20:05:01 <DavidWHodgins> #startmeeting 20:05:01 <Inigo_Montoya> Meeting started Thu Jan 18 20:05:01 2018 UTC. The chair is DavidWHodgins. Information about MeetBot at http://wiki.debian.org/MeetBot. 20:05:01 <Inigo_Montoya> Useful Commands: #action #agreed #help #info #idea #link #topic. 20:05:05 <lewyssmith> Good group tonight. 20:05:05 <DavidWHodgins> #topic * Who's new? - If you are then come and say hello. 20:05:23 <DavidWHodgins> So, anyone here who hasn't been to a qa team irc meeting before? 20:05:48 <DavidWHodgins> #topic * Spectre and Meltdown hardware flaws and kernel status 20:05:55 <DavidWHodgins> tmb: Are you here? 20:06:04 <wilcal> I still here lots of uncertainty over this 20:06:24 <DavidWHodgins> Yes. Especially the microcode updates 20:06:37 <DavidWHodgins> Apparently causing problems on some hardware 20:06:38 <tmb> yep 20:06:51 <wilcal> Still no real exploits in the wild yet, correct? 20:06:55 <DavidWHodgins> What's your take on the status? 20:07:01 <DavidWHodgins> wilcal: Nope 20:07:30 <tmb> DavidWHodgins, what status ? 20:07:55 <DavidWHodgins> Of the spectre updates, especially the microcode packages 20:08:16 <wilcal> Explain how microcode will effect us 20:08:35 <tmb> DavidWHodgins, you mean RH pulling the microcodes ? 20:08:41 <DavidWHodgins> Yes 20:10:05 <tmb> Well, I havent seen/heard any problems on Mga yet... so I was thinking of waiting out the new set of microcodes that should land next week... 20:10:26 <DavidWHodgins> Ok. 20:10:35 <wilcal> So the "microcode" is part of the kernel updates? 20:10:37 <DavidWHodgins> Btw, no problems so far on my systems 20:11:00 <DavidWHodgins> wilcal: It's often included with the kernel updates, but is a seperate package. 20:11:45 <DavidWHodgins> It's very hardware dependent, so needs a wide variety of testers 20:12:06 <wilcal> If everyone has to reflash their bios or such that'll turn into a nightmare 20:12:07 <tmb> I mean since the "workaround" is easy if needed: urpme microcode && dracut -f && reboot 20:12:40 <DavidWHodgins> That's provided the user can get into the system to run those commands 20:13:29 <DavidWHodgins> wilcal: Yes, especially since it can brick a system (been there, done that). 20:14:07 <DavidWHodgins> With a soldered on bios chip, that meant replacing the motherboard. 20:14:10 <wilcal> Lots and lots of legacy platforms running critical applications 20:14:41 <tjandrews> And how many of our users are running systems considered obsolete that won't be updated? 20:14:50 <wilcal> Intel can't just condem 15 years of motherboards 20:14:51 <tmb> DavidWHodgins, well so far most issues I've seen is when systems are heavy loaded, so most should be able to boot 20:15:03 <DavidWHodgins> Ah. Ok. 20:15:11 <brian__> well - two of mine at least 20:15:25 <brian__> but no issues so far 20:15:32 <wilcal> So the last kernel update contained some "fixes" right? 20:16:08 <DavidWHodgins> My understanding is that it includes fixes for variant 2 of spectre (meltdown was variant 3). 20:16:32 <wilcal> I have'nt seen any slowdown that I can notice 20:16:59 <brian__> on my i3 I thought I did, but thankfully it was a bad extension in firefox 20:17:12 <brian__> x extension, life better 20:17:50 <DavidWHodgins> I've noticed a few, for example loading opera where my mail storage has over 180,000 msgs stored in it. Roughly a 20% increase in loading time. 20:18:16 <tjandrews> Mageia 8 in vbox seems a bit slower on my Core2Duo. 20:18:27 <DavidWHodgins> Any application that opens a large number of files is noticeably affected. 20:18:30 <tjandrews> Mageia 8= Mageia 6 20:18:32 <wilcal> That's a database function and as I understand it that's where performance will be effected 20:18:39 <tjandrews> Fumble fingers. 20:18:43 <DavidWHodgins> :-) 20:18:56 <tmb> No, we patched for Meltdown, as that one is the easiest exploited one... 20:19:47 <tjandrews> Maybe I need a microcode patch for my fingers... ;) 20:19:48 <DavidWHodgins> The new patches are for Varient 2, are they not? 20:19:50 <tmb> microcode takes care of parts of variant 1, and fixes for variant 2 is now starting to land upsream.... 