/srv/irclogs.ubuntu.com/2005/01/03/#ubuntu-devel.txt

sivangjust did an upgrade. weather applet is b0rked.12:01
sivangand also the window that offers to "delete from panel" the applet.12:01
sivangwooo everybody notice the all new rocking weather applet? much more locations per each country!12:07
sivangrocking!12:08
sivangit also has indications now for day/night time12:08
sivangit's not b0rked btw, I just had to remove them and readd them 12:09
=== wasabi [~wasabi@c-24-1-67-127.client.comcast.net] has joined #Ubuntu-devel
=== lamont__r [~lamont@phantom.acmeps.com] has joined #ubuntu-devel
amustrange d-i ppc has no 2.6 supportC[C[C[C[C[C[C[C[C[C[C[C[C[C[C12:44
ogra[C ?12:45
amukapute umlauts :) 12:46
ograhehe12:46
ogramine or yours ?12:46
amumine :) 12:46
ograthere were several requests on helping out with kubuntu in #ubuntu last night.... are you the person to point to amu ? or is it haggai ?12:48
amuwell the liveCd for amd64 was done 2 min. i sit for ppc now 3h :) 12:48
ograheh, 64 bit...12:49
amu..ooo i just spend some time to boost it up :) help if i can, haggai manage it. 12:49
ograok12:50
amuecho "Kernel $(KERNELMAJOR) not supported yet"12:52
ogra:(12:52
amuogra: the new live looks cool, yesterday i builded a horay and with d-i X started :) found some problems with mouse sound and net, finally he hole thing looks smart.12:57
ograsounds great ... :)12:58
ograi got my screensaver hack working with xft and half way with utf8 now :) learned a lot the last week ...12:58
amuit looks great :) as i said amd64 needs 2 minutes12:59
ograd-i just works ?12:59
amuyep01:00
ograwow, kudos to kamion.....tell me if you need tests, got a mac here and plenty of intel machines01:02
ograamu: and kudos to you as well indeed ;)01:02
amuhmm utf-8, that could be the reason why the non-latin langs looks worse, guess i've to change it to utf-8 01:03
ograi think its the policy for hoary to switch anything to utf801:04
amuogra: cool, the problem atm is most people are away :) a automatic xconfigurator is needed, have to wait for danielS01:05
ograamu: xresprobe does it currently... it is called by the postinst script of the xserver package....not sure if this also applies to xorg, but i guess so01:07
amuno prob, i use temp. the old mkxf86config 01:13
sivangdoes anybody know how I can patch a .deb pacakge as a whole? I have a patch that spans both the changlog and a file inside the source package01:24
sivangis there a "debpatch" ?01:24
amudpkg-repack?01:28
bob2no01:29
bob2sivang: you want to patch the source package?01:29
sivangbob2: yes :)01:30
sivangbob2: like in , extracting it, apply the comprehensive patch, repackage.01:31
bob2the source, not the binary, right?01:32
sivangbob2: is there a possibility to patch the bin pkg also? 01:33
bob2er, yeah, but why?01:34
bob2you patch the source, build it, install the new binary01:34
lamont_rKeybuk: btw, your mum got alsa-driver_1.0.7-2ubuntu1 way wrong, near as I can tell.01:42
Keybukleave my mum out of it01:45
ograheh01:45
Keybukmy mum is NOT part of Soyuz01:45
bob2cockfosters.01:45
Keybukbob2: I would consider it a personal favour if you could get some new jokes by April01:51
Keybukkthxbye :p01:51
lamont_rKeybuk: ok.01:54
=== jamesh [~james@203-59-217-65.dyn.iinet.net.au] has joined #ubuntu-devel
mojoCan someone migrate the python2.4-mysqldb from libmysqlclient10 to libmysqlclient14?02:46
mojoAnd besides, is librdf supposed to be based on libmysqlclient12? If not, y not make it base on libmysqlclient14?02:47
wasabiUGH02:48
wasabiUGH GUH GUH i dislike .udebs02:48
mojofabbione: sorry to make u wait, I just fell sleep, is nvidia-glx working well rite now or not? some ppl said to me not, but it did work here, not really sure it's my mistake or still a bug02:49
Kamionamu: d-i powerpc *defaults* to 2.6 :-)02:59
Kamionamu: it definitely has 2.6 support, I did it and it was the second port after i386 to get it ...02:59
Kamionwasabi: udebs are love02:59
wasabibuh03:00
wasabid-i should support .debs03:00
wasabifor those of us who have upgraded from floppy drives03:00
wasabiAll I need is curl. That's it.03:00
wasabi2 hours later I still haven't got it.03:00
Kamionwasabi: *sigh* no, I read the conversation on #debian-boot and there were a hell of a lot of misunderstandings in there03:03
Kamionnote EXTRAFILES in the d-i build system for quick hacks like what you're trying to do03:03
wasabigah.03:03
wasabiWell, actually, I was hoping it wouldn't be a "quick hack"...03:04
wasabiand I could do it right.03:04
wasabiFor upstream acceptence. There will be a lot of situations (for sitations like mine), where preseeding,a s it is right now, isn't usable.03:04
wasabipreseed/url is fairly insecure. ;003:04
wasabiwhere "lot" is ~= "few"03:05
Kamionudebs are really easy to produce. XC-Package-Type: udeb in the control file, build-dep on debhelper (>= 4.2), install stuff into the curl-udeb temporary build tree like you would do for any standard multi-binary package03:06
wasabiKamion, I tried that... dh_* broke because i think it moved hte files, instead of copying them03:06
Kamionwhat's wrong with wget though?03:06
wasabiwget doesn't do CA validation03:06
wasabifor SSL.03:06
=== rolfzor [~rolf@c-891072d5.02-118-73746f22.cust.bredbandsbolaget.se] has joined #ubuntu-devel
Kamionread the relevant dh_* documentation, it goes into this in a lot of detail03:06
wasabiOur deployment scenario: for windows.03:06
Kamionperhaps you're using dh_movefiles rather than dh_install03:07
wasabiWe distribute CD's. The CD's have a pub cert on them.03:07
sivangKamion: this is available on debhelpers main docs?03:07
Kamionsivang: man pages03:07
wasabiDifferent departments boot the CD, which uses DHCP to find a local isntallation server.03:07
sivangKamion: k,tnx03:07
wasabiThe installation server is verified against the cert and encrypted, just basic SSL. preseeding file is copied over.03:08
Kamionno particular reason why you couldn't convince the d-i build process to accept a .deb though03:08
wasabiUser is asked for his kerberos username/password.03:08
Kamionit would just, well, suck03:08
wasabiwell it would suck if you were trying to build floppies.03:08
Kamionperhaps busybox wget should be enhanced to support SSL then03:08
wasabiBut, i'd venture to say, nobody that uses ubuntu does that.03:08
Kamion*ahem* you don't read my e-mail :P03:08
wasabinormal wget doesn't support ca cerification.03:08
wasabiheh03:08
KamionI have a lot of requests for floppy support.03:08
Kamionwith good reasons.03:09
wasabicrazy.03:09
Kamionthe only reason we don't do it is that I haven't persuaded the 2.6 kernel to fit onto a floppy yet03:09
wasabiwell, MS dropped it, and it works for them. And that's the market I'm in.03:09
