[12:01] <sivang> just did an upgrade. weather applet is b0rked.
[12:01] <sivang> and also the window that offers to "delete from panel" the applet.
[12:07] <sivang> wooo everybody notice the all new rocking weather applet? much more locations per each country!
[12:08] <sivang> rocking!
[12:08] <sivang> it also has indications now for day/night time
[12:09] <sivang> it's not b0rked btw, I just had to remove them and readd them 
[12:44] <amu> strange d-i ppc has no 2.6 supportC[C[C[C[C[C[C[C[C[C[C[C[C[C[C
[12:45] <ogra> [C ?
[12:46] <amu> kapute umlauts :) 
[12:46] <ogra> hehe
[12:46] <ogra> mine or yours ?
[12:46] <amu> mine :) 
[12:48] <ogra> there were several requests on helping out with kubuntu in #ubuntu last night.... are you the person to point to amu ? or is it haggai ?
[12:48] <amu> well the liveCd for amd64 was done 2 min. i sit for ppc now 3h :) 
[12:49] <ogra> heh, 64 bit...
[12:49] <amu> ..ooo i just spend some time to boost it up :) help if i can, haggai manage it. 
[12:50] <ogra> ok
[12:52] <amu> echo "Kernel $(KERNELMAJOR) not supported yet"
[12:52] <ogra> :(
[12:57] <amu> ogra: the new live looks cool, yesterday i builded a horay and with d-i X started :) found some problems with mouse sound and net, finally he hole thing looks smart.
[12:58] <ogra> sounds great ... :)
[12:58] <ogra> i got my screensaver hack working with xft and half way with utf8 now :) learned a lot the last week ...
[12:59] <amu> it looks great :) as i said amd64 needs 2 minutes
[12:59] <ogra> d-i just works ?
[01:00] <amu> yep
[01:02] <ogra> wow, kudos to kamion.....tell me if you need tests, got a mac here and plenty of intel machines
[01:02] <ogra> amu: and kudos to you as well indeed ;)
[01:03] <amu> hmm utf-8, that could be the reason why the non-latin langs looks worse, guess i've to change it to utf-8 
[01:04] <ogra> i think its the policy for hoary to switch anything to utf8
[01:05] <amu> ogra: cool, the problem atm is most people are away :) a automatic xconfigurator is needed, have to wait for danielS
[01:07] <ogra> amu: xresprobe does it currently... it is called by the postinst script of the xserver package....not sure if this also applies to xorg, but i guess so
[01:13] <amu> no prob, i use temp. the old mkxf86config 
[01:24] <sivang> does anybody know how I can patch a .deb pacakge as a whole? I have a patch that spans both the changlog and a file inside the source package
[01:24] <sivang> is there a "debpatch" ?
[01:28] <amu> dpkg-repack?
[01:29] <bob2> no
[01:29] <bob2> sivang: you want to patch the source package?
[01:30] <sivang> bob2: yes :)
[01:31] <sivang> bob2: like in , extracting it, apply the comprehensive patch, repackage.
[01:32] <bob2> the source, not the binary, right?
[01:33] <sivang> bob2: is there a possibility to patch the bin pkg also? 
[01:34] <bob2> er, yeah, but why?
[01:34] <bob2> you patch the source, build it, install the new binary
[01:42] <lamont_r> Keybuk: btw, your mum got alsa-driver_1.0.7-2ubuntu1 way wrong, near as I can tell.
[01:45] <Keybuk> leave my mum out of it
[01:45] <ogra> heh
[01:45] <Keybuk> my mum is NOT part of Soyuz
[01:45] <bob2> cockfosters.
[01:51] <Keybuk> bob2: I would consider it a personal favour if you could get some new jokes by April
[01:51] <Keybuk> kthxbye :p
[01:54] <lamont_r> Keybuk: ok.
[02:46] <mojo> Can someone migrate the python2.4-mysqldb from libmysqlclient10 to libmysqlclient14?
[02:47] <mojo> And besides, is librdf supposed to be based on libmysqlclient12? If not, y not make it base on libmysqlclient14?
[02:48] <wasabi> UGH
[02:48] <wasabi> UGH GUH GUH i dislike .udebs
[02:49] <mojo> fabbione: sorry to make u wait, I just fell sleep, is nvidia-glx working well rite now or not? some ppl said to me not, but it did work here, not really sure it's my mistake or still a bug
[02:59] <Kamion> amu: d-i powerpc *defaults* to 2.6 :-)
[02:59] <Kamion> amu: it definitely has 2.6 support, I did it and it was the second port after i386 to get it ...
[02:59] <Kamion> wasabi: udebs are love
[03:00] <wasabi> buh
[03:00] <wasabi> d-i should support .debs
[03:00] <wasabi> for those of us who have upgraded from floppy drives
[03:00] <wasabi> All I need is curl. That's it.
[03:00] <wasabi> 2 hours later I still haven't got it.
[03:03] <Kamion> wasabi: *sigh* no, I read the conversation on #debian-boot and there were a hell of a lot of misunderstandings in there
[03:03] <Kamion> note EXTRAFILES in the d-i build system for quick hacks like what you're trying to do
[03:03] <wasabi> gah.
[03:04] <wasabi> Well, actually, I was hoping it wouldn't be a "quick hack"...
[03:04] <wasabi> and I could do it right.
[03:04] <wasabi> For upstream acceptence. There will be a lot of situations (for sitations like mine), where preseeding,a s it is right now, isn't usable.
[03:04] <wasabi> preseed/url is fairly insecure. ;0
[03:05] <wasabi> where "lot" is ~= "few"
[03:06] <Kamion> udebs are really easy to produce. XC-Package-Type: udeb in the control file, build-dep on debhelper (>= 4.2), install stuff into the curl-udeb temporary build tree like you would do for any standard multi-binary package
[03:06] <wasabi> Kamion, I tried that... dh_* broke because i think it moved hte files, instead of copying them
[03:06] <Kamion> what's wrong with wget though?
