| - bkeys (QUIT: Read error: Connection reset by peer) (~Thunderbi@8.sub-97-181-39.myvzw.com) | 00:06 | |
| + bkeys (~Thunderbi@134.22.115.162) | 00:15 | |
| - bkeys (QUIT: Ping timeout: 245 seconds) (~Thunderbi@134.22.115.162) | 00:19 | |
| Svp | netbsd on i.mx would be quite nice. i'm a little surprised that it was never really a target for reform SoMs, the OS that of course runs on anything on an open platform with extremely swappable processors wouldnt be a bad match at all, but im aware resources are limited here | 00:21 |
|---|---|---|
| + bkeys (~Thunderbi@98.19.131.29) | 00:49 | |
| minute | josch: https://security-tracker.debian.org/tracker/CVE-2026-31431 | 00:54 |
| lidstah | https://copy.fail/ ooch | 00:56 |
| minute | yeah was gonna post that now :D | 00:57 |
| kfx | not clear why they're focusing so hard on setuid, since this is a page cache attack | 00:57 |
| kfx | you could modify the text segment of any privileged process to do this, as long as you can open() the file in the page cache | 00:58 |
| lidstah | minute: yep, got an alert on that one here | 00:59 |
| lidstah | although no algif_aead module on the reform so, should be safe | 01:00 |
| lidstah | tested their PoC on a amd64 vm tho, instant root | 01:00 |
| - mjw (QUIT: Ping timeout: 244 seconds) (~mjw@gnu.wildebeest.org) | 01:04 | |
| lidstah | ACTION is contemplating the metric ton of work awaiting him tomorrow and next week :') | 01:04 |
| - pomel0 (QUIT: Read error: Connection reset by peer) (~pomel0@user/pomel0) | 01:06 | |
| + pomel0 (~pomel0@user/pomel0) | 01:06 | |
| josch | minute: luckily, the problem was fixed in Debian unstable two weeks ago, so the MNT repos ship the fixed version | 01:07 |
| josch | personally, i'm rather worried what to do with my Debian stable boxes because no fixed kernels seem to be in the respective security repositories yet XD | 01:08 |
| - lanodan (QUIT: Quit: WeeChat 4.7.2) (~lanodan@2a01:e0a:d6:9930::35) | 01:10 | |
| kfx | build your kernel with CONFIG_CRYPTO_USER_API=n | 01:10 |
| minute | josch: oh noice, i was wondering | 01:10 |
| + lanodan (~lanodan@2a01:e0a:d6:9930::35) | 01:15 | |
| josch | kfx: i now also read about: echo "install algif_aead /bin/false" > /etc/modprobe.d/disable-algif.conf | 01:16 |
| josch | and then rmmod algif_aead | 01:16 |
| kfx | yeah that would prevent the module from loading | 01:16 |
| kfx | but the kernel bug still remains | 01:16 |
| josch | right | 01:16 |
| kfx | the PoC on the disclosure would stop working | 01:16 |
| kfx | but any program can still use the same tricks on a running process like sshd or systemd | 01:17 |
| kfx | (poor RHEL admins have to deal with the fact that this is =y instead of =m in their kernels) | 01:17 |
| - switchy (QUIT: Ping timeout: 244 seconds) (~switchy@mechboards/switchy) | 01:51 | |
| + switchy (~switchy@mechboards/switchy) | 01:52 | |
| - elektron (QUIT: Ping timeout: 244 seconds) (~elektron@apoc.halo.nu) | 01:54 | |
| + elektron (~elektron@apoc.halo.nu) | 01:55 | |
| - pomel0 (QUIT: Ping timeout: 255 seconds) (~pomel0@user/pomel0) | 02:04 | |
| + pomel0 (~pomel0@user/pomel0) | 02:04 | |
| - pomel0 (QUIT: Ping timeout: 245 seconds) (~pomel0@user/pomel0) | 02:09 | |
| - cwebber (QUIT: Quit: crossing the threshold of Lugonu's domain) (~Christine@user/cwebber) | 02:11 | |
| + cwebber (~Christine@user/cwebber) | 02:12 | |
| + pomel0 (~pomel0@user/pomel0) | 02:14 | |
| - pomel0 (QUIT: Ping timeout: 244 seconds) (~pomel0@user/pomel0) | 03:59 | |
| - wickedshell (QUIT: Ping timeout: 276 seconds) (~wickedshe@2601:8c0:c7c:3572:35f:f736:cf9f:1ef) | 04:09 | |
| - paperManu (QUIT: Ping timeout: 246 seconds) (~paperManu@204.244.197.237) | 04:09 | |