Kamionok, but MS drop old hardware much more readily than I'm willing to.03:09
wasabiyeah.03:09
wasabino, i follow you, it's great that it is floppiable.03:09
wasabiBut, for me, I really just want to Get It Done, without concerning myself with that.03:10
wasabiSince it has no bearing on my situation at all.03:10
Kamionsure.03:10
Kamionbut it should be a very trivial hack in the build system.03:10
wasabiI was just lookingn around d-i for the dpkg stuff to persuade it to do a .deb. And pointers?03:10
wasabis/and/any/03:10
Kamionlook at build/Makefile and build/get-packages I guess, to start with03:10
=== lordan [~lordan@205.177.65.128] has joined #ubuntu-devel
KamionI mean, it just uses dpkg to unpack the packages03:11
=== moyogo [~moyogo@Toronto-HSE-ppp3718050.sympatico.ca] has joined #ubuntu-devel
wasabiIt seems to rename the .deb's to .udeb.... and then install them03:11
wasabiand then promptly try to chroot03:11
Kamiondo the build as root03:11
wasabidid.03:11
Kamionfakechroot is a hideous hack and is unlikely to help you03:11
wasabistill no go... slightly different error. let me find it.03:11
Kamionwhat target were you building?03:11
Kamionrebuild_* is usual03:12
wasabibuild_netboot03:12
Kamionok03:12
KamionAFAIK the only things that try to chroot are the demo and shell targets03:13
wasabidpkg (subprocess): unable to execute new pre-installation script: No such file or directory03:13
wasabidpkg: error processing udebs/zlib1g.udeb (--unpack):03:13
wasabi subprocess pre-installation script returned error exit status 203:13
wasabiErrors were encountered while processing:03:13
wasabi udebs/zlib1g.udeb03:13
wasabisame error, but let me switch zlib1g to -udeb03:13
=== mdz [~mdz@69-167-148-207.vnnyca.adelphia.net] has joined #ubuntu-devel
wasabioh wait, can't do that. Provides doesn't support versioned stuff.03:13
wasabiSo, zlib1g it is.03:14
Kamionprovides do in d-i, you were misinformed.03:14
wasabiheh.03:14
=== AndyFitz [~andy@220-245-97-227-qld-pppoe.tpgi.com.au] has joined #ubuntu-devel
Kamionanna totally ignores versioning on provides03:14
Kamionalthough whether the build system will cope, I'm not sure03:15
wasabiwell with -udeb it fails because of deps03:15
wasabiThe following packages have unmet dependencies:03:15
wasabi  curl: Depends: zlib1g (>= 1:1.2.1)03:15
wasabiblah blah blah03:15
Kamionwhy don't I just put together a curl-udeb for you? it would be far easier03:15
wasabiThat would be super. As long as it makes it upstream. THe idea of using the .deb was to avoid maintaining my own curl package.03:16
wasabiI dont want to maintain anything except a config file. ;)03:16
wasabiAnd I'd like to venture most company's who would like to do this would think the same.03:16
KamionI'm not in the business of making promises about other people's packages; you get to submit it03:16
wasabiayup03:17
wasabiwill do then03:17
wasabiim a bit confused where I went wrong.03:17
KamionI don't really see why EXTRAFILES is unacceptable though03:18
Kamioncurl will not be accepted into mainstream d-i, I suspect03:18
wasabiit probably is, i just didn't know about it.03:18
Kamionsince it duplicates wget, and busybox wget should just be fixed03:18
wasabiwell, mainstream wget doesn' do ca validation either.03:19
wasabiSo, any preseed/url is inherentily insecure.03:19
Kamionsure, no reason why that feature could not be added though03:19
wasabitrue.03:19
Kamionapart from space, certainly03:19
Kamionbut it could be optional in some way03:19
Kamionsurely a big company doing a big deployment can just use preseed/file and do customised media?03:19
wasabiThat was where I started.03:20
wasabiThen I realized I might have to change the preseed file later.03:20
wasabiAnd redistributing CD's is... a big task.03:20
wasabiWell, a bigger task than currently done for windows, at least.03:20
wasabiSomehow I'm supposed to shoehorn kerberos into this too... but that's for another day.03:20
wasabiThis will be really slick when it's done, regardless.03:21
Kamionsigh, curl does use dh_movefiles03:22
KamionOTOH there should be a second build for the udeb anyway03:22
wasabii'll try extrawhatever03:22
Kamion(gcc -Os etc.)03:22
Kamionsee build/config/local for that, it has a commented-out example03:22
wasabiahh okay03:22
wasabisoon as this works, im making a packages/kerberos-auth or some such.03:22
Kamioncool03:24
mdzmorning03:26
wasabibasic procedure will be, user boots, system does auto detection stuff, dhcp. kerberos-auth fires up, auths to realm... stores in a key cache. preseed retreves it's file, authenticating using the ticket, sometime during setup it uses the admin interface to create a new principal on the server...03:26
wasabinot sure how I want to go about that one. Running base-config during the first boot would make it more seamless.03:26
Kamionwhat, pre-reboot?03:26
wasabiOtherwise... I've gotta hide the ticket away someplace dangerous during the reboot.03:26
wasabiYeah.03:27
Kamionhm. be warned, baseconfig-udeb does not work all that smoothly03:27
Kamionthere are lots of difficult-to-solve problems there03:27
wasabiYeah.03:27
wasabiSo, just not sure how I wnat to deal with it. A ticket might survive a reboot, just gotta put it someplace other than /tmp.03:27
wasabiBasically the user should only be asked for password (or creds... someday smart card) once, and creds should be stored for the duration of the process.03:28
Kamionincidentally, how do you know that there isn't a trojan DHCP server on the network?03:29
wasabiThat's why I have to do CA validation on the preseed file.03:29
Kamionfair enough, yeah03:29
wasabiThe CA is stored on the CD.03:29
=== Kamion is half asleep
Kamionan alternative might be to use apt's authentication support somehow03:29
wasabiyeah, I will have to use that too.03:29
Kamion(although of course that isn't implemented in d-i yet)03:30
wasabia rogue package sounds makes the entire thing pointless.03:30
wasabis/sounds/source/03:30
wasabiwell, guess I'll have ot wait for it then.03:30
wasabior help if I ever get a clue. :)03:30
Kamionanna would be the place to start there03:30
Kamionyou'd have to put the key in the initrd, of course03:31
wasabiYeah, It would be built with the image.03:31
Kamiondoesn't work for netboot though, fundamentally you have to trust something03:31
wasabicert revocation will have to be considered at some point too03:31
Kamionon the CD, you could just ignore the problem, since all the udebs are there anyway03:31
wasabibut I don't want to thinka bout that just yet03:31
Kamionthe udebs are exactly as trustworthy as the initrd03:32
wasabiYeah. I trust the CD.03:32
wasabiTHe CD extends trust to the network.03:32