[03:06] <wasabi> wget doesn't do CA validation
[03:06] <wasabi> for SSL.
[03:06] <Kamion> read the relevant dh_* documentation, it goes into this in a lot of detail
[03:06] <wasabi> Our deployment scenario: for windows.
[03:07] <Kamion> perhaps you're using dh_movefiles rather than dh_install
[03:07] <wasabi> We distribute CD's. The CD's have a pub cert on them.
[03:07] <sivang> Kamion: this is available on debhelpers main docs?
[03:07] <Kamion> sivang: man pages
[03:07] <wasabi> Different departments boot the CD, which uses DHCP to find a local isntallation server.
[03:07] <sivang> Kamion: k,tnx
[03:08] <wasabi> The installation server is verified against the cert and encrypted, just basic SSL. preseeding file is copied over.
[03:08] <Kamion> no particular reason why you couldn't convince the d-i build process to accept a .deb though
[03:08] <wasabi> User is asked for his kerberos username/password.
[03:08] <Kamion> it would just, well, suck
[03:08] <wasabi> well it would suck if you were trying to build floppies.
[03:08] <Kamion> perhaps busybox wget should be enhanced to support SSL then
[03:08] <wasabi> But, i'd venture to say, nobody that uses ubuntu does that.
[03:08] <Kamion> *ahem* you don't read my e-mail :P
[03:08] <wasabi> normal wget doesn't support ca cerification.
[03:08] <wasabi> heh
[03:08] <Kamion> I have a lot of requests for floppy support.
[03:09] <Kamion> with good reasons.
[03:09] <wasabi> crazy.
[03:09] <Kamion> the only reason we don't do it is that I haven't persuaded the 2.6 kernel to fit onto a floppy yet
[03:09] <wasabi> well, MS dropped it, and it works for them. And that's the market I'm in.
[03:09] <Kamion> ok, but MS drop old hardware much more readily than I'm willing to.
[03:09] <wasabi> yeah.
[03:09] <wasabi> no, i follow you, it's great that it is floppiable.
[03:10] <wasabi> But, for me, I really just want to Get It Done, without concerning myself with that.
[03:10] <wasabi> Since it has no bearing on my situation at all.
[03:10] <Kamion> sure.
[03:10] <Kamion> but it should be a very trivial hack in the build system.
[03:10] <wasabi> I was just lookingn around d-i for the dpkg stuff to persuade it to do a .deb. And pointers?
[03:10] <wasabi> s/and/any/
[03:10] <Kamion> look at build/Makefile and build/get-packages I guess, to start with
[03:11] <Kamion> I mean, it just uses dpkg to unpack the packages
[03:11] <wasabi> It seems to rename the .deb's to .udeb.... and then install them
[03:11] <wasabi> and then promptly try to chroot
[03:11] <Kamion> do the build as root
[03:11] <wasabi> did.
[03:11] <Kamion> fakechroot is a hideous hack and is unlikely to help you
[03:11] <wasabi> still no go... slightly different error. let me find it.
[03:11] <Kamion> what target were you building?
[03:12] <Kamion> rebuild_* is usual
[03:12] <wasabi> build_netboot
[03:12] <Kamion> ok
[03:13] <Kamion> AFAIK the only things that try to chroot are the demo and shell targets
[03:13] <wasabi> dpkg (subprocess): unable to execute new pre-installation script: No such file or directory
[03:13] <wasabi> dpkg: error processing udebs/zlib1g.udeb (--unpack):
[03:13] <wasabi>  subprocess pre-installation script returned error exit status 2
[03:13] <wasabi> Errors were encountered while processing:
[03:13] <wasabi>  udebs/zlib1g.udeb
[03:13] <wasabi> same error, but let me switch zlib1g to -udeb
[03:13] <wasabi> oh wait, can't do that. Provides doesn't support versioned stuff.
[03:14] <wasabi> So, zlib1g it is.
[03:14] <Kamion> provides do in d-i, you were misinformed.
[03:14] <wasabi> heh.
[03:14] <Kamion> anna totally ignores versioning on provides
[03:15] <Kamion> although whether the build system will cope, I'm not sure
[03:15] <wasabi> well with -udeb it fails because of deps
[03:15] <wasabi> The following packages have unmet dependencies:
[03:15] <wasabi>   curl: Depends: zlib1g (>= 1:1.2.1)
[03:15] <wasabi> blah blah blah
[03:15] <Kamion> why don't I just put together a curl-udeb for you? it would be far easier
[03:16] <wasabi> That would be super. As long as it makes it upstream. THe idea of using the .deb was to avoid maintaining my own curl package.
[03:16] <wasabi> I dont want to maintain anything except a config file. ;)
[03:16] <wasabi> And I'd like to venture most company's who would like to do this would think the same.
[03:16] <Kamion> I'm not in the business of making promises about other people's packages; you get to submit it
[03:17] <wasabi> ayup
[03:17] <wasabi> will do then
[03:17] <wasabi> im a bit confused where I went wrong.
[03:18] <Kamion> I don't really see why EXTRAFILES is unacceptable though
[03:18] <Kamion> curl will not be accepted into mainstream d-i, I suspect
[03:18] <wasabi> it probably is, i just didn't know about it.
[03:18] <Kamion> since it duplicates wget, and busybox wget should just be fixed
[03:19] <wasabi> well, mainstream wget doesn' do ca validation either.
[03:19] <wasabi> So, any preseed/url is inherentily insecure.
[03:19] <Kamion> sure, no reason why that feature could not be added though
[03:19] <wasabi> true.
[03:19] <Kamion> apart from space, certainly
[03:19] <Kamion> but it could be optional in some way
[03:19] <Kamion> surely a big company doing a big deployment can just use preseed/file and do customised media?
[03:20] <wasabi> That was where I started.
[03:20] <wasabi> Then I realized I might have to change the preseed file later.
[03:20] <wasabi> And redistributing CD's is... a big task.
