AV tools have their place.
<ZombieChicken>lfam: Yeah. Hard to find good info on viruses online imo. What I did see was that it was added to clamAV database yesterday
<lfam>They definitely have their place, and I'm ignorant about clamav. I'm certainly not trying to denigrate that project
<ZombieChicken>It's a Cisco-owned open source AV
<lfam>sneek: later tell mark_weaver: Are you able to look into this report of malicious files being distributed with Firefox and Icecat? See the preceding lines in the IRC log for some more detail.
<sneek>Will do.
<ZombieChicken>The virus named was "Win.Trojan.Toa-5370166-0" in my instance, just fyi
<ZombieChicken>I just ran a pull and I'm running clamscan over /gnu/ again to see what it sees
<ZombieChicken>then I'll reinstall Icecat and see what happens
<lfam>`guix pull` won't update the packages in /gnu/store
<lfam>It only updates Guix itself. To update the packages, you'd need to run `guix package -u .` afterwards
<ZombieChicken>yeah, but I rm'ed most of the related files that clamscan said were infected, so I'm doing that more for sanity than anything
<ZombieChicken>I'm not 100% sure what is and isn't needed by guix, so I'm just operating on the safe side
<lfam>You used `rm` on files in /gnu/store?
<ZombieChicken>This is a Gentoo box with Guix installed on it, so I knew it wouldn't entirely hose my system
<lfam>In general, you should never do write to /gnu/store. I understand wanting to remove a malicious file in an emergency, but it will break your Guix installation.
<lfam>Only the guix-daemon can write to /gnu/store
<lfam>But your store is still useful for research purposes :)
<ZombieChicken>Well yeah. Like I said, gentoo box with Guix installed atop it. Breaking something wasn't a real concern
<ZombieChicken>Maybe, but I'm wanting to get rid of crap
<lfam>Do you have access to email?
<ZombieChicken>Yes. Once I finish this up I'll file a bug report
<lfam>Thank you
<ZombieChicken>and probably mention it on guix-devel.
<lfam>I'm sorry I'm not able to investigate directly right now, but I only have one machine, and I can't trust virtualization tools to contain malicious code
<ZombieChicken>I understand. I'm on a network with a known infected Windows box, so the chance of this being just my system is entirely possible
<lfam>You might get very fast service on Mozilla's IRC channels, although I've never tried it
<ZombieChicken>But I'd rather cause a slight panic and be proven that it's either a false positive or that it's just my machine than let something malicious propigate through a package manager
<lfam>If the virus did jump from your Windows box into /gnu/store, I'd be very interested to know how it got into /gnu/store
<ZombieChicken>guix pull then clamscan over /gnu says things are fine...
<ZombieChicken>reinstalling Icecat now
<lfam>I'm using Debian's Firefox, so let me know if there is some file I should be looking for on my machine
<ZombieChicken>iirc they were mostly zipped files. I think one was related to uBlock Origin, but the others escape me
<ZombieChicken>lfam: is /gnu supposed to be on a seperate partition?
<lfam>No, it's not necessary
<ZombieChicken>Then how does it handle prventing writes to the store?
<ZombieChicken>icecat just reinstalled. Rescanning /gnu/...
<lfam>As you saw, the root user can write anywhere.
<lfam>If the browser has root privileges, things are bad
<lfam>Unfortunately, browsers are so insanely complex that bugs like that will occur
<ZombieChicken>Yeah. It's crazy how complex they are these days
<lfam>Beyond this answer, I don't know all the design decisions behind access control and /gnu/store. I'm sure there is discussion in the mailing list archives
<ZombieChicken>It shouldn't have root. I'm not that stupid
<ZombieChicken>Yep. There we go
<ZombieChicken>/gnu/store/.links/18g1immjqx3mqr0d4wsfjp26z7zjqdis0q22bq6imgvk053h7652: Win.Trojan.Toa-5370166-0 FOUND
<ZombieChicken>that's just one instance
<lfam>Are you on x86_64?
<ZombieChicken>going to doublecheck my firewall in a sec to see if there is some weird rule in there somewhere
<lfam>Okay, I'll build icecat from the Guix master branch HEAD and look into it. That file is a hard link to something, btw. Can you check what the "root" of the link is?
<ZombieChicken>it doesn't seem to be a symlink. What kind of link is it?
<ZombieChicken>and clamscan is still going. I'm sure something more useful will pop up in a bit
<lfam>It's a hard link. I'll have to do a little reading to learn how to figure out how to proceed
<ZombieChicken>Well, we can just wait for the scan to hit the related files
<ZombieChicken>It just might take a little while
<rekado>ZombieChicken: could you give me the sha1sum of that file?
<ZombieChicken>rekado: Of which file?
<ZombieChicken>Give me a bit here
<rekado>sha1sum /gnu/store/.links/18g1immjqx3mqr0d4wsfjp26z7zjqdis0q22bq6imgvk053h7652
<rekado>mine is a0798a225f833c5fc495b7d34f842f6895430c05
<ZombieChicken>same here
<ZombieChicken> <- Relavant clamscan output
<ZombieChicken>sans .link dirs
<rekado>when you do “ls -i” on the file it tells you the inode.