wasabiAnd the network only trusts kerberos.03:32
wasabithere are nifty commercial apps for windows that do all this with 2 clicks.03:33
wasabithat's what im competing with basically.03:33
Kamiongenerate a Windows installer that uses kerberos auth, you mean?03:33
wasabi"please insert your windows key" *copying files* "choose your deployment server from the list"03:33
wasabiYeah.03:33
wasabiA boot CD for net installs.03:33
wasabiThat does all the stuff just mentioned.03:33
=== Kamion nods
wasabiYou click a button, and it pops out a CD image.03:34
wasabiHopefully this works out as I envisage it. There isn't a whole lot in the way. d-i provides most of the tools.03:37
wasabiDebian provides the rest (if I could just use .debs!)03:37
Kamionof course the other option is a gpg-signed preseed file03:37
Kamionwhich would allow you to defer many of the problems to the second stage03:37
=== tuo2 [~foo@adsl-36-114.swiftdsl.com.au] has joined #ubuntu-devel
wasabipreseed file has to be encrypted too.03:38
wasabican't move it across the network in clear text at least.03:38
Kamionok03:38
Kamionbut still, all you need is gpg03:38
wasabihmm. perhaps.03:38
Kamionit might well be worth avoiding the complexity of kerberos in the first stage03:38
wasabiOh definatly. Each peice of this is going to be a seperate d-i module.03:38
Kamionalso gpg-signed preseed files are much more likely to be officially supported :)03:38
=== tuo2 [~foo@adsl-36-114.swiftdsl.com.au] has joined #ubuntu-devel
Kamionsince they're much more generally applicable03:39
wasabiHmm.03:39
wasabiThat might remove the ssl requirement totally.03:39
wasabijust gpg encrypt it and be done03:39
Kamionelmo's away at the moment, but I'm sure he'd be amenable to a gnupg-udeb03:39
wasabiHmm... okay. Here's one requirement... im not familiar enough for gpg to know if it's doable.03:40
wasabiThe preseed file that is retrieved, must only be readable by somebody with a username/password, which is configurable remotely.03:40
Kamionnot just anyone with the CD?03:41
wasabiSomebody can't steal a CD to get the admin passes03:41
wasabicorrect03:41
wasabiThat's where the kerberos came in.03:41
Kamionso just put a passphrase on the key?03:41
Kamion(gpg)03:41
wasabithat can change.03:41
Kamionthat seems pretty straightforward03:41
wasabiIn the organization, there are many levels of IT... across the country.03:41
wasabiMany usere accounts.03:41
wasabiEverybody designated by the server should be able to install systems.03:42
Kamionyou can encrypt something to lots of keys03:42
wasabiAnd that list of people changes frequently.03:42
wasabiAs people come and go, etc.03:42
wasabiYeah yeah. It does move the preseed encryption to some process on the server, not just a one time thing.03:42
wasabicurl lets you use gssapi auth to retrieve from http.03:42
Kamionthe encrypted blob itself has no value ... it's only valuable with the passphrase, and the "username" could just be used to figure out where to get the blob from03:42
wasabiSo, simple kerberos auth, combined with ssl, takes care of both the problems... which is why I was heading in that direction.03:43
Kamionright, but since it's a more specialised solution it makes it more likely that you'll have to maintain it yourself :-)03:43
KamionI'm trying to think of more generalisable solutions.03:43
wasabiThe server process could update the preseed file as new people get the ability to use it.03:43
wasabigpg doesn't have any group concept, does it?03:43
wasabilike, encrypt something with a "group" key, added to each user's key.03:44
wasabiSounds very ungpg like03:44
Kamionum ... that's not meaningful03:44
wasabibut I'm not too familiar with it03:44
Kamionyou can have a keyring, not just a single key03:44
Kamionif you want a group key, just add that key to everybody's keyring in the group03:44
Kamionor encrypt a secret key with a user's key and send that secret key to them03:44
wasabiProtecting the preseed file with apache based on a ldap group membership is fairly straightforward. Not sure how that would work in a gpg situation.03:45
Kamionit's orthogonal to gpg.03:45
wasabiDoesn't deal with revocation though does it?03:45
Kamiondon't try to think of access control on downloads in the same context as gpg.03:45
jameshwasabi: how about HTTP basic auth to access the repository?03:46
wasabijamesh, I dont have a clear text password.03:46
Kamionif you want to revoke an encrypted blob and you've already given out the key, the only possible answer is to not give out the encrypted blob03:46
wasabiWell, I would if I kept it around.03:47
Kamiona multi-level key setup could fix that though03:47
jameshwasabi: well, basic auth over SSL is not too bad, and gives you a lot of flexibility at the server end ...03:47
Kamioni.e. don't give out the key, just give out the key used to encrypt a session key and decide whether to give out the session key on the fly03:47
wasabijamesh, makes future movement into the realm of smart cards hard too.03:48
wasabiin fact, so does gpg. =/03:48
Kamionseveral hardware crypto vendors support gpg03:48
KamionI used to work for one such03:48
wasabiI think the samba guys are working on implementing MS's kerberos extensions to support ticket authentication using a smart card... I doubt the same thing would work with gpg.03:49
Kamionapples don't work with oranges either :)03:49
wasabiand the aim is to displace what exists currently, which means i am a bit limited. ;)03:49
wasabialso have to fit into the existing infrastructure as much as possible.03:50
Kamionyou just need to make it look the same, it surely doesn't matter exactly how it works under the hood03:50
Kamionif the Windows GUI is a two-click thing it can't expose much of the implementation03:50
Kamiongenerating a key and sticking it in the right places could be entirely automated03:50
Kamionanyway, as it happens, you could certainly put a key on a smart card and have gpg use it, which is equivalent to ticket auth using a smart card, if done right03:51
wasabiwell, just thinking of my experiences, and the best way to capture the market.03:51
wasabiBecause that's my goal afterall, to see Ubuntu on every desktop. ;)03:52
Kamionit's all crypto. the protocol matters more than the implementation as far as making it work securely is concerned, so you're free to choose an implementation which is easiest to integrate with the software03:53
Kamionof course, when multiple different software stacks are concerned, this can get amusing03:54
wasabiIt's just that the existing software stack on the server side is already decided and unchangable.03:54
wasabiand I happen to like it too. ;)03:54