[03:20] <wasabi> Well, a bigger task than currently done for windows, at least.
[03:20] <wasabi> Somehow I'm supposed to shoehorn kerberos into this too... but that's for another day.
[03:21] <wasabi> This will be really slick when it's done, regardless.
[03:22] <Kamion> sigh, curl does use dh_movefiles
[03:22] <Kamion> OTOH there should be a second build for the udeb anyway
[03:22] <wasabi> i'll try extrawhatever
[03:22] <Kamion> (gcc -Os etc.)
[03:22] <Kamion> see build/config/local for that, it has a commented-out example
[03:22] <wasabi> ahh okay
[03:22] <wasabi> soon as this works, im making a packages/kerberos-auth or some such.
[03:24] <Kamion> cool
[03:26] <mdz> morning
[03:26] <wasabi> basic procedure will be, user boots, system does auto detection stuff, dhcp. kerberos-auth fires up, auths to realm... stores in a key cache. preseed retreves it's file, authenticating using the ticket, sometime during setup it uses the admin interface to create a new principal on the server...
[03:26] <wasabi> not sure how I want to go about that one. Running base-config during the first boot would make it more seamless.
[03:26] <Kamion> what, pre-reboot?
[03:26] <wasabi> Otherwise... I've gotta hide the ticket away someplace dangerous during the reboot.
[03:27] <wasabi> Yeah.
[03:27] <Kamion> hm. be warned, baseconfig-udeb does not work all that smoothly
[03:27] <Kamion> there are lots of difficult-to-solve problems there
[03:27] <wasabi> Yeah.
[03:27] <wasabi> So, just not sure how I wnat to deal with it. A ticket might survive a reboot, just gotta put it someplace other than /tmp.
[03:28] <wasabi> Basically the user should only be asked for password (or creds... someday smart card) once, and creds should be stored for the duration of the process.
[03:29] <Kamion> incidentally, how do you know that there isn't a trojan DHCP server on the network?
[03:29] <wasabi> That's why I have to do CA validation on the preseed file.
[03:29] <Kamion> fair enough, yeah
[03:29] <wasabi> The CA is stored on the CD.
[03:29] <Kamion> an alternative might be to use apt's authentication support somehow
[03:29] <wasabi> yeah, I will have to use that too.
[03:30] <Kamion> (although of course that isn't implemented in d-i yet)
[03:30] <wasabi> a rogue package sounds makes the entire thing pointless.
[03:30] <wasabi> s/sounds/source/
[03:30] <wasabi> well, guess I'll have ot wait for it then.
[03:30] <wasabi> or help if I ever get a clue. :)
[03:30] <Kamion> anna would be the place to start there
[03:31] <Kamion> you'd have to put the key in the initrd, of course
[03:31] <wasabi> Yeah, It would be built with the image.
[03:31] <Kamion> doesn't work for netboot though, fundamentally you have to trust something
[03:31] <wasabi> cert revocation will have to be considered at some point too
[03:31] <Kamion> on the CD, you could just ignore the problem, since all the udebs are there anyway
[03:31] <wasabi> but I don't want to thinka bout that just yet
[03:32] <Kamion> the udebs are exactly as trustworthy as the initrd
[03:32] <wasabi> Yeah. I trust the CD.
[03:32] <wasabi> THe CD extends trust to the network.
[03:32] <wasabi> And the network only trusts kerberos.
[03:33] <wasabi> there are nifty commercial apps for windows that do all this with 2 clicks.
[03:33] <wasabi> that's what im competing with basically.
[03:33] <Kamion> generate a Windows installer that uses kerberos auth, you mean?
[03:33] <wasabi> "please insert your windows key" *copying files* "choose your deployment server from the list"
[03:33] <wasabi> Yeah.
[03:33] <wasabi> A boot CD for net installs.
[03:33] <wasabi> That does all the stuff just mentioned.
[03:34] <wasabi> You click a button, and it pops out a CD image.
[03:37] <wasabi> Hopefully this works out as I envisage it. There isn't a whole lot in the way. d-i provides most of the tools.
[03:37] <wasabi> Debian provides the rest (if I could just use .debs!)
[03:37] <Kamion> of course the other option is a gpg-signed preseed file
[03:37] <Kamion> which would allow you to defer many of the problems to the second stage
[03:38] <wasabi> preseed file has to be encrypted too.
[03:38] <wasabi> can't move it across the network in clear text at least.
[03:38] <Kamion> ok
[03:38] <Kamion> but still, all you need is gpg
[03:38] <wasabi> hmm. perhaps.
[03:38] <Kamion> it might well be worth avoiding the complexity of kerberos in the first stage
[03:38] <wasabi> Oh definatly. Each peice of this is going to be a seperate d-i module.
[03:38] <Kamion> also gpg-signed preseed files are much more likely to be officially supported :)
[03:39] <Kamion> since they're much more generally applicable
[03:39] <wasabi> Hmm.
[03:39] <wasabi> That might remove the ssl requirement totally.
[03:39] <wasabi> just gpg encrypt it and be done
[03:39] <Kamion> elmo's away at the moment, but I'm sure he'd be amenable to a gnupg-udeb
[03:40] <wasabi> Hmm... okay. Here's one requirement... im not familiar enough for gpg to know if it's doable.
[03:40] <wasabi> The preseed file that is retrieved, must only be readable by somebody with a username/password, which is configurable remotely.
[03:41] <Kamion> not just anyone with the CD?
[03:41] <wasabi> Somebody can't steal a CD to get the admin passes
[03:41] <wasabi> correct
[03:41] <wasabi> That's where the kerberos came in.
[03:41] <Kamion> so just put a passphrase on the key?
[03:41] <Kamion> (gpg)
[03:41] <wasabi> that can change.
[03:41] <Kamion> that seems pretty straightforward
[03:41] <wasabi> In the organization, there are many levels of IT... across the country.
[03:41] <wasabi> Many usere accounts.