| - jjbliss (QUIT: Quit: nyaa~) (jjbliss@infinity.garden) | 04:16 | |
| - vagrantc (QUIT: Quit: leaving) (~vagrant@2600:3c01:e000:21:7:77:0:50) | 04:22 | |
| + pomel0 (~pomel0@user/pomel0) | 04:32 | |
| - pomel0 (QUIT: Read error: Connection reset by peer) (~pomel0@user/pomel0) | 04:48 | |
| + wickedshell (~wickedshe@2601:8c0:c7c:3572:eba7:2582:bfa0:f1b5) | 06:14 | |
| + pomel0 (~pomel0@user/pomel0) | 06:49 | |
| - cli (QUIT: Remote host closed the connection) (~m-vsauiy@user/cli) | 07:14 | |
| + mlarkin (~mlarkin@syn-076-081-194-027.biz.spectrum.com) | 07:14 | |
| + cli (~m-vsauiy@user/cli) | 07:17 | |
| - mlarkin (QUIT: Quit: leaving) (~mlarkin@syn-076-081-194-027.biz.spectrum.com) | 07:24 | |
| + mlarkin (~mlarkin@syn-076-081-194-027.biz.spectrum.com) | 07:26 | |
| + sad_plan (sadplan@tilde.club) | 07:39 | |
| + aloo_shu_ (~aloo_shu@90.166.99.86) | 07:55 | |
| - aloo_shu (QUIT: Ping timeout: 264 seconds) (~aloo_shu@85.51.16.230) | 07:57 | |
| * aloo_shu_ -> aloo_shu | 07:57 | |
| orva | josch: well, if you are only user in the system and do not host VMs there is nothing really to worry about? | 08:27 |
| orva | I mean, it requires local user account. So attacker needs way to get in first | 08:28 |
| orva | I kinda love and hate the "Copy Fail requires only an unprivileged local user account — no network access, no kernel debugging features, no pre-installed primitives." | 08:29 |
| orva | That local account is quite big "only" x) | 08:30 |
| gordon1 | josch: i'm now using hwdec=v4l2request instead of hwdec=v4l2request-copy for mpv for a while (weeks?) now and didn't observe any artifacts or issues, ffmpeg-8.1 (with patches), kernel 6.19.13 | 08:30 |
| - pomel0 (QUIT: Ping timeout: 245 seconds) (~pomel0@user/pomel0) | 08:35 | |
| josch | gordon1: nice! linux 7.0 includes the rk3588 patches, so i was able to drop that stack | 08:35 |
| gordon1 | yep, just noticed that, already building | 08:35 |
| gordon1 | well, doing oldconfig to be precise | 08:36 |
| josch | gordon1: your usb-hub project motivated me to solder wires to the D+ and D- pins of a mini pci-e to M.2 adapter. Goal: put that into the classic Reform such that I can install cards like the intel ax210 and have wifi *and* bluetooth in the classic | 08:41 |
| gordon1 | actually yeah there are much less rk3588 patches now than in 6.19, so good | 08:41 |
| gordon1 | oh yeah, that should work | 08:42 |
| gordon1 | and you can crimp only two wires for the JST connector instead of four | 08:42 |
| josch | exactly! \o/ | 08:42 |
| josch | and for the other usb i found a quectel card (i think it was even you who recommended it?) which happily works with usb only | 08:43 |
| gordon1 | if that was quectel eg25-g then it was either me or some other smart person :D | 08:44 |
| gordon1 | it can even do voice over usb audio | 08:45 |
| gordon1 | though after some tedious configuration first | 08:45 |
| josch | ah yes the smart person was you: https://mntre.com/reform-irc-logs/2026-01-02.log.html | 08:49 |
| gordon1 | oh wow nothing red in dmesg after reboot | 09:20 |
| orva | Is that "oh wow, this is nice" or "oh no, what did I miss" kind of wow x) | 09:35 |
| gordon1 | a bit of both? | 09:42 |
| grimmware | That disclosure is absolute dogshit an we’re seeing a whole wave of AI security startups finding legitimate bugs and supply chain attacks but have failed to do half of the actual work and instead run to disclose because they’re not disclosing, they’re advertising. | 09:42 |
| gordon1 | ok fine in 7.0.1 there's still an issue with that flooding the dmesg | 09:49 |
| gordon1 | devfreq fb000000.gpu: Couldn't update frequency transition information. | 09:49 |