Kamiononly on *your* server side; other people have totally different server sides which are also decided and unchangeable in exactly the same way03:54
Kamionwhich makes a solution tailored to your server side a poor option for general-purpose implementation03:55
wasabiKamion, well, those who use Windows to do this, all do it the same way. ;)03:55
Kamionwith respect, I doubt that :)03:55
wasabiWell, other than Novell Netware, there is no other player in the market.03:55
wasabiActive Directory.03:55
Kamionmy housemate's a Windows sysadmin for a university, I don't believe he uses Kerberos at all03:56
wasabiDoes he use Active Directory?03:56
Kamionno idea03:56
wasabiBecause if he doesn't, he uses either Samba or Netware. :003:56
KamionI'm not an expert in the field, I'm just extremely sceptical that the market is that limited03:56
wasabiWelcome to MS-land.03:56
KamionSamba seems more likely03:56
Kamionproprietary software is anything but single-player, even in MS-land03:57
Kamionand anyway, Ubuntu deployments are not just about Windows replacements03:57
Kamionwe support Macs too, remember03:57
wasabiOpenDirectory03:57
wasabiKerberos and LDAP.03:57
wasabiActiveDirectory, Kerberos and LDAP.03:58
wasabisame tune differnet name.03:58
Kamionok, whatever, I need sleep03:58
wasabinight. Thanks for your help. :003:58
KamionI remain unconvinced that that's the right approach for preseeding03:58
wasabiMe too. Which is why we had this convo03:58
Kamionprimarily because it's a huge sledgehammer to crack a very small nut :)03:58
Kamionwhich is ALWAYS a bad idea where secure protocol design is concerned.03:59
wasabiWell, that's the thing. The protocols are already in place. I just want to use them.03:59
wasabianyways. im going to get cocoa. mmm03:59
Kamionwasabi: (mind you, I realise that doing the download of the preseed blob using SSL gives you protection against replay attacks more or less for free, assuming you believe in SSL. hmm.)04:04
=== mojo [~mojo@220-244-212-78-vic.tpgi.com.au] has joined #ubuntu-devel
mojoI have installed libneon24, but how come all OOo still base on the old version libneon23? Can someone confirm? Or is it my mistake?04:10
lamontmojo: Depends: libneon2304:39
=== Crushed_Cigar [~zinc@ACA61F85.ipt.aol.com] has joined #ubuntu-devel
lamontKamion: are the 20041222 daily CD's worth testing on ia64 and ppc?05:28
lamonts/testing/trying to use/05:28
=== lamont sleeps
=== wasabi [~wasabi@c-24-1-67-127.client.comcast.net] has joined #ubuntu-devel
=== ironwolf [~ironwolf@c-24-6-169-124.client.comcast.net] has joined #ubuntu-devel
fabbionemorning06:30
=== ironwolf [~ironwolf@c-24-6-169-124.client.comcast.net] has joined #ubuntu-devel
=== enrico [~enrico@enrico.developer.debian] has joined #ubuntu-devel
=== pitti [~martin@195.227.105.180] has joined #ubuntu-devel
pittiMorning07:37
=== pitti yawns
fabbionehey pitti07:39
pittiHi fabbione 07:39
pittiHad a good night?07:39
fabbionepitti: almost07:40
pittiI was awake half of the night :-(07:40
fabbionejdub: 2155 IS NOT A KERNEL PROBLEM 07:40
jdubfabbione: THANKS, LET ME KNOW WHAT WE CAN DO WITH IT07:41
jdubWHY ARE WE SHOUTING?07:41
fabbionejdub: BECAUSE YOU ARE ON THE OTHER SIDE OF THE WORLD AND I WANT YOU TO HEAR ME!07:42
kerganhahahhaha07:42
kerganoh you dint hear me HAHAHAHAHHAHAHAHAHHAHAHA07:42
fabbionejdub: i need you to check the hotplug / udev events and see why the device is not created.07:42
fabbionejdub: the kernel is not is charge to do such task07:43
enricofabbione: #ubuntu-doc mail arrived perfectly, thanks!07:57
fabbioneenrico: cool07:58
fabbioneenrico: do you need the backlogs?07:59
fabbioneenrico: they are on my ~ on people07:59
enricofabbione: you mean the previous days?  No, no need to, thanks07:59
fabbionegoody07:59
enricofabbione: (for the records, however, I don't have an account on people.ubuntu)08:00
fabbioneenrico: no need to have on.e08:00
enricoah, ok08:00
fabbioneever heard of that protocol that shares info on port 80? ;)08:00
enricofabbione: oh... that subversive protocol invented some time ago by those swiss terrorists that are trying to develop nuclear technology?08:11
fabbioneno.. i mean that protocol that is sucking all the internet bandwith in place of ftp, slowing down all my porn downloads08:12
enricofabbione: just download port from port 80 :)08:13
enricoWho should I talk with to have something like a baz sandbox that we docteam could experiment and play with?08:36
pittimdz: still awake?08:37
pittiKeybuk, Kamion, jdub: anybody out there?08:38
jdubi am for a moment08:38
pittijdub: I /msg you08:39
pittihaggai, amu: ping09:05
=== winkle_ [~winkle@lgh3814234.vittran.norrnod.se] has joined #ubuntu-devel
=== cenerentola [~cenerento@84.222.38.88] has joined #ubuntu-devel
=== mvo [~Michael@ip181.135.1511I-CUD12K-01.ish.de] has joined #ubuntu-devel
pittiMoin mvo10:29
mvohi pitti 10:34
=== ogra [~ogra@pD95F81E4.dip.t-dialin.net] has joined #ubuntu-devel
=== seb128 [~seb128@ANancy-151-1-50-81.w83-196.abo.wanadoo.fr] has joined #ubuntu-devel
pittiHi seb12811:09
seb128hey pitti 11:09
seb128how is the security stack going ?11:10
pittiseb128: today, downwards11:10
pittiseb128: yesterday I got two new mails for each processed one11:11
seb128:(11:11
seb128people spend the chrismast holidays to find security problems or what ? 11:11
seb128christmas even11:12
pittiseems so11:12
ajmitch_pitti: quite a pile to get through then?11:16
pittiajmitch_: yes, still11:17
=== Ygster [~ygster@marriere-1-82-67-136-38.fbx.proxad.net] has joined #ubuntu-devel
pittiKamion, Keybuk, jdub: anybody here? I need a native English speaker again...12:00
TreenaksI'm not a native speaker, but shout :)12:00
Kamionpitti: yep12:02
=== trulux [~lorenzo@67.Red-80-25-56.pooles.rima-tde.net] has joined #ubuntu-devel
=== herzi [~herzi@d021171.adsl.hansenet.de] has joined #ubuntu-devel
=== Ygster [~ygster@marriere-1-82-67-136-38.fbx.proxad.net] has joined #ubuntu-devel
=== rburton [~ross@82-133-111-179.dyn.gotadsl.co.uk] has joined #ubuntu-devel
=== trulux_ghost [~lorenzo@67.Red-80-25-56.pooles.rima-tde.net] has joined #ubuntu-devel
=== mojo [~mojo@220-244-212-78-vic.tpgi.com.au] has joined #ubuntu-devel
pittiMithrandir: ping01:49
=== trulux_ghost is now known as trulux
pittihaggai: ping02:04
sivangpitti: morning!02:08
pittiHi sivang!02:08
sivangpitti: oops, g'afternoon :)02:08
=== Ygster [~ygster@marriere-1-82-67-136-38.fbx.proxad.net] has joined #ubuntu-devel
seb128mvo: there was a point to sync ncb with debian ? I thought we had all the debian changes ...02:09
jordimvo: duuuude02:09
jordimvo: I am killing you. KILLING YOUUUUUUU.02:09
mvojordi: arrggg 02:10
=== jordi sharpens knives.
mvowhat did I do?02:10
=== jordi gets stones.
