06:36 <sphalerite> So I've just discovered a security vulnerability in nixos. Fortunately it's behind an option that's used quite rarely as far as I know. Really weird how I came up with this though, I was still half-asleep and I dreamt that someone complained about it on IRC

06:38 <sphalerite> I'll report it appropriately, I'd say it's not something we need to keep too quiet before it's fixed, but I'll leave that up to the security team to judge :)

07:10 <andi-> sphalerite: thank you for caring! :)

07:10 <sphalerite> what a weird way to come up with a vuln though

07:43 <andi-> lets first fix it and then discuss about that ;-)

08:02 <sphalerite> It's really not such a big deal I'd say, but you can judge for yourself once it's public :p

08:07 <pie__> heh

08:07 <pie__> would a general vuln category be TMI?

08:16 <sphalerite> well, crap. Enigmail's UI confused me and I sent the email unencrypted -_-

08:17 <sphalerite> oh well

08:20 <pie__> :/

14:40 <andi-> Slightly out of our scope: https://edk2-docs.gitbooks.io/security-advisory/content/unauthenticated-firmware-chain-of-trust-bypass.html

15:19 <samueldr> the greatest tragedy: Intel recommends that end-users contact their system manufacturers for updated system firmware.

15:20 <andi-> yeah

15:21 <andi-> sadly there is no such thing as a nixbook yet ;-)

15:23 <samueldr> the fun bit, also, is how do I know whether my system manufacturer's "platform" is subject to this CVE?

15:23 <samueldr> they sure as hell won't say "it's affected" if it's "out of warranty, thus isn't updated"

15:32 <andi-> yep