[03:42] <wasabi> Everybody designated by the server should be able to install systems.
[03:42] <Kamion> you can encrypt something to lots of keys
[03:42] <wasabi> And that list of people changes frequently.
[03:42] <wasabi> As people come and go, etc.
[03:42] <wasabi> Yeah yeah. It does move the preseed encryption to some process on the server, not just a one time thing.
[03:42] <wasabi> curl lets you use gssapi auth to retrieve from http.
[03:42] <Kamion> the encrypted blob itself has no value ... it's only valuable with the passphrase, and the "username" could just be used to figure out where to get the blob from
[03:43] <wasabi> So, simple kerberos auth, combined with ssl, takes care of both the problems... which is why I was heading in that direction.
[03:43] <Kamion> right, but since it's a more specialised solution it makes it more likely that you'll have to maintain it yourself :-)
[03:43] <Kamion> I'm trying to think of more generalisable solutions.
[03:43] <wasabi> The server process could update the preseed file as new people get the ability to use it.
[03:43] <wasabi> gpg doesn't have any group concept, does it?
[03:44] <wasabi> like, encrypt something with a "group" key, added to each user's key.
[03:44] <wasabi> Sounds very ungpg like
[03:44] <Kamion> um ... that's not meaningful
[03:44] <wasabi> but I'm not too familiar with it
[03:44] <Kamion> you can have a keyring, not just a single key
[03:44] <Kamion> if you want a group key, just add that key to everybody's keyring in the group
[03:44] <Kamion> or encrypt a secret key with a user's key and send that secret key to them
[03:45] <wasabi> Protecting the preseed file with apache based on a ldap group membership is fairly straightforward. Not sure how that would work in a gpg situation.
[03:45] <Kamion> it's orthogonal to gpg.
[03:45] <wasabi> Doesn't deal with revocation though does it?
[03:45] <Kamion> don't try to think of access control on downloads in the same context as gpg.
[03:46] <jamesh> wasabi: how about HTTP basic auth to access the repository?
[03:46] <wasabi> jamesh, I dont have a clear text password.
[03:46] <Kamion> if you want to revoke an encrypted blob and you've already given out the key, the only possible answer is to not give out the encrypted blob
[03:47] <wasabi> Well, I would if I kept it around.
[03:47] <Kamion> a multi-level key setup could fix that though
[03:47] <jamesh> wasabi: well, basic auth over SSL is not too bad, and gives you a lot of flexibility at the server end ...
[03:47] <Kamion> i.e. don't give out the key, just give out the key used to encrypt a session key and decide whether to give out the session key on the fly
[03:48] <wasabi> jamesh, makes future movement into the realm of smart cards hard too.
[03:48] <wasabi> in fact, so does gpg. =/
[03:48] <Kamion> several hardware crypto vendors support gpg
[03:48] <Kamion> I used to work for one such
[03:49] <wasabi> I think the samba guys are working on implementing MS's kerberos extensions to support ticket authentication using a smart card... I doubt the same thing would work with gpg.
[03:49] <Kamion> apples don't work with oranges either :)
[03:49] <wasabi> and the aim is to displace what exists currently, which means i am a bit limited. ;)
[03:50] <wasabi> also have to fit into the existing infrastructure as much as possible.
[03:50] <Kamion> you just need to make it look the same, it surely doesn't matter exactly how it works under the hood
[03:50] <Kamion> if the Windows GUI is a two-click thing it can't expose much of the implementation
[03:50] <Kamion> generating a key and sticking it in the right places could be entirely automated
[03:51] <Kamion> anyway, as it happens, you could certainly put a key on a smart card and have gpg use it, which is equivalent to ticket auth using a smart card, if done right
[03:51] <wasabi> well, just thinking of my experiences, and the best way to capture the market.
[03:52] <wasabi> Because that's my goal afterall, to see Ubuntu on every desktop. ;)
[03:53] <Kamion> it's all crypto. the protocol matters more than the implementation as far as making it work securely is concerned, so you're free to choose an implementation which is easiest to integrate with the software
[03:54] <Kamion> of course, when multiple different software stacks are concerned, this can get amusing
[03:54] <wasabi> It's just that the existing software stack on the server side is already decided and unchangable.
[03:54] <wasabi> and I happen to like it too. ;)
[03:54] <Kamion> only on *your* server side; other people have totally different server sides which are also decided and unchangeable in exactly the same way
[03:55] <Kamion> which makes a solution tailored to your server side a poor option for general-purpose implementation
[03:55] <wasabi> Kamion, well, those who use Windows to do this, all do it the same way. ;)
[03:55] <Kamion> with respect, I doubt that :)
[03:55] <wasabi> Well, other than Novell Netware, there is no other player in the market.
[03:55] <wasabi> Active Directory.
[03:56] <Kamion> my housemate's a Windows sysadmin for a university, I don't believe he uses Kerberos at all
[03:56] <wasabi> Does he use Active Directory?
[03:56] <Kamion> no idea
[03:56] <wasabi> Because if he doesn't, he uses either Samba or Netware. :0
[03:56] <Kamion> I'm not an expert in the field, I'm just extremely sceptical that the market is that limited
[03:56] <wasabi> Welcome to MS-land.
[03:56] <Kamion> Samba seems more likely
[03:57] <Kamion> proprietary software is anything but single-player, even in MS-land
[03:57] <Kamion> and anyway, Ubuntu deployments are not just about Windows replacements
[03:57] <Kamion> we support Macs too, remember
[03:57] <wasabi> OpenDirectory
[03:57] <wasabi> Kerberos and LDAP.
[03:58] <wasabi> ActiveDirectory, Kerberos and LDAP.
[03:58] <wasabi> same tune differnet name.
[03:58] <Kamion> ok, whatever, I need sleep
[03:58] <wasabi> night. Thanks for your help. :0
[03:58] <Kamion> I remain unconvinced that that's the right approach for preseeding
[03:58] <wasabi> Me too. Which is why we had this convo
[03:58] <Kamion> primarily because it's a huge sledgehammer to crack a very small nut :)
[03:59] <Kamion> which is ALWAYS a bad idea where secure protocol design is concerned.