=== pitti gets out of the way
mvojordi: don't kill me!02:10
=== Treenaks puts up blood-proof transparent divisions
pittimvo: btw, can you sync packages yourself?02:10
jordimvo: duuuude, you imported synaptic's pot to rosetta, but not the zillion existing translations, so random people are re-translating it now, apparently.02:10
jordimvo: I'm getting a brand new, not-so-good translation in Catalan :)02:11
mvojordi: argggsss ... sorry. I'll fix this02:12
Treenaksmvo: same with Dutch02:12
Treenaksjordi: also with lots of other programs in rosetta (gconf..)02:12
mvoseb128: I think there where some "README.debian" updates in the upload I did02:12
seb128mvo: ok02:12
jordiTreenaks: yeh :(02:13
mvodaf: around?02:14
Mithrandirpitti: pong02:35
pittiMithrandir: just sent you a mail, regarding a mailman security issue02:36
Mithrandirpitti: ok, will look at it.02:36
pittiMithrandir: thanks02:36
truluxpitti, where cracklib looks for dicts in Ubuntu? i'm trying to build PAM with updated sleinux support and it says none found02:57
truluxbut already there's a one at /etc/dict.../words02:58
pittitrulux: you need to install a package that provides 'wordlist'03:00
pittitrulux: e. g. wenglish03:00
truluxpitti, kay03:01
pitti:q03:02
pittioops, wrong window03:02
pittitrulux: paths are in /etc/cracklib/cracklib.conf03:02
truluxpitti, ok, thanks03:03
=== enrico [~enrico@enrico.developer.debian] has joined #ubuntu-devel
=== ross_ [~ross@82-133-65-20.dyn.gotadsl.co.uk] has joined #ubuntu-devel
=== nobse [tretkowski@ridcully.inittab.de] has joined #ubuntu-devel
nobsehi03:36
nobsehaving binaries from one source package in main and universe sucks03:36
nobsecurrently, when I try to upgrade vim, vim-perl needs to get removed03:36
Kamionwhat does that have to do with binaries being in different components?03:37
Kamionunless you only have main in sources.list03:37
=== Simira [~rpGirl@ti511220a080-1277.bb.online.no] has joined #ubuntu-devel
nobseKamion: because the new vim package comes from the security repository03:38
Kamionso include warty-security universe03:38
Kamionthere was an oversight in warty's base-config that meant that this wasn't present as an example by default03:39
nobseups...03:39
nobseindeed03:39
nobseok, forget what I said03:40
=== nobse [tretkowski@ridcully.inittab.de] has left #ubuntu-devel []
=== moyogo [~moyogo@Toronto-HSE-ppp3718050.sympatico.ca] has joined #ubuntu-devel
=== edulix [~edulix@80.103.124.25] has joined #ubuntu-devel
edulixhey!03:57
edulixwhich is the command to start gnome ?03:58
edulixneeded here to use freenx03:58
=== zul [~chuck@zul.developer.gentoo] has joined #ubuntu-devel
ross_startx03:58
Treenaksross_: wrong window!03:58
ross_which calls gnome-session at some point 03:58
edulixah ok03:59
edulixlet's first try to start firefox03:59
Simiraseb128: know I've asked this before, but how do I delete my personal contacts in evolution? 04:09
seb128Simira: rm ~/.evolution/addressbook/local/system/addressbook.db ?04:09
TreenaksCtrl+A, Ctrl+D in the Contacts editor?04:10
=== Shad0 [~admin@ip68-97-167-152.ok.ok.cox.net] has joined #ubuntu-devel
Simiraseb128: I've deleted the whole address book, but it just reappears04:17
TreenaksSimira: empty or full?04:19
TreenaksSimira: did you kill evolution and evolution-data-server?04:19
SimiraTreenaks: killed evolution og dataserver, deleted addressbook catalogue, and restarted evolution04:20
TreenaksSimira: so now you have the empty Personal Address Book?04:21
SimiraTreenaks: that the point, I haven't04:21
Treenaksstrange!04:21
Simirayep04:22
=== Capri [~makolb@217.188.237.167] has joined #ubuntu-devel
lamontKamion: you around?04:32
=== edulix [~edulix@80.103.124.25] has left #ubuntu-devel ["Abandonando"]
=== boglot [~logbot@gw.workaround.org] has joined #ubuntu-devel
=== Ygster [~ygster@marriere-1-82-67-136-38.fbx.proxad.net] has joined #ubuntu-devel
makojdub: i just cribbed your attribution line.. well sort of (it's definitely jdub inspired)05:03
sivanganybody seen smurfix? 05:09
=== mdz [~mdz@69-167-148-207.vnnyca.adelphia.net] has joined #ubuntu-devel
=== bob2 [rob@202.174.101.196] has joined #ubuntu-devel
=== pitti [~martin@195.227.105.180] has joined #ubuntu-devel
pittiHi05:24
Keybukmoin05:27
zulhi pitti05:41
=== lamont installs a G3. kinda slow beast, it is.
Treenakscoolness.. my gaim segfaults06:10
=== Treenaks runs over to bugzilla
=== _rene__ [~rene@dsl-213-023-035-137.arcor-ip.net] has joined #ubuntu-devel
mdzpitti: I just slept for 14 hours; what's up? :-)06:20
=== _rene__ is now known as _rene_
smurfixsivang: yes06:27
pittiHi mdz 06:28
sivangsmurfix: regarding the webssite, do you have a nameserver we can use for the local domains?06:28
pittimdz: oh, now back to life? :-) 14 hours sounds good06:28
pittiKeybuk: here?06:28
sivangsmurfix: Or just use canonical's ? 06:28
pittimdz: lots and lots of security updates today..06:29
smurfixsivang: I can set one up, no problem.06:29
mdzpitti: unfortunately this is not uncommon around this time of year06:29
pittimdz: but I caught up pretty well; only a php issue and this mailman issue is left06:30
pittimdz: why at this time? Why do people look for holes at Xmas? :-))06:30
lamontgnome-pilot ftbfs in debian. sigh.06:30
pitti$ LANG=C apt-get source xine-lib06:31
pittiReading Package Lists... Done06:31
pittiBuilding Dependency Tree... Done06:31
pittiFATAL -> Failed to fork.06:31
pitti^^^ What the hell...?06:31
=== lamont [~lamont@mix.mmjgroup.com] has joined #ubuntu-devel
jdubso06:35
jdubwe totally need some way of marking (un)supported packages in apt and aptitude when just using the command line06:35
Keybukcoloured aptitude? :p06:38
=== mvo hides
Keybukmvo: you can hide, but you can't run ... wait ... reverse that06:39
mdzpitti: kids with time off from school, I suppose06:39
=== pitti laughs
pittiKeybuk: any idea about apt-get's fork failure?06:40
Keybuksounds like you ran out of processes?!06:40
sivangpitti: what apt-get fork was supposed to do?06:41
mdz   pid_t Process = fork();06:41
mdz   if (Process < 0)06:41
mdz   {06:41
mdz      cerr << "FATAL -> Failed to fork." << endl;06:41
Keybukthat means fork() returned -1 doesn't it06:41
Keybukthat's kinda bad in UNIX terms06:41
pittiright06:41
sivanglack of mem? :)06:41
pittiI meant whether you have encountered this already06:41
Keybuknope06:41
mdzI'll fix it to log a useful error in that case06:41
mdzbut I suspect ulimit or similar06:41
Keybukout of memory, resources, process handles, hit limits, etc.06:41