<rekado>then you can do find /gnu/store/ -inum 685585
<rekado>(or whatever the inode is)
<rekado>this shows me that the name in the store is: /gnu/store/sc9igiq8f2g2dgv7y405mfkra4dilzcb-icecat-45.3.0-gnu1-beta/lib/icecat-45.3.0/browser/extensions/
<ZombieChicken> And the sha1sums of the files
<lfam>That's an older version of icecat
<rekado>lfam: that’s okay. The file is identical.
<ZombieChicken>AFK. Writing bug report
<jmd>It takes me 20 minutes to build a disk image. How does that compare with others' experience?
<lfam>So, what is 'Win.Trojan.Toa-5370166-0'? Is that the name of a file? Or a label given to something by the AV people?
<lfam>jmd: It's really I/O intensive, so it's a huge pain for me on spinning rust
<lfam>Is it a big disk-image with lots of packages? Is there other I/O happening on a spinning disk?
<lfam>I got my 4-core machine to report a load of >30 once when my auto-backups started while doing disk-image or vm-image operations once
<lfam>I'm going AFK. Let's continue this investigation later
<ZombieChicken>Just send the bug report
<ZombieChicken>...crap, he left
<ng0>new awesome wm version has been release, I try to package this and send it in this night or tomorrow morning
<ZombieChicken>ng0: Hey, got a minute?
<ng0>depends, but yes
<ZombieChicken>ng0: There is a list of files and checksums in that bugreport. If you have Icecat installed, mind checking them against what you have and seeing if it's the same? Also, if it's a version other than 45.3 and 45.5.1, that's great
<ZombieChicken>sha1sums, btw
<ng0>that's more time than I have now, sorry :)
<ZombieChicken>Well, if you remember some other time then. Just wanting to see if anyone else has a matching set of checksums to more clearly see if it's a personal issue or a tree issue
<ng0>the shasums are in the guix packages, I haven't read that bug report yet.. can you summarize the problem?
<ng0>hydra mirror could be behind?
<ng0>otherwise, no idea
<ng0>right now at least
<ZombieChicken>ng0: The problem is a possible virus in the icecat package
<ZombieChicken>I get the feeling it's a false positive, but I'd rather bring it up and find out it's a false positive than ignore it
<ng0>works for me on all systems
<ng0>I'll read the bug report now before getting to the awesome update
<ng0>oh, clam....
<ng0>I'm very sure those are false positives
<ZombieChicken>Well, like I said, I'd rather bring it up than ignore a possible problem
<ng0>Maybe someone will comment with more exposure to clam. Last time I used it professionally was at least 6 years ago
<ZombieChicken>Yeah. I know it isn't the best AV out there, but unless you want to pay for an enterprise license for a closed-source AV, it's the only option out there
<ZombieChicken>Also, ClamAV is owned by Cisco now, incase that is worth anything (which I doubt)
<ng0>that's not what I mean.. AV in general is not that good
<ZombieChicken>Too true
<ng0>parts of the new awesome page are behind gfocf... nice -.-
<ng0>well at least the download worked
<ng0>great firewall of cloudflare
<ng0>or at least "some stupid captcha" for the changelog page
<ZombieChicken>using tor?
<ng0>Awesome 4.0 is the first release of the v4 API level, breaking the proven
<ng0>v3.5 API level after 4 years. This requires to port the existing user
<ng0>configuration and extensions to the new API.
<ng0>not again...
<ZombieChicken>I lost some useful code back in the 3.4->3.5 migration
<ng0>but the rest of the changes read good
<ZombieChicken>Change for Change's sake isn't worth it
<ZombieChicken>It's only progress for people in marketing
<ZombieChicken>and they tend to be clueless
<ng0>do they always use song or album titles for the releases of awesome? up to 3.4 I did not package it myself
<ZombieChicken>I have no clue
<ZombieChicken>I never payed attention
<ZombieChicken>Version numbers say everything I need
***atw` is now known as atw
<atw>merry gravmass to my debian machine . This explains why I lost networking after a dist-upgrade
<ng0>build succeded... last time I tried to configure my system with that it produced strange results though
<ng0>that would require testing on the other computer and I don't want to leave the room, and ssh'ing into it would not proof that a graphical application works :D
<ZombieChicken>atw: You lost networking because the All Stable Debian borked an upgrade and removed your networking software?
<atw>ZombieChicken: admittedly from testing, not stable, but yes. I mean, I only have myself to blame for using testing and not carefully reading the list of changes but still...surprising.
<ZombieChicken>And that was Stable, btw
<buenouanq>Debian/Systemd byorked me over one too many times.
<buenouanq>GuixSD has yet to once (-‿‿ - )
<ZombieChicken>I need to test somethings before I'll install GuixSD on my desktop
<ZombieChicken>but I'm fairly sure it will replace Gentoo for me in the fairly near future
<buenouanq>That said, we basically own everything to Debian and they used to be pretty great. I used it very happily for many years.
<ng0>do you mean owe?
<ng0>awesome-4.0 works for me
<ng0>good night