| orva | grimmware: afaik it was done nicely https://social.treehouse.systems/@mgorny/116492043427737062 | 09:53 |
| orva | LTS kernel side process has failed in this case | 09:54 |
| grimmware | So they just disclosed it anyway | 09:55 |
| orva | Well, if kernel peeps say "nice, gotcha, fixes applied" it seems me okay thing to do | 09:55 |
| orva | If ball was dropped somewhere and they didn't get the memo (well, no one got it) I can't _really_ blame them | 09:56 |
| grimmware | I mean you kinda can given that this workflow with downstream distros has existed for decades | 09:57 |
| orva | And TBF, it is just a LPE | 09:57 |
| grimmware | Which they hyped | 09:57 |
| grimmware | Less than a month between mainline fix and disclosure for something that, let’s be honest, nobody else was going to go looking for in the meantime. | 09:58 |
| grimmware | Coulda just waited. | 09:58 |
| grimmware | Like nominally the whole point of disclosure is meant to be so people get patched, so when that doesn’t happen when it would be so easy to track whether patch’s are happening downstream it’s kinda hard to say “great job” | 10:00 |
| grimmware | They literally failed the easy bit | 10:01 |
| grimmware | Honestly bored of dealing with vendors using disclosure hype to advertise their products at the expense of the people actually trying to keep people safe. | 10:02 |
| orva | Like, the patches have been in the newest LTS for while? I understood there has been several 6.18.x releases with the patches, from which one could deduce that those have also been backported to 6.12 and 6.6 as well. Like those things _normally_ work | 10:03 |
| orva | This time, for some reason, kernel LTS peeps have dropped the ball at some point | 10:04 |
| orva | I agree that the disclosure hype thing is toxic, but in this case I think the fault does not lie in that | 10:04 |
| grimmware | How hard would it have been for this vendor to verify the patches had landed in LTS distros? | 10:05 |
| grimmware | I should add in here that they obfuscated their PoC | 10:06 |
| grimmware | For like, no reason other than to bang on about how small the script was | 10:06 |
| grimmware | I really agree: someone dropped the ball. That could have just been a rectified oversight, the vendor could have helped | 10:07 |
| josch | grimmware: +1 | 10:08 |
| grimmware | This is the same bullshit that the cybersecurity industry has been doing for decades, and it’s the misaligned incentive that makes my job (incident detection and response) harder every day of the week | 10:08 |
| josch | grimmware: what are you working at/as if that's something you can disclose? | 10:09 |
| grimmware | Some people on the kernel team are volunteers, I doubt any of the vendor team are. | 10:09 |
| grimmware | Like I’m on call this week and I have to see shit like that in the news and try to wade through the bullshit in order to decide whether we can patch in our usual cycle or do I have to upset people. I spend much of my time these days trying to discern how full of shit the vendor is. | 10:11 |
| grimmware | Even with the supply chain attack stuff where the immediate disclosure is genuinely helpful | 10:12 |
| [tj] | I’m glad I’m not yet doing the security job, I’m sure the new place don’t have a kernel hacker to ask questions | 10:26 |
| grimmware | josch: I’m tech lead on an incident detection and response team at a mid sized web property I guess is a way you could put it | 10:26 |
| grimmware | [tj]: once you become the FUD detector enjoy your job security :) | 10:27 |
| [tj] | I’m excited | 10:28 |
| [tj] | Then I can write device driver for obscure things again | 10:28 |
| grimmware | I think you’ll have more fun. | 10:28 |