pittihmm, I don't think it's a resource problem though06:41
pittiI can start other processes06:42
jdubKeybuk: back-of-an-envelope estimate of boot time savings if /bin/sh -> dash?06:42
Keybukmdz: fork doesn't return useful errno ... mostly just EAGAIN06:42
Keybukjdub: none, didn't help06:42
Keybuk(we tried it :p)06:42
jdubKeybuk: ta06:42
pittiKeybuk: I have five processes running on the machine and 140 MB of free memory06:42
Keybukstrace it?06:42
=== pitti installs strace
Keybukplease tell me strace is in -base06:43
pittiKeybuk: http://www.piware.de/apt-get.trace.txt06:45
mdzKeybuk: of course it is06:45
pittiKeybuk: this is my server and it does not run Ubuntu (yet...)06:46
mdzjdub: once bash is in memory, it pretty much stays06:46
KeybukENOMEM (Cannot allocate memory)06:46
Keybukapt's probably eaten all of that 140MB06:46
pittid'oh06:47
Keybuk       ENOMEM fork  failed to allocate the necessary kernel structures because06:47
Keybuk              memory is tight.06:47
=== ferryfp [~ferry@gn-lwb-27f2f.adsl.wanadoo.nl] has joined #ubuntu-devel
mdzKeybuk: apt doesn't actually allocate a lot of kernel memory :-P06:48
=== jinty [~jinty@78.Red-213-96-3.pooles.rima-tde.net] has joined #ubuntu-devel
mdzand fork uses a tiny amount anyway06:48
mdzpitti: what kernel is it running?06:49
Treenaksmdz: it just mmaps a lot :)06:49
pittimdz: 2.6.906:49
Keybukuh, yeah ... fork returns EAGAIN if it's user memory that's short06:49
pittimdz: however, I just saw that I don't have a swap06:49
mdzweird06:49
Keybukhow odd06:49
pittibtw, it works fine as root06:50
mdzulimit06:50
pittimdz: no, it isn't06:50
pittibtw, now it works again06:50
pittimagically06:50
pittid'uh06:50
pittithanks anyway06:50
mdzmvo: are you here?06:51
mvomdz: yes06:51
=== lamont watches a dist-upgrade to hoary die a horrible mid-life crisis
mdzmvo: would it be a simple matter to move smartpm to python 2.4?06:52
mvomdz: does it not work with python2.4? 06:52
mdzlamont: hmm?06:52
mdzDepends: python2.3, libc6 (>= 2.3.2.ds1-4), python2.3-pycurl, python2.3-gtk2, python2.3-pexpect06:52
mdzlamont: I just upgraded my desktop, which hadn't been touched really since before Mataro, and it was flawless06:52
mvomdz: I'll port and upload a new version06:52
mdzmvo: thanks06:53
lamontmdz: gimp-data had errors (scrolled off the top), and left everything bust4ed06:55
lamont python-genetic: Depends: python (< 2.4) but 2.4-0ubuntu4 is installed06:55
lamont  python-geoip: Depends: python (< 2.4) but 2.4-0ubuntu4 is installed06:55
lamont  python-glade2: Depends: python (< 2.4) but 2.4-0ubuntu4 is installed06:55
mdzthere was a gimp/gimp-data upgrade in my session, and it worked for me06:55
lamontamong many others...06:55
lamontyeah - no real clue why it was annoyed06:56
mdzlamont: your mirror is out of date06:56
mdzmizar:[~]  apt-cache show python-genetic | grep Depends06:56
mdzDepends: python (<< 2.5), python (>= 2.4)06:56
lamontyeah - the warty version is still installed06:56
=== lamont uses some dpkg -i love on the machine.
mdzapt-get -f install didn't fix it?06:57
lamontand adds 'install warty and upgrade' to his list of tasks for the day06:57
lamontthat's always scared the hell out of me.06:57
lamontso I never do apt-get -f ...06:57
lamontshould I not be scared?06:57
mdzthere is no need to fear06:57
lamontok.06:58
truluxajmitch_, PAM and coreutils updated SELinux code out the box06:59
trulux;-)06:59
truluxwork done06:59
zuldang i was doing that this morning07:10
mdzmvo: it looks like the file permissions are wrong in your apt--mvo--0 tree07:11
mdzI just merged from it and the permissions were reverted07:11
mvomdz: which ones? of apt-key? or in po/ ?07:11
mdzmvo: po/07:12
pittiKeybuk: did you deliberately made -22 days of vacation? :-)07:13
mvomdz: should be fixed in patch-1007:15
mvomdz: sorry :/07:15
mdzmvo: no problem, I noticed before I committed07:16
mdzmvo: please check your other trees also07:16
=== Simira [~rpGirl@ti511220a080-1277.bb.online.no] has joined #ubuntu-devel
=== mxpxpod [~bryan@mxpxpod.user] has joined #ubuntu-devel
Kamionlamont: pong?07:23
mxpxpodfabbione: ping07:24
lamontKamion: I think I managed to answer my question...07:24
lamontwhich was: any known b0rkage with 12/22 daily CD's?07:24
Kamionhttp://cdimage.ubuntu.com/daily/20041222/report.html doesn't list anything07:25
Kamionanything else, not that I know of but it's always possible :)07:25
lamontcool - seems to be working on the G3, too.07:25
Kamionbonus07:26
lamontalthough I expect that X should actually _do_ something besides screen-blanking, eh?07:32
=== maskie [~maskie@196-30-111-248.uudial.uunet.co.za] has joined #ubuntu-devel
=== lamont bbiab
=== joshua__ [~joshua@24.48.147.43] has joined #ubuntu-devel
=== wasabi_ [~jhaltom2@64.25.11.66] has joined #ubuntu-devel
lamonthrmpf.  config-file questions from udev08:07
lamontand hal08:07
=== seb128 [~seb128@ANancy-151-1-48-250.w83-196.abo.wanadoo.fr] has joined #ubuntu-devel
pittilamont: oops? For which file (hal)?08:08
lamont /etc/dbus-1/event.d/20hal08:10
pittilamont: do you still have the old file?08:10
lamontand udev was /etc/udev/scripts/{ide,scsi}-devfs.sh and cdsymlinks.sh08:11
lamontprobably08:11
pittilamont: this is handled by /var/lib/dpkg/info/hal.preinst08:11
pittilamont: part of the file renaming hal -> 20hal08:11
pittilamont: I added an md5sum check into the preinst08:12
pittilamont: if the md5sum does not match, you are asked08:12
lamontthis is dpkg, not the preinst08:13
pittilamont: I know08:13
lamontI never edited any of these files08:13
pittilamont: but the preinst tries to avoid the dpkg question by removing the old file if it is unmodified08:13
pittilamont: if you still have the old version, can you please give me the md5sum of it?08:14
lamontsure - waiting for the upgrade to finish08:14
pittilamont: I only check for one md5sum right now, the version from the previous package08:14
pittilamont: probably I have to add some more, for earlier versions of that file08:14
lamontah, this is either warty-release, or shortly before that - pretty sure that the machine has warty-release, but it could be a shade older08:16
pittilamont: I'm at preparing a new hal version anyway08:23
pittilamont: so this is a good time to include this patch08:23
lamontok08:23
lamont6e417ba24c2b7d49006d5dbe82717f8d  /etc/dbus-1/event.d/20hal.dpkg-old08:24
lamontnot sure what version taht was.08:24
=== lamont grumbles at the dvd recorder.