[03:59] <wasabi> Well, that's the thing. The protocols are already in place. I just want to use them.
[03:59] <wasabi> anyways. im going to get cocoa. mmm
[04:04] <Kamion> wasabi: (mind you, I realise that doing the download of the preseed blob using SSL gives you protection against replay attacks more or less for free, assuming you believe in SSL. hmm.)
[04:10] <mojo> I have installed libneon24, but how come all OOo still base on the old version libneon23? Can someone confirm? Or is it my mistake?
[04:39] <lamont> mojo: Depends: libneon23
[05:28] <lamont> Kamion: are the 20041222 daily CD's worth testing on ia64 and ppc?
[05:28] <lamont> s/testing/trying to use/
[06:30] <fabbione> morning
[07:37] <pitti> Morning
[07:39] <fabbione> hey pitti
[07:39] <pitti> Hi fabbione 
[07:39] <pitti> Had a good night?
[07:40] <fabbione> pitti: almost
[07:40] <pitti> I was awake half of the night :-(
[07:40] <fabbione> jdub: 2155 IS NOT A KERNEL PROBLEM 
[07:41] <jdub> fabbione: THANKS, LET ME KNOW WHAT WE CAN DO WITH IT
[07:41] <jdub> WHY ARE WE SHOUTING?
[07:42] <fabbione> jdub: BECAUSE YOU ARE ON THE OTHER SIDE OF THE WORLD AND I WANT YOU TO HEAR ME!
[07:42] <kergan> hahahhaha
[07:42] <kergan> oh you dint hear me HAHAHAHAHHAHAHAHAHHAHAHA
[07:42] <fabbione> jdub: i need you to check the hotplug / udev events and see why the device is not created.
[07:43] <fabbione> jdub: the kernel is not is charge to do such task
[07:57] <enrico> fabbione: #ubuntu-doc mail arrived perfectly, thanks!
[07:58] <fabbione> enrico: cool
[07:59] <fabbione> enrico: do you need the backlogs?
[07:59] <fabbione> enrico: they are on my ~ on people
[07:59] <enrico> fabbione: you mean the previous days?  No, no need to, thanks
[07:59] <fabbione> goody
[08:00] <enrico> fabbione: (for the records, however, I don't have an account on people.ubuntu)
[08:00] <fabbione> enrico: no need to have on.e
[08:00] <enrico> ah, ok
[08:00] <fabbione> ever heard of that protocol that shares info on port 80? ;)
[08:11] <enrico> fabbione: oh... that subversive protocol invented some time ago by those swiss terrorists that are trying to develop nuclear technology?
[08:12] <fabbione> no.. i mean that protocol that is sucking all the internet bandwith in place of ftp, slowing down all my porn downloads
[08:13] <enrico> fabbione: just download port from port 80 :)
[08:36] <enrico> Who should I talk with to have something like a baz sandbox that we docteam could experiment and play with?
[08:37] <pitti> mdz: still awake?
[08:38] <pitti> Keybuk, Kamion, jdub: anybody out there?
[08:38] <jdub> i am for a moment
[08:39] <pitti> jdub: I /msg you
[09:05] <pitti> haggai, amu: ping
[10:29] <pitti> Moin mvo
[10:34] <mvo> hi pitti 
[11:09] <pitti> Hi seb128
[11:09] <seb128> hey pitti 
[11:10] <seb128> how is the security stack going ?
[11:10] <pitti> seb128: today, downwards
[11:11] <pitti> seb128: yesterday I got two new mails for each processed one
[11:11] <seb128> :(
[11:11] <seb128> people spend the chrismast holidays to find security problems or what ? 
[11:12] <seb128> christmas even
[11:12] <pitti> seems so
[11:16] <ajmitch_> pitti: quite a pile to get through then?
[11:17] <pitti> ajmitch_: yes, still
[12:00] <pitti> Kamion, Keybuk, jdub: anybody here? I need a native English speaker again...
[12:00] <Treenaks> I'm not a native speaker, but shout :)
[12:02] <Kamion> pitti: yep
[01:49] <pitti> Mithrandir: ping
[02:04] <pitti> haggai: ping
[02:08] <sivang> pitti: morning!
[02:08] <pitti> Hi sivang!
[02:08] <sivang> pitti: oops, g'afternoon :)
[02:09] <seb128> mvo: there was a point to sync ncb with debian ? I thought we had all the debian changes ...
[02:09] <jordi> mvo: duuuude
[02:09] <jordi> mvo: I am killing you. KILLING YOUUUUUUU.
[02:10] <mvo> jordi: arrggg 
[02:10] <mvo> what did I do?
[02:10] <mvo> jordi: don't kill me!
[02:10] <pitti> mvo: btw, can you sync packages yourself?
[02:10] <jordi> mvo: duuuude, you imported synaptic's pot to rosetta, but not the zillion existing translations, so random people are re-translating it now, apparently.
[02:11] <jordi> mvo: I'm getting a brand new, not-so-good translation in Catalan :)
[02:12] <mvo> jordi: argggsss ... sorry. I'll fix this
[02:12] <Treenaks> mvo: same with Dutch
[02:12] <Treenaks> jordi: also with lots of other programs in rosetta (gconf..)
[02:12] <mvo> seb128: I think there where some "README.debian" updates in the upload I did
[02:12] <seb128> mvo: ok
[02:13] <jordi> Treenaks: yeh :(
[02:14] <mvo> daf: around?
[02:35] <Mithrandir> pitti: pong
[02:36] <pitti> Mithrandir: just sent you a mail, regarding a mailman security issue
[02:36] <Mithrandir> pitti: ok, will look at it.
