Http://paste.osmc.io/ <- how to remove logs from here

Hello All,

I like OSMC, but today it sent all my logs to the internet without asking me for that. I just wanted to upload them to a local share, what makes more sense than posting them publicly unencrypted.

But lets skip how unpro that is - how do I delete them from there?

They are purged automatically after some time. If you don’t provide the URL to anyone then it’s unlikely they will ever be viewed by anyone.[quote=“10fi, post:1, topic:13868”]
But lets skip how unpro that is
[/quote]
Unprofessional? YOU are the one who pressed the key that initiated the creation/upload of the logs. OSMC does not just upload logs without being directed by the user to do so. You made the error to upload logs by overlooking/ignoring the setting which simply saves them to local.

" If you don’t provide the URL to anyone then it’s unlikely they will ever be viewed by anyone."

Security by obscurity dude, they can viewed by bots and hackers with eg wfuzz. Or wget/curl with regular expressions.

And yeah, that is unpro, since I should be given a choice WHERE I want to upload. How am I to guess, that this will be published on the Internet, rather than being sent via ftp/smb to my NAS (what is exactly what I expected by upload).

So let me repeat the question: how do I remove the logs ?

no point in arguing with actiona he wont listen in anycase you could pm sam he has admin rights

If the option was not there to configure some local path then I don’t know where you got the expectation that they would be saved to some local location. The button you clicked says “Upload Selected Logs Now”

You don’t. Try not to make the mistake in the future.

Thanks mate, will do.

Profile - sam - OSMC Forums ← this sam ?

@sam_nazarko

Logs are purged once a month, I think.
Unless all your personal info is in the logs, I wouldn’t worry about it.
Let’s not turn this into a drama, regardless of former comrade toast’s input and advice.

I see you have quite some history here…

Anyhow - that is request from me AND a security issue we are talking about. I’m asking for a reason, not a drama.

What kind of PII (personally identifiable information) are we talking about here? I just looked over my log files (and I uploaded the whole shebang), and I don’t see any personal information. I suppose the IP address is there, and maybe I’m less caring than some, but I don’t see that as very sensitive.

If there are specific bits of PII that should be removed, maybe pointing out exactly what those are could help the dev team filter those out of log files during the auto-upload process?

Over all, personal information is hardly useful in a log file so I can see the logic in not including it. But, as stated, I also don’t see any in the logs.

Unlike you… and if you wish to have a history here I suggest you change your attitude.

You must understand what “upload logs” means, I doubt you Googled a definition after you clicked “submit/OK”
The chances of anyone getting the correct string to retrieve your logs that you knowingly uploaded are pretty darn slim, really really slim.

What are the chances that an automated bot search could score a hit with this link?
http://paste.osmc.io/quponamime.hs

Are you concerned about your internal IP address… there’s no need to worry about that.

What I’ve seen:

1/ Network shares + Files names (e.g. Snowden\NSA_boot_camp) or simply names in file names (e.g. sources.xml or failed databases lookups)
2/ All sort of info which plugins/addons will dump to logs
3/ License numbers (e.g. “decode_MPG2=”)
4/ IP numbers
5/ Serial numbers of hardware (maybe MACs as well)
6/ Passwords (if you place by accident the password in login prompt, what happens to me quite often, since I have autologon in SSH client)
7/ Failed log-in logins
8/ NAS Host names
9/ SSH Client hostnames (quite likely to contain name)

I didn’t look at other users logs, but I guess much more could be found.

Why would I google “Upload logs” ??? That’s English.

1/ Network shares + Files names (e.g. Snowden\NSA_boot_camp) or simply names in file names (e.g. sources.xml or failed databases lookups)
Oh hi.
My network shares all point to my server called NobKitten.
This hosts my SQL and my media and many other service.
Hack me bro.

2/ All sort of info which plugins/addons will dump to logs
Point being?
These plugins and addons are most likely available to the public, and the code is out there for anyone to see right?

3/ License numbers (e.g. “decode_MPG2=”)
Only valid for your device as they are linked with the serial number of the rpi and useless to anyone else

4/ IP numbers
Internal ip addresses…
so?
Here’s mine.
Go wild.

5/ Serial numbers of hardware (maybe MACs as well)
See previous response.

6/ Passwords (if you place by accident the password in login prompt, what happens to me quite often, since I have autologon in SSH client)
So?
Unless you have enabled ssh access from external locations, which you’d be an idiot to do without changing the default port, nothing is going to happen.

7/ Failed log-in logins8/ NAS Host names
So?
My NAS ip addy is 192.168.1.10
root/C0pp3rFly!

Really go wild with that one.

9/ SSH Client hostnames (quite likely to contain name)
Please stop being a drama queen.

1. Who cares what your file names are?
2. Who cares what plugins addons you use?
3. Who cares what your mpeg2 codec is? It’s locked to the serial number of your Pi and useless to anyone else…
4. Guess what? Tens of thousands of ppl have a pi that has been assigned 192.168.1.69 as it’s IP address within their local LAN… Who would care?
5. Who cares what your MAC or serials are? Seriously?
6. Sounds like a personal problem to me… Seems someone so concerned with security would have developed better habits than to do something as wreckless as this…
7. Again, who gives a hoot? And why are you failing logins so often? Again, a personal issue of someone who purports to be overly security minded…
8. Within your LAN… Who cares… Someone so concerned with security certainly has an appropriately configured firewall…
9. No one outside your LAN cares about your hostnames…

For someone who wishes to be so security conscious, you sure don’t seem to have a very good understanding of your actual exposure…

Logs are uploaded so people can share them easily with anyone that might be able to help them with their issue. That necessarily means that they need to be public and not encrypted.

I am as sympathetic to your complaint as I would be to that of someone who insists that it is unprofessional to be left with the same hardware after they clicked on “Factory Reset”. Please stop being the reason companies have to write “Do not eat” on silica packets.

The way you guys got personal with my question assures me it is a waste of time to explain it further. I will not reply with similar aggressive replies to you as I don’t care about you.

Have fun.

@Karnage: Check Collins English Dictionary.

With your logs?

Nice one.

Everything that can be said has been said.

We are happy to remove the logs, but it should also be noticed they are not user discoverable.

Do that several times and we block the IP address. Crawlers are also not permitted on the paste site.

Sam