pittilamont: it does not really matter which version that was08:25
lamontpitti: ok08:26
pittilamont: it is only importand that you are sure that you did not touch it08:26
pittilamont: okay, I include this md5sum. Thanks08:26
lamont99.999% sure - this is my daughter's machine, and I can't see why or when I would ever have needed to edit that file, since I have NFC what it is, even...08:26
=== Gorth [~gorth@cpe.atm2-0-51110.0x50a4d38e.abnxx10.customer.tele.dk] has joined #ubuntu-devel
lamonts/since/not just because/08:27
lamontinterestingly, dist-upgrade didn't want to replace xf86 with xorg08:32
lamontxserver, that is.08:32
lamontSetting up xserver-xorg (6.8.1-1ubuntu8) ...08:33
lamontsh: gcc: command not found08:33
lamontdpkg-architecture: warning: Couldn't determine gcc system type, falling back to default (native compilation)08:33
lamontWTH??08:33
pittilamont: uploaded new hal. Please beat me up if dpkg still asks next time08:34
Mithrandirit uses dpkg-architecture which uses gcc which is not installed08:34
Mithrandirlamont: just kill daniels08:34
ograMithrandir: either the pid or killall08:34
ogra:P08:34
Mithrandirogra: not everything is an unix command08:35
ograheh08:35
seb128Kamion: the http://cdimage.ubuntulinux.org/releases/hoary/array-2/ iso can resize a ntfs partition ?08:49
=== Shad0 [~admin@ip68-97-167-152.ok.ok.cox.net] has joined #ubuntu-devel
=== Shad0 [~admin@ip68-97-167-152.ok.ok.cox.net] has joined #ubuntu-devel
=== Shad0 [~admin@ip68-97-167-152.ok.ok.cox.net] has joined #ubuntu-devel
Kamionseb128: yes, should be able to09:19
seb128ok, thanks09:20
Kamioncd 109:20
Kamiond'oh, EWIN09:20
Kamionanyway, either Array CD 1 or 2 should work for that09:21
Kamionprobably should've gone in the announcement for 109:22
seb128ok09:22
=== ironwolf [~ironwolf@c-24-6-169-124.client.comcast.net] has joined #ubuntu-devel
=== RubenV [~lambda1@kn-res.kuleuven.net] has joined #ubuntu-devel
RubenVhttps://www.ubuntulinux.org/wiki/FrontPage/recentchanges09:31
RubenVI'm getting a UnicodeEncodeError here09:31
RubenVis this known?09:31
Kamionhaven't seen anyone else mention it09:32
RubenVshould i throw it into the bugzilla?09:33
seb128carlos had the same problem09:34
seb128non-ascii char in his name 09:34
ograme too09:34
RubenVI get it also when i'm not logged in09:34
RubenVand my name is "ruben vermeersch"09:35
seb128hum, that's not that so09:35
seb128yep, seems to be broken09:35
seb128open a bug in bugzilla09:35
RubenVon my way09:35
RubenVadded as #494809:37
=== lamont_r [~lamont@rover3.mmjgroup.com] has joined #ubuntu-devel
=== GotD0t [~GotD0t@24.48.147.43] has joined #ubuntu-devel
sivangseb128: have you noticed the app bar shwoing the app names all shrinked?09:57
sivangseb128: (the buttom panel)09:57
sivangseb128: and sometimes it's not showing apps at all 09:58
seb128half of the bug is http://bugzilla.ubuntu.com/show_bug.cgi?id=491810:02
seb128second half is unknown10:02
seb128open a bug with a screnshoot and some details10:02
sivangseb128: ok, let's check this out :)10:03
sivangseb128: I don't need to create a screenshot, it's the same as here: https://bugzilla.ubuntu.com/attachment.cgi?id=92410:04
Treenaksseb128: what's the bug # for the weird panel/nautilus/gnome-vfs "hangs"10:07
seb128sivang: no, this bug is only about the small entries10:08
sivangseb128: ah ok :)10:09
seb128Treenaks: http://bugzilla.ubuntu.com/show_bug.cgi?id=457610:09
sivangseb128: gottcha10:09
seb128sivang: nobody else complained about <sivang> seb128: and sometimes it's not showing apps at all 10:09
sivangseb128: yes, now I know what you mean - I'll add it10:09
seb128cool10:10
seb128you're using a dualhead setup ?10:10
sivangseb128: I used to on warty, why?10:10
seb128sivang: because dualhead a some issues10:10
Treenaksseb128: that bug has been fixed upstream?10:11
seb128ie: app should only be on one screen, etc10:11
seb128Treenaks: no10:11
TreenaksStatus:   RESOLVED10:11
TreenaksResolution:   FIXED10:11
=== lamont [~lamont@mix.mmjgroup.com] has joined #ubuntu-devel
Treenaksseb128: looks like it http://bugs.gnome.org/show_bug.cgi?id=16095510:11
sivangseb128: if I try to use it again, I'll ping you about this :)10:11
seb128Treenaks: I've not updated the forward that's all10:12
seb128Treenaks: http://bugzilla.gnome.org/show_bug.cgi?id=161997 upstream10:12
Treenaksseb128: ah10:12
sivangseb128: has people reporting this been using some switching tool or plain configured manually their xorg.conf ?10:13
sivangseb128: ie : nvtv etc10:13
seb128sivang: no idea. But there dualhead is kind of broken in hoary10:13
seb128for GNOME at leastr10:14
seb128-r10:14
sivangseb128: is there anything internal to gnome that allows for dualhead setups?10:16
mdzKamion: around?10:18
mdzKamion: wondering why ssh-agent is setgid ssh10:18
mdzah, changelog says it's just for the side effects10:19
=== GotD0t [~GotD0t@24.48.147.43] has joined #ubuntu-devel
Kamionmdz: yes, to stop ptrace attacks, it drops its group privilege immediately and group ssh has no other privileges anyway10:30
=== lamont decides that maybe udev and ftape aren't completely happy with each other..
mdzKamion: I just noticed that ssh-agent doesn't seem to take any precautions against secrets being written to swap10:31
lamontKamion: that's a kewl bit of hackery10:31
mdzKamion: did it ever do so, or did I imagine it?10:31
Kamionmdz: I don't remember it being added or removed; what kind of precautions would it need to take?10:31
mdzKamion: mlock10:31
mdzKamion: under most unices, this requires root privileges, but with Linux >=2.6.9 it doesn't anymore10:32
mdzso I thought it would be nice to de-privilege-ify ssh-agent, which I genuinely believed was setuid root and used mlock10:33
mdzbut I discovered that I apparently dreamed this10:33
Kamionguess that's why they didn't add it (how does Linux 2.6.9 prevent DoS attacks anyway?)10:33
mdzKamion: it adds an rlimit for it10:33
Kamionaha10:33
mdzI think there is a better reason why it isn't implemented, though10:33
mdzin poking around the source, i found this in sshd.c:10:33
mdz * structure. The idea is that this structure could be locked into memory so10:33
mdz * that the pages do not get written into swap.  However, there are some10:33
mdz * problems. The private key contains BIGNUMs, and we do not (in principle)10:33
mdz * have access to the internals of them, and locking just the structure is10:33
mdz * not very useful.  Currently, memory locking is not implemented.10:33
Kamionach10:34
KamionOpenBSD has encrypted swap support, which could also be why they're less bothered :)10:34
mdzis it impossible to read encrypted swap even with root privileges?10:34
mdzthat sounds hard10:35
Kamionsurely a root process can just ptrace ssh-agent10:35
mdzright, but the idea is that they shouldn't stay around after ssh-agent goes away10:35
Kamionsounds like you'd have to be able to invent arbitrary virtual->physical address mappings in order to retrieve stuff like that from swap at will10:37
KamionI don't know what layer encrypted swap is implemented at in OpenBSD though10:37
Kamionhttp://www.usenix.org/publications/library/proceedings/sec2000/full_papers/provos/provos_html/10:38
Kamionah, they use volatile encryption keys10:39
Kamionso even if you get the key out of kernel memory, there's an upper bound on the time for which it's useful10:41
=== lamont [~lamont@mix.mmjgroup.com] has joined #ubuntu-devel
=== lamont [~lamont@mix.mmjgroup.com] has joined #ubuntu-devel
mdzthom: dude, you stole my stopwatch10:58
mdzthom: I expect to see some major improvements in hoary's boot time to compensate me :-)10:58