| josch | grimmware: oh dear, then you are at the frontline right now -- good luck!! | 10:32 |
| josch | my current hobby: finding 1 MB large minified javascript files without source and nobody bothers... | 10:33 |
| grimmware | Aaaand there it is like clockwork, somebody opened a security incident yesterday after I decided not to bother because they saw the disclosure post. | 10:34 |
| grimmware | Exactly the thing I was trying to avoid. | 10:34 |
| + mjw (~mjw@gnu.wildebeest.org) | 10:47 | |
| - MartiniMoe (QUIT: Quit: https://quassel-irc.org - Chat comfortably. Anywhere.) (~quassel@user/MartiniMoe) | 11:01 | |
| + MartiniMoe (~quassel@user/MartiniMoe) | 11:04 | |
| orva | What I have gathered that non-newest LTS kernels are mostly handed by companies that actually ship those kernels so RHEL, IBM, Amazon, etc. And those companies dropped the ball, most likely because they are too busy burning their money in LLM circus to keep their customer operations rolling properly. So I can see why some small "infosec" (I really dislike that term) company is not willing to be ignored for months by multi billion companies :/ | 11:15 |
| orva | The situation is shit for volunteer driven distros like Debian which are dependent on scraps that those big players hand out | 11:15 |
| orva | But let's be honest, companies who care about that are very far and between and are small themselves to really affect the situation | 11:16 |
| orva | And those publicity funded infosec companies have no runway to do that either | 11:17 |
| josch | orva: these days, a lot of things in Debian get done simply because those who do are employed by somebody who pays them for it. Some of the very active people in the kernel team are paid to do exactly that work as their day job. | 11:18 |
| orva | Well that is nice to hear! | 11:20 |
| orva | But yeah... my work happens in healthcare sector and this publicity+circus is not something that is welcome day before public holiday | 11:23 |
| orva | I just hope that healtcare district datacenters don't do panic moves with this and cause debugging times during the weekend.. | 11:23 |
| josch | orva: it sometimes also goes the opposite way and things get done because $company finds it a good idea even though the unpaid volunteer crowd is not a fan of the change :) | 11:30 |
| - amk (QUIT: Remote host closed the connection) (~amk@user/amk) | 12:09 | |
| + amk (~amk@user/amk) | 12:10 | |
| + reformer (~reformer@softboy.mntmn.com) | 12:11 | |
| - mjw (QUIT: Ping timeout: 245 seconds) (~mjw@gnu.wildebeest.org) | 12:21 | |
| + mntirc (~mntirc@softboy.mntmn.com) | 12:31 | |
| mntirc | woops, had some server (esp mailserver) trouble and had to reboot that machine | 12:31 |
| * mntirc -> minute | 12:31 | |
| * ChanServ changed mode (+o, minute) | 12:32 | |
| + paperManu (~paperManu@204.244.197.237) | 12:35 | |
| * Guest379 -> mjw | 13:02 | |
| grimmware | So we're all in agreement that this is a pretty awful situation for unpatched end users that could have been avoided if the people who disclosed it cared enough to post their ad a bit later. These distros don't stonewall people on LPE kernel patches, they clearly made a mistake because communication was bad internally or externally. Fuck it, they could have waited until a slower news day. | 13:09 |
| grimmware | IMO this disclosure sucks because it hurt people whose fault it wasn't and it didn't need to. I feel the counter argument is saying that scoring a goal is scoring a goal, regardless of whether you kick your teammate in the face in order to do it when you could have just not. | 13:12 |
| grimmware | well no | 13:12 |