20:19:58 <wilcal> So expect another round of kernels in a week or two? 20:20:40 <tmb> I already have a 4.14.14 in testing but it misses some bits so I wont assign to qa yet 20:21:13 <lewyssmith> Just the desktop & server? 20:21:34 <brian__> and tmb I hope as I use that on my lappy 20:21:35 <tmb> compiler part for variant 2 have started to get merged in gcc 8 & 7.3, and will be backported afaik to all active branches... 20:22:19 <tmb> and kernel bits for variant 1 have been posted on lkml for rewview so they will end up in kernel soon-ish 20:22:31 <tjandrews> I considered trying 4.14.14, but decided to wait for the vbox kmods. 20:22:41 <DavidWHodgins> So from the qa teams point of view, we should expect more fixes, but they will not be as urgent as the meltdown fixes were. 20:22:56 <lewyssmith> brian__, I do not think these scares affect anyone but VM type servers. 20:23:24 <lewyssmith> Or servers with shared DB. 20:23:37 <DavidWHodgins> I guess the most severely affected are those companies that run cloud servers. 20:24:02 <brian__> that was my thought. With browsers adding randomization, makes me think they are concerned with drive-by 20:24:38 <lewyssmith> Most individual or private systems are not vulnerable. You share stuff with yourself. 20:24:48 <wilcal> AWS must be going crazy inside 20:24:50 <tmb> the problem is that no-one really can say so far where all this mess ends 20:25:11 <lewyssmith> Lots of business for Intel next time round. 20:25:12 <brian__> true 20:25:21 <tmb> for every new info that rolls out about this shows way more ways to exploit 20:25:32 <wilcal> People scared into buying a new computer 20:25:41 <lewyssmith> Unjustly. 20:25:48 <brian__> only those of us with tin-foil hats 20:25:53 <tmb> wilcal, that wont help 20:25:55 <DavidWHodgins> Which won't help if the new ones are just as broken 20:26:24 <tmb> we need new hw design... something that usually takes 2-5 years to roll out :) 20:26:26 <brian__> what might be interesting is if cloud vendors may have to adjust rates because of additional cpu load 20:26:39 <DavidWHodgins> Looks like more people will have to learn safe hex, and layered security. 20:27:07 <brian__> it would be nice, but most leave their routers with default admin and password. 20:27:30 <DavidWHodgins> I know. :-( 20:27:38 <wilcal> I heard that the Raspberry Pi is not effected :-)) 20:27:41 <brian__> so meltdown might drive people to buy laptop coolers instead. ;-) 20:28:13 <DavidWHodgins> Anyway, we're really drifting off topic. Let's get back to the meeting. :-) 20:28:17 <DavidWHodgins> #topic * Testing updates - Any other difficulties, problems, issues? 20:28:49 <DavidWHodgins> The graphical stack, bug 22392 is a big one. 20:28:51 <[mbot> Bug: ['Updated graphical stack for mga6', 'NEW', 'QA Team'] https://bugs.mageia.org/show_bug.cgi?id=22392 20:28:54 <wilcal> Sorry my activity testing updates has been quite low as I pack for my move 20:29:11 <brian__> is that across all UI's? 20:29:16 <tjandrews> Not many updates for Mageia 6 that aren't related to the previous topic. 20:29:21 <DavidWHodgins> brian__: Yes 20:29:33 <brian__> ok - that's approachable then 20:29:53 <wilcal> I question the need for the Vbox update in M5. Is that because of Spectre and Meltdown? 20:29:59 <brian__> nextcloud - can someone answer my ?'s? 20:30:04 <DavidWHodgins> As usual, we need people with nvidia hardware to test that update, bug 22410 20:30:06 <[mbot> Bug: ['Update request: nvidia340 340.106', 'NEW', 'QA Team'] https://bugs.mageia.org/show_bug.cgi?id=22410 20:30:31 <brian__> can't help there, I think that's TJ's realm 20:30:36 <tjandrews> I did my part. 20:30:37 <brian__> mine are 304 20:30:38 <tmb> wilcal, there is no vbox for mga5 20:31:18 <lewyssmith> tjandrews, You did indeed, and elsewhere. 20:31:40 <wilcal> https://bugs.mageia.org/show_bug.cgi?id=22408 20:31:42 <[mbot> [ 22408 – Update request: virtualbox 5.2.6 ] 20:32:00 <tjandrews> I tested on an AMD system. We need somebody with an Intel system on the nvidia340 driver. 