=== Kamion contemplates forcing the mirror questions to be asked for netboot installs
Kamionit's incredibly annoying to watch everything being pulled from archive.ubuntu.com when I have a perfectly good local mirror11:04
pittigood night, guys and girls!11:06
pittiI wish you a happy Christmas11:06
ograsame to you pitto11:06
Kamionand USING ALL MY BANDWITH11:06
Kamion+D11:06
ogra pitti11:06
Kamionnight pitti :)11:06
lamontKamion: I just added a rule at my firewall that blocks archive.ubuntu.com11:10
lamontKamion: sounds like a simple preeseed to me, no?11:11
=== ferryfp [~ferry@gn-lwb-27f2f.adsl.wanadoo.nl] has left #ubuntu-devel []
Kamionoh, there are any number of ways I could make it act differently, but I don't think defaulting to archive.ubuntu.com for a big download without asking is viable in the long term11:12
lamontKamion: yeah, but asking increases the number of questions by something like 20%, no? :-)11:15
lamontthe issue is that just because you _can_ reach archive.ubuntu.com doesn't mean that you _want_ to11:15
lamontit could check and then ask if you want to use it.  get all the info if you say no to 'direct to archive.ubuntu.com'11:16
lamontbut you do have to get it past the 'no-questions' nazis11:16
ogracouldnt that get tied to the lang or TZ  selection ?11:16
Kamionlamont: I think the no-question-nazi bit is mostly for CDs11:17
lamontah, this is netinst. doh.11:17
Kamionin fact I think the mirror question is *accidentally* not asked11:17
lamontISTR that it was only asked if it couldn't instantiate a connection to archive.ubuntu.com:8011:17
Kamionogra: would have to be country, and that could be used as a hint to select a default, but even then it's far from optimal11:17
Kamionlamont: that's base-config post-reboot; this is choose-mirror pre-reboot ...11:17
Kamionalthough I think choose-mirror may have some similar logic now that you mention it11:18
=== Shad0 [~admin@ip68-97-167-152.ok.ok.cox.net] has joined #ubuntu-devel
lamontah11:18
Kamionogra: anything that involves going out over my ADSL link is suboptimal :)11:18
Kamionlamont: no, I think you're right11:18
ograKamion: if you hide TZ papersize and mirror behind this one question ? 11:18
Kamionogra: nah, still sucks for me. archive.ubuntu.com is my closest mirror11:18
ograKamion: ahh, ok11:18
Kamionor near enough, anyway11:18
lamontKamion: while you're dinking with defaults... fix #4674, ktnxbye11:19
Kamionlamont: heh11:19
lamonthrm.. time to rev util-linux from upstream yet again, and then upload to ubuntu as well.11:19
Kamionogra: for some questions you can seed sensible defaults but still have to ask (e.g. the default country is picked depending on your language, but you often still have to select the country); for others you can pick the answer automatically. It's not always easy to tell11:20
Kamionogra: you might think that language and country is enough to figure out the keyboard layout automatically, and we tried that, but it got a lot of complaints ...11:21
lamontKamion: 4674 just needs to have en_US* -> letter, I think...11:21
lamontKamion: yeah - no where near enough for keyboard layout11:21
Kamionand for TZ and mirrors it's particularly hairy because you might be travelling11:21
ograKamion: norsk vs swedish .... i remember11:21
Kamionif I'd been doing an install in Mataro that I'd wanted to keep around, I'd have wanted to say English and United Kingdom but have TZ=Europe/Madrid and a mirror in Spain11:22
lamontKamion: use the magic list that rosetta uses?11:22
ogralamont: you are my hero, i am waiting for such a thing since years (#4674)11:23
Kamionlamont: geoip scares me11:23
ograand i'm willing to help on that one after my screensaver stuff is done11:24
Kamionlamont: anyway, what was our IP in Mataro again? :-)11:24
Kamion192.168.0.*, IIRC ...11:24
lamontKamion: nah - peer IP as seen by the far end of a tcp/udp connection to 'findme.ubuntu.com' :-)11:25
lamontogra: you in US?11:25
Kamionlamont: ick :)11:26
ogralamont: nope, in DE but i suffered from letter as default for years now, i know how you feel with ubuntus a4 default ;)11:26
lamontogra: yeah - I understand that A4 is the correct default in 99.9% of locations, and 60%+ of computers, but...11:27
ogralamont: come on, you had 10 years of letter, now its our turn ;)11:27
lamontogra: I just want it to pick based on locale, that's all.11:28
lamontand I think en_US* is all that should be letter, but I'm willing to be wrong on that...11:28
ogralamont: yep, the right way imho11:28
lamontactually - it should query the default printer and see what size paper it has in it...11:29
ogralamont: hmm, needs some gnome-print improvement i guess11:29
=== lamont considers updating the preseed file on his custom install CD's.
lamontbut that would be, well, wrong.11:30
ograheh, sure11:31
=== mxpxpod [~bryan@mxpxpod.user] has joined #ubuntu-devel
Kamionso, does python-minimal want to get Essential: yes in its control file?11:43
Kamionnoting that, once we do that, changing its name EVER is *really hard*11:44
calcalso once something is essential it no longer needs to be depended on, right?11:48
calcso it will have to be essential forever11:48
Kamionin practice that only really applies to the stuff that's been essential for ages, as you still have to support upgrades11:48
KamionI think that's the plan in Ubuntu though11:48
Kamionand since it's an Order From On High I'm certainly not going to worry about that part of it11:49
mxpxpodis there a way to get the evolution gaim plugin?11:51
calcputting python stuff into the bootup?11:51
Kamionboot != Essential11:51
Kamionthose two things are orthogonal11:52
calctrue, but theres not a lot of other stuff that really needs to be essential other than boot related stuff11:52
Kamionno, essential is for the core packaging system11:52
Kamionthe point of essential is that if you remove it then the packaging system won't work any more11:52
calcoh i thought essential was if you remove it the whole os stops working11:53
Kamionyou ought to be able to boot far enough to run dpkg, sure, but that's a pretty lean requirement :)11:53
Kamionno, this seems to be a common misunderstanding11:53
calcof course python-minimal will need to be at least as high priority as anything using it11:53
Kamion(a) it's required (b) I'm not sure we care in Ubuntu :)11:53
Kamionpolicy or the packaging manual used to talk about what Essential was for, but I can't see the text I remember any more11:54
calcok11:55
Kamionthe text was something like "the package manager will not let you remove essential packages; if you do, then you might not be able to run dpkg to put them back"11:55
=== wasabi_ [~wasabi@c-24-1-67-127.client.comcast.net] has joined #ubuntu-devel
calcnot sure why e2fsprogs is essential but everything else makes sense11:56
calci guess its left over from when all debian supported was ext211:56
Kamione2fsprogs is a bit of an anomaly; it does have the generic fsck wrapper though11:57
calcoh11:57
KamionI have a bug open about how to split it out smoothly, but it's quite difficult to do right without breaking in upgrade corner cases11:57
calcif essential is just for the package manager to run then looks like other things just need to be required as well11:58
Kamionmostly, yeah11:59
calclike eg login11:59
Kamionessential isn't even a closed set11:59
Kamion(under dependencies)11:59
Kamionit should always be a subset of required though11:59
calcyea11:59
=== Kamion looks through an enormous *.po diff and does the "speak English" dance ;)

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!