| grimmware | to clarify, I think that's a great poetic device to describe the thrust of my argument, implying any equivalence or that the moral argument lives in a vacuum is simplistic and insincere | 13:13 |
| orva | Yeah. I don't like anything in the whole mess. All sides who have money to earn in this situation have performed poorly in many ways and it is everyone downstream who are gettin hurt by it | 13:47 |
| orva | But must say, I especially enjoy the end of week announcement and LLM obfuscated POC >.> | 13:47 |
| orva | Classy move. Peak advertisement potential | 13:48 |
| grimmware | it's kind of the norm now | 13:51 |
| grimmware | it's going to get a lot worse before it gets any better | 13:51 |
| minute | i'm sure AI will fix this ;)) | 14:05 |
| josch | haha :( | 14:37 |
| - paperManu (QUIT: Ping timeout: 248 seconds) (~paperManu@204.244.197.237) | 14:43 | |
| + wielaard (~mjw@gnu.wildebeest.org) | 14:59 | |
| * mjw -> Guest4591 | 14:59 | |
| - Guest4591 (QUIT: Killed (calcium.libera.chat (Nickname regained by services))) (~mjw@2001:1c06:2486:4600:5952:3a9:6e0e:555a) | 14:59 | |
| * wielaard -> mjw | 14:59 | |
| + Guest4591 (~mjw@2001:1c06:2486:4600:5952:3a9:6e0e:555a) | 14:59 | |
| + paperManu (~paperManu@modemcable141.205-200-24.mc.videotron.ca) | 15:14 | |
| - qbit (QUIT: Remote host closed the connection) (~qbit@user/qbit) | 15:18 | |
| - mjw (QUIT: Ping timeout: 245 seconds) (~mjw@gnu.wildebeest.org) | 15:28 | |
| * Guest4591 -> mjw | 15:32 | |
| minute | josch: i'm wondering if this system image (the latest in main) already ships the patched kernel. as it is from april 22 i guess there's a chance | 15:47 |
| minute | josch: https://source.mnt.re/reform/reform-system-image/-/jobs/20276/artifacts/browse | 15:47 |
| minute | hmm looks like my pocket reform is semi-vulnerable | 15:56 |
| minute | i have an older custom build of 6.19.8 | 15:57 |
| minute | the demo exploit changed the content of /usr/bin/su but with a x86 executable which then fails to run | 15:57 |
| + qbit (~qbit@user/qbit) | 16:02 | |
| minute | but also doesn't seem to work properly under box64 | 16:02 |
| + siviq (~siviq@user/siviq) | 16:21 | |
| - siviq (QUIT: Quit: Client closed) (~siviq@user/siviq) | 16:46 | |
| - marty (QUIT: Quit: WeeChat 4.6.3) (~marty@static-23-234-102-239.cust.tzulo.com) | 16:47 | |
| kfx | the demo exploit is pretty limited. in practice this vulnerability lets you edit any file, not just setuid stuff | 16:56 |
| - wytch (QUIT: Remote host closed the connection) (~wytch@user/wytch) | 16:57 | |
| + marty (~marty@146.70.171.118) | 17:00 | |
| + wytch (~wytch@user/wytch) | 17:07 | |
| - b0 (QUIT: Read error: Connection reset by peer) (~b0@user/b0) | 17:12 | |
| - johl (QUIT: Read error: Connection reset by peer) (~johl@wikidata/Jens-Ohlig) | 17:12 | |
| + b0 (~b0@user/b0) | 17:14 | |
| + johl (~johl@wikidata/Jens-Ohlig) | 17:14 | |
| minute | kfx: right | 17:27 |
| + wielaard (~mjw@gnu.wildebeest.org) | 17:51 | |
| - f_ (QUIT: Remote host closed the connection) (16abab341f@postmarketOS/funderscore) | 17:54 | |
| + f_ (16abab341f@postmarketOS/funderscore) | 17:55 | |
| - wielaard (QUIT: Ping timeout: 255 seconds) (~mjw@gnu.wildebeest.org) | 18:37 | |
| + pomel0 (~pomel0@user/pomel0) | 18:51 | |
| josch | minute: at the end of the log you can see which kernel is included in the system image https://source.mnt.re/reform/reform-system-image/-/jobs/20276 it's 6.19.13-1+reform20260409T045900Z | 19:01 |
| josch | so it's fixed there | 19:01 |
| josch | minute: Cyril Brulebois posted earlier today about how to restore a system where one ran the copy.fail PoC back to its original state: https://mamot.fr/@CyrilBrulebois/116492928617680223 | 19:03 |
| - pomel0 (QUIT: Remote host closed the connection) (~pomel0@user/pomel0) | 19:06 | |