20:32:02 <wilcal> Ok sorry now i see 20:32:47 <brian__> I still have outstanding questions on https://bugs.mageia.org/show_bug.cgi?id=22026 20:32:49 <[mbot> [ 22026 – Upgrade the nextcloud server in updates to prevent the mess we had in MGA5 with backports. ] 20:33:08 <brian__> 1. It says it is a major and rejects 20:33:21 <brian__> 2. straight install results in a new requirement for mariadb 20:33:43 <DavidWHodgins> Been a long time since I looked at nextcloud. It was relegated to backports as the updates often included manual config file changes, so the updates were not "just installable". 20:33:58 <brian__> hasn't changed 20:34:36 <DavidWHodgins> For not working with sqlite, we'll have to wait to hear back from the packager if that was upstream, or a packagers choice. 20:34:39 <brian__> my concern is if we make 12.03 default, then nextcloud becomes painful to implement 20:34:52 <brian__> yeah - hopefully soon 20:34:55 <tmb> brian__, if it *requires* mariadb (the server part), then it's broken update... we dont force install of db server on same host 20:35:00 <brian__> I'm about to get very busy again 20:35:26 <DavidWHodgins> It should have a requires that includes either mysql, or mariadb, or (if it works) sqlite. 20:36:05 <brian__> it works, as I took 11.03 set it up, moved to 12.03, then reset up users with sqlite 20:36:10 <tmb> no, that will force installing a sql server on a host even if you have a separate sql server already 20:36:18 <DavidWHodgins> tmb: Ah. Good point. 20:36:40 <brian__> default should be light footprint for amateurs like myself. 20:36:48 <DavidWHodgins> I forgot that the db server can be on a seperate host. 20:36:51 <brian__> otherwise we'll have default password maria's all over the place 20:37:41 <DavidWHodgins> brian__: I think that's just a matter of clearer documentation, that a db server must be available. 20:38:13 <brian__> hmm - older version provides sqlite, that's my complaint 20:38:40 <brian__> and I tried getting modules, but it is a task to make it work. granted, no idea if more than a handful use nextcloud on mageia 20:38:48 <DavidWHodgins> But it probably shouldn't have. 20:39:20 <brian__> possibly, but it sure made it easy and it does warn you about performance, etc. 20:39:22 <DavidWHodgins> The db server to use has to be a choice 20:39:54 <brian__> got it, then 12.03 is fine, just painful to build 20:40:03 <brian__> quite painful 20:40:16 <DavidWHodgins> If I have a mysql server running, I don't want to be forced to install an sqlite server too. 20:40:38 <brian__> and it won't, it just offers that as an option during first startup 20:40:56 <lewyssmith> I thought sqlite was self-contained with its application. 20:41:36 <brian__> you can pick mariadb, mysql in 12.03. 11.03 recommended them, but offered sqlite which is my choice because it is. 20:41:50 <DavidWHodgins> There is a seperate package called nextcloud-sqlite 20:42:12 <brian__> I'll try another round with that included and see what splatters 20:42:35 <brian__> in such case, it is just documentation. 20:43:05 <brian__> thanks for engaging me on this. 20:43:27 <DavidWHodgins> Ok, Other updates. :-) 20:44:04 <DavidWHodgins> I haven't tried running the vb update yet. It installs ok. WIll test it after the meeting. 20:44:27 <DavidWHodgins> bug 22399 I haven't looked at yet. 20:44:29 <[mbot> Bug: ['gdk-pixbuf2.0 new security issue CVE-2017-1000422', 'ASSIGNED', 'QA Team'] https://bugs.mageia.org/show_bug.cgi?id=22399 20:44:46 <lewyssmith> It will be done. 20:44:51 <DavidWHodgins> That's it for updates. :-) 20:44:59 <lewyssmith> Hardly any. 20:45:08 <DavidWHodgins> #topic * Anything else 20:45:18 <wilcal> Not from me 20:45:19 <brian__> nothing here 20:45:26 <lewyssmith> Not here. 20:45:31 <DavidWHodgins> Looks like countdown time then. 20:45:35 <DavidWHodgins> T - 5 20:45:38 <DavidWHodgins> 4 20:45:38 <wilcal> bye all 20:45:41 <DavidWHodgins> 3 20:45:43 <DavidWHodgins> 2 20:45:46 <lewyssmith> Goodbye everyone. 20:45:46 <DavidWHodgins> 1 20:45:55 <DavidWHodgins> Thanks for coming everyone! 20:46:00 <DavidWHodgins> #endmeeting