[02:36] <pitti> Mithrandir: thanks
[02:57] <trulux> pitti, where cracklib looks for dicts in Ubuntu? i'm trying to build PAM with updated sleinux support and it says none found
[02:58] <trulux> but already there's a one at /etc/dict.../words
[03:00] <pitti> trulux: you need to install a package that provides 'wordlist'
[03:00] <pitti> trulux: e. g. wenglish
[03:01] <trulux> pitti, kay
[03:02] <pitti> :q
[03:02] <pitti> oops, wrong window
[03:02] <pitti> trulux: paths are in /etc/cracklib/cracklib.conf
[03:03] <trulux> pitti, ok, thanks
[03:36] <nobse> hi
[03:36] <nobse> having binaries from one source package in main and universe sucks
[03:36] <nobse> currently, when I try to upgrade vim, vim-perl needs to get removed
[03:37] <Kamion> what does that have to do with binaries being in different components?
[03:37] <Kamion> unless you only have main in sources.list
[03:38] <nobse> Kamion: because the new vim package comes from the security repository
[03:38] <Kamion> so include warty-security universe
[03:39] <Kamion> there was an oversight in warty's base-config that meant that this wasn't present as an example by default
[03:39] <nobse> ups...
[03:39] <nobse> indeed
[03:40] <nobse> ok, forget what I said
[03:57] <edulix> hey!
[03:58] <edulix> which is the command to start gnome ?
[03:58] <edulix> needed here to use freenx
[03:58] <ross_> startx
[03:58] <Treenaks> ross_: wrong window!
[03:58] <ross_> which calls gnome-session at some point 
[03:59] <edulix> ah ok
[03:59] <edulix> let's first try to start firefox
[04:09] <Simira> seb128: know I've asked this before, but how do I delete my personal contacts in evolution? 
[04:09] <seb128> Simira: rm ~/.evolution/addressbook/local/system/addressbook.db ?
[04:10] <Treenaks> Ctrl+A, Ctrl+D in the Contacts editor?
[04:17] <Simira> seb128: I've deleted the whole address book, but it just reappears
[04:19] <Treenaks> Simira: empty or full?
[04:19] <Treenaks> Simira: did you kill evolution and evolution-data-server?
[04:20] <Simira> Treenaks: killed evolution og dataserver, deleted addressbook catalogue, and restarted evolution
[04:21] <Treenaks> Simira: so now you have the empty Personal Address Book?
[04:21] <Simira> Treenaks: that the point, I haven't
[04:21] <Treenaks> strange!
[04:22] <Simira> yep
[04:32] <lamont> Kamion: you around?
[05:03] <mako> jdub: i just cribbed your attribution line.. well sort of (it's definitely jdub inspired)
[05:09] <sivang> anybody seen smurfix? 
[05:24] <pitti> Hi
[05:27] <Keybuk> moin
[05:41] <zul> hi pitti
[06:10] <Treenaks> coolness.. my gaim segfaults
[06:20] <mdz> pitti: I just slept for 14 hours; what's up? :-)
[06:27] <smurfix> sivang: yes
[06:28] <pitti> Hi mdz 
[06:28] <sivang> smurfix: regarding the webssite, do you have a nameserver we can use for the local domains?
[06:28] <pitti> mdz: oh, now back to life? :-) 14 hours sounds good
[06:28] <pitti> Keybuk: here?
[06:28] <sivang> smurfix: Or just use canonical's ? 
[06:29] <pitti> mdz: lots and lots of security updates today..
[06:29] <smurfix> sivang: I can set one up, no problem.
[06:29] <mdz> pitti: unfortunately this is not uncommon around this time of year
[06:30] <pitti> mdz: but I caught up pretty well; only a php issue and this mailman issue is left
[06:30] <pitti> mdz: why at this time? Why do people look for holes at Xmas? :-))
[06:30] <lamont> gnome-pilot ftbfs in debian. sigh.
[06:31] <pitti> $ LANG=C apt-get source xine-lib
[06:31] <pitti> Reading Package Lists... Done
[06:31] <pitti> Building Dependency Tree... Done
[06:31] <pitti> FATAL -> Failed to fork.
[06:31] <pitti> ^^^ What the hell...?
[06:35] <jdub> so
[06:35] <jdub> we totally need some way of marking (un)supported packages in apt and aptitude when just using the command line
[06:38] <Keybuk> coloured aptitude? :p
[06:39] <Keybuk> mvo: you can hide, but you can't run ... wait ... reverse that
[06:39] <mdz> pitti: kids with time off from school, I suppose
[06:40] <pitti> Keybuk: any idea about apt-get's fork failure?
[06:40] <Keybuk> sounds like you ran out of processes?!
[06:41] <sivang> pitti: what apt-get fork was supposed to do?
[06:41] <mdz>    pid_t Process = fork();
[06:41] <mdz>    if (Process < 0)
[06:41] <mdz>    {
[06:41] <mdz>       cerr << "FATAL -> Failed to fork." << endl;
[06:41] <Keybuk> that means fork() returned -1 doesn't it
[06:41] <Keybuk> that's kinda bad in UNIX terms
[06:41] <pitti> right
[06:41] <sivang> lack of mem? :)
[06:41] <pitti> I meant whether you have encountered this already
[06:41] <Keybuk> nope
[06:41] <mdz> I'll fix it to log a useful error in that case
[06:41] <mdz> but I suspect ulimit or similar
[06:41] <Keybuk> out of memory, resources, process handles, hit limits, etc.
[06:41] <pitti> hmm, I don't think it's a resource problem though
[06:42] <pitti> I can start other processes
[06:42] <jdub> Keybuk: back-of-an-envelope estimate of boot time savings if /bin/sh -> dash?
[06:42] <Keybuk> mdz: fork doesn't return useful errno ... mostly just EAGAIN
[06:42] <Keybuk> jdub: none, didn't help
[06:42] <Keybuk> (we tried it :p)
[06:42] <jdub> Keybuk: ta
[06:42] <pitti> Keybuk: I have five processes running on the machine and 140 MB of free memory
[06:42] <Keybuk> strace it?