| + pomel0 (~pomel0@user/pomel0) | 19:06 | |
| - pomel0 (QUIT: Remote host closed the connection) (~pomel0@user/pomel0) | 19:08 | |
| + pomel0 (~pomel0@user/pomel0) | 19:28 | |
| - Sario (QUIT: Quit: WeeChat 4.7.1) (sario@libera/staff/owl/sario) | 19:35 | |
| + sario528 (sario@libera/staff/owl/sario) | 19:40 | |
| minute | josch: great, thank you | 19:43 |
| minute | i just managed to make basic uart-usb using the system controller (rp2350a) on reform next | 19:44 |
| minute | it has a dedicated usb uart but i was like, i want both at the same time on one usb port right now :D | 19:44 |
| minute | i.e. control/debug SC and talk to SoC linux over the same line | 19:45 |
| + vagrantc (~vagrant@2600:3c01:e000:21:7:77:0:50) | 19:45 | |
| * sario528 -> Sario | 19:58 | |
| - aloo_shu (QUIT: Ping timeout: 248 seconds) (~aloo_shu@90.166.99.86) | 20:04 | |
| + aloo_shu (~aloo_shu@90.166.99.86) | 20:08 | |
| - pomel0 (QUIT: Ping timeout: 255 seconds) (~pomel0@user/pomel0) | 20:09 | |
| + pomel0 (~pomel0@user/pomel0) | 20:10 | |
| + vyvv (~vyvv@user/vyvv) | 20:13 | |
| - pomel0 (QUIT: Ping timeout: 245 seconds) (~pomel0@user/pomel0) | 20:15 | |
| + pomel0 (~pomel0@user/pomel0) | 20:15 | |
| + siviq (~siviq@user/siviq) | 21:24 | |
| - siviq (QUIT: Client Quit) (~siviq@user/siviq) | 21:26 | |
| - paperManu (QUIT: Ping timeout: 252 seconds) (~paperManu@modemcable141.205-200-24.mc.videotron.ca) | 21:27 | |
| + paperManu (~paperManu@modemcable141.205-200-24.mc.videotron.ca) | 21:28 | |
| vagrantc | hrm. linux 6.19.14 has been giving me trouble with ethernet not coming up on mnt/reform classic rk3588 | 21:46 |
| vagrantc | earlier 6.19 versions were working for me ok ... i *think* | 21:47 |
| vagrantc | *sometimes | 21:47 |
| vagrantc | * rebooting fixes it ... | 21:47 |
| vagrantc | manually re-running the things from reform-hw-setup do not seem to help | 21:48 |
| vagrantc | seems to be a problem with 6.18.25 too ... meh. usb ethernet workaround for the meantime... | 22:07 |
| - paperManu (QUIT: Ping timeout: 248 seconds) (~paperManu@modemcable141.205-200-24.mc.videotron.ca) | 22:07 | |
| - vagrantc (QUIT: Quit: leaving) (~vagrant@2600:3c01:e000:21:7:77:0:50) | 22:09 | |
| + vagrantc (~vagrant@2600:3c01:e000:21:7:77:0:50) | 22:17 | |
| - pomel0 (QUIT: Ping timeout: 255 seconds) (~pomel0@user/pomel0) | 22:24 | |
| + pomel0 (~pomel0@user/pomel0) | 22:24 | |
| - TadeusTaD (QUIT: Remote host closed the connection) (tadeustad@user/TadeusTaD) | 22:31 | |
| + TadeusTaD (tadeustad@psifactor.pl) | 22:44 | |
| - TadeusTaD (QUIT: Changing host) (tadeustad@psifactor.pl) | 22:44 | |
| + TadeusTaD (tadeustad@user/TadeusTaD) | 22:44 | |
| + paperManu (~paperManu@204.244.197.237) | 22:48 | |
| + wielaard (~mjw@gnu.wildebeest.org) | 22:50 | |
| - kensanata (QUIT: Quit: OK) (~alex@user/kensanata) | 23:36 | |
| - vyvv (QUIT: Ping timeout: 255 seconds) (~vyvv@user/vyvv) | 23:38 | |
| minute | josch: weird https://source.mnt.re/reform/reform-debian-packages/-/jobs/20369#L975 | 23:39 |
| minute | aarch64-linux-gnu-gcc: error: unrecognized command-line option ‘-mmedium-calls’ | 23:40 |
| minute | aarch64-linux-gnu-gcc: error: unrecognized command-line option ‘-mno-sdata’; did you mean ‘-fno-stats’? | 23:40 |
| + vyvv (~vyvv@user/vyvv) | 23:47 | |
| - vyvv (QUIT: Client Quit) (~vyvv@user/vyvv) | 23:49 | |
| josch | minute: that one is a red herring | 23:55 |
| josch | minute: the actual error is: | 23:55 |
| josch | Error: /build/reproducible-path/linux-6.19.14/arch/arm64/boot/dts/qcom/qcs6490-mnt-pocket-reform.dts:112.1-21 Label or path sound_primary_codec not found | 23:55 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!