[06:43] <Keybuk> please tell me strace is in -base
[06:45] <pitti> Keybuk: http://www.piware.de/apt-get.trace.txt
[06:45] <mdz> Keybuk: of course it is
[06:46] <pitti> Keybuk: this is my server and it does not run Ubuntu (yet...)
[06:46] <mdz> jdub: once bash is in memory, it pretty much stays
[06:46] <Keybuk> ENOMEM (Cannot allocate memory)
[06:46] <Keybuk> apt's probably eaten all of that 140MB
[06:47] <pitti> d'oh
[06:47] <Keybuk>        ENOMEM fork  failed to allocate the necessary kernel structures because
[06:47] <Keybuk>               memory is tight.
[06:48] <mdz> Keybuk: apt doesn't actually allocate a lot of kernel memory :-P
[06:48] <mdz> and fork uses a tiny amount anyway
[06:49] <mdz> pitti: what kernel is it running?
[06:49] <Treenaks> mdz: it just mmaps a lot :)
[06:49] <pitti> mdz: 2.6.9
[06:49] <Keybuk> uh, yeah ... fork returns EAGAIN if it's user memory that's short
[06:49] <pitti> mdz: however, I just saw that I don't have a swap
[06:49] <mdz> weird
[06:49] <Keybuk> how odd
[06:50] <pitti> btw, it works fine as root
[06:50] <mdz> ulimit
[06:50] <pitti> mdz: no, it isn't
[06:50] <pitti> btw, now it works again
[06:50] <pitti> magically
[06:50] <pitti> d'uh
[06:50] <pitti> thanks anyway
[06:51] <mdz> mvo: are you here?
[06:51] <mvo> mdz: yes
[06:52] <mdz> mvo: would it be a simple matter to move smartpm to python 2.4?
[06:52] <mvo> mdz: does it not work with python2.4? 
[06:52] <mdz> lamont: hmm?
[06:52] <mdz> Depends: python2.3, libc6 (>= 2.3.2.ds1-4), python2.3-pycurl, python2.3-gtk2, python2.3-pexpect
[06:52] <mdz> lamont: I just upgraded my desktop, which hadn't been touched really since before Mataro, and it was flawless
[06:52] <mvo> mdz: I'll port and upload a new version
[06:53] <mdz> mvo: thanks
[06:55] <lamont> mdz: gimp-data had errors (scrolled off the top), and left everything bust4ed
[06:55] <lamont>  python-genetic: Depends: python (< 2.4) but 2.4-0ubuntu4 is installed
[06:55] <lamont>   python-geoip: Depends: python (< 2.4) but 2.4-0ubuntu4 is installed
[06:55] <lamont>   python-glade2: Depends: python (< 2.4) but 2.4-0ubuntu4 is installed
[06:55] <mdz> there was a gimp/gimp-data upgrade in my session, and it worked for me
[06:55] <lamont> among many others...
[06:56] <lamont> yeah - no real clue why it was annoyed
[06:56] <mdz> lamont: your mirror is out of date
[06:56] <mdz> mizar:[~]  apt-cache show python-genetic | grep Depends
[06:56] <mdz> Depends: python (<< 2.5), python (>= 2.4)
[06:56] <lamont> yeah - the warty version is still installed
[06:57] <mdz> apt-get -f install didn't fix it?
[06:57] <lamont> and adds 'install warty and upgrade' to his list of tasks for the day
[06:57] <lamont> that's always scared the hell out of me.
[06:57] <lamont> so I never do apt-get -f ...
[06:57] <lamont> should I not be scared?
[06:57] <mdz> there is no need to fear
[06:58] <lamont> ok.
[06:59] <trulux> ajmitch_, PAM and coreutils updated SELinux code out the box
[06:59] <trulux> ;-)
[06:59] <trulux> work done
[07:10] <zul> dang i was doing that this morning
[07:11] <mdz> mvo: it looks like the file permissions are wrong in your apt--mvo--0 tree
[07:11] <mdz> I just merged from it and the permissions were reverted
[07:11] <mvo> mdz: which ones? of apt-key? or in po/ ?
[07:12] <mdz> mvo: po/
[07:13] <pitti> Keybuk: did you deliberately made -22 days of vacation? :-)
[07:15] <mvo> mdz: should be fixed in patch-10
[07:15] <mvo> mdz: sorry :/
[07:16] <mdz> mvo: no problem, I noticed before I committed
[07:16] <mdz> mvo: please check your other trees also
[07:23] <Kamion> lamont: pong?
[07:24] <mxpxpod> fabbione: ping
[07:24] <lamont> Kamion: I think I managed to answer my question...
[07:24] <lamont> which was: any known b0rkage with 12/22 daily CD's?
[07:25] <Kamion> http://cdimage.ubuntu.com/daily/20041222/report.html doesn't list anything
[07:25] <Kamion> anything else, not that I know of but it's always possible :)
[07:25] <lamont> cool - seems to be working on the G3, too.
[07:26] <Kamion> bonus
[07:32] <lamont> although I expect that X should actually _do_ something besides screen-blanking, eh?
[08:07] <lamont> hrmpf.  config-file questions from udev
[08:07] <lamont> and hal
[08:08] <pitti> lamont: oops? For which file (hal)?
[08:10] <lamont>  /etc/dbus-1/event.d/20hal
[08:10] <pitti> lamont: do you still have the old file?
[08:11] <lamont> and udev was /etc/udev/scripts/{ide,scsi}-devfs.sh and cdsymlinks.sh
[08:11] <lamont> probably
[08:11] <pitti> lamont: this is handled by /var/lib/dpkg/info/hal.preinst
[08:11] <pitti> lamont: part of the file renaming hal -> 20hal
[08:12] <pitti> lamont: I added an md5sum check into the preinst
[08:12] <pitti> lamont: if the md5sum does not match, you are asked
[08:13] <lamont> this is dpkg, not the preinst
[08:13] <pitti> lamont: I know
[08:13] <lamont> I never edited any of these files
[08:13] <pitti> lamont: but the preinst tries to avoid the dpkg question by removing the old file if it is unmodified
[08:14] <pitti> lamont: if you still have the old version, can you please give me the md5sum of it?
[08:14] <lamont> sure - waiting for the upgrade to finish
[08:14] <pitti> lamont: I only check for one md5sum right now, the version from the previous package
[08:14] <pitti> lamont: probably I have to add some more, for earlier versions of that file
[08:16] <lamont> ah, this is either warty-release, or shortly before that - pretty sure that the machine has warty-release, but it could be a shade older
[08:23] <pitti> lamont: I'm at preparing a new hal version anyway
[08:23] <pitti> lamont: so this is a good time to include this patch
[08:23] <lamont> ok
[08:24] <lamont> 6e417ba24c2b7d49006d5dbe82717f8d  /etc/dbus-1/event.d/20hal.dpkg-old
[08:24] <lamont> not sure what version taht was.
[08:25] <pitti> lamont: it does not really matter which version that was
[08:26] <lamont> pitti: ok
[08:26] <pitti> lamont: it is only importand that you are sure that you did not touch it
[08:26] <pitti> lamont: okay, I include this md5sum. Thanks
[08:26] <lamont> 99.999% sure - this is my daughter's machine, and I can't see why or when I would ever have needed to edit that file, since I have NFC what it is, even...
[08:27] <lamont> s/since/not just because/
[08:32] <lamont> interestingly, dist-upgrade didn't want to replace xf86 with xorg
[08:32] <lamont> xserver, that is.
[08:33] <lamont> Setting up xserver-xorg (6.8.1-1ubuntu8) ...
[08:33] <lamont> sh: gcc: command not found
[08:33] <lamont> dpkg-architecture: warning: Couldn't determine gcc system type, falling back to default (native compilation)
[08:33] <lamont> WTH??
[08:34] <pitti> lamont: uploaded new hal. Please beat me up if dpkg still asks next time
[08:34] <Mithrandir> it uses dpkg-architecture which uses gcc which is not installed
[08:34] <Mithrandir> lamont: just kill daniels
[08:34] <ogra> Mithrandir: either the pid or killall
[08:34] <ogra> :P
[08:35] <Mithrandir> ogra: not everything is an unix command
[08:35] <ogra> heh
[08:49] <seb128> Kamion: the http://cdimage.ubuntulinux.org/releases/hoary/array-2/ iso can resize a ntfs partition ?
[09:19] <Kamion> seb128: yes, should be able to
[09:20] <seb128> ok, thanks
[09:20] <Kamion> cd 1
[09:20] <Kamion> d'oh, EWIN
[09:21] <Kamion> anyway, either Array CD 1 or 2 should work for that
[09:22] <Kamion> probably should've gone in the announcement for 1
[09:22] <seb128> ok
[09:31] <RubenV> https://www.ubuntulinux.org/wiki/FrontPage/recentchanges
[09:31] <RubenV> I'm getting a UnicodeEncodeError here
[09:31] <RubenV> is this known?
[09:32] <Kamion> haven't seen anyone else mention it
[09:33] <RubenV> should i throw it into the bugzilla?
[09:34] <seb128> carlos had the same problem
[09:34] <seb128> non-ascii char in his name 
[09:34] <ogra> me too
[09:34] <RubenV> I get it also when i'm not logged in
[09:35] <RubenV> and my name is "ruben vermeersch"
[09:35] <seb128> hum, that's not that so
[09:35] <seb128> yep, seems to be broken
[09:35] <seb128> open a bug in bugzilla
[09:35] <RubenV> on my way
[09:37] <RubenV> added as #4948
[09:57] <sivang> seb128: have you noticed the app bar shwoing the app names all shrinked?
[09:57] <sivang> seb128: (the buttom panel)
[09:58] <sivang> seb128: and sometimes it's not showing apps at all 
[10:02] <seb128> half of the bug is http://bugzilla.ubuntu.com/show_bug.cgi?id=4918
[10:02] <seb128> second half is unknown
[10:02] <seb128> open a bug with a screnshoot and some details
[10:03] <sivang> seb128: ok, let's check this out :)
[10:04] <sivang> seb128: I don't need to create a screenshot, it's the same as here: https://bugzilla.ubuntu.com/attachment.cgi?id=924
[10:07] <Treenaks> seb128: what's the bug # for the weird panel/nautilus/gnome-vfs "hangs"
[10:08] <seb128> sivang: no, this bug is only about the small entries
[10:09] <sivang> seb128: ah ok :)
[10:09] <seb128> Treenaks: http://bugzilla.ubuntu.com/show_bug.cgi?id=4576
[10:09] <sivang> seb128: gottcha
[10:09] <seb128> sivang: nobody else complained about <sivang> seb128: and sometimes it's not showing apps at all 
[10:09] <sivang> seb128: yes, now I know what you mean - I'll add it
[10:10] <seb128> cool
[10:10] <seb128> you're using a dualhead setup ?
[10:10] <sivang> seb128: I used to on warty, why?
[10:10] <seb128> sivang: because dualhead a some issues
[10:11] <Treenaks> seb128: that bug has been fixed upstream?
[10:11] <seb128> ie: app should only be on one screen, etc
[10:11] <seb128> Treenaks: no
[10:11] <Treenaks> Status:   RESOLVED
[10:11] <Treenaks> Resolution:   FIXED
[10:11] <Treenaks> seb128: looks like it http://bugs.gnome.org/show_bug.cgi?id=160955
[10:11] <sivang> seb128: if I try to use it again, I'll ping you about this :)
[10:12] <seb128> Treenaks: I've not updated the forward that's all
[10:12] <seb128> Treenaks: http://bugzilla.gnome.org/show_bug.cgi?id=161997 upstream
[10:12] <Treenaks> seb128: ah
[10:13] <sivang> seb128: has people reporting this been using some switching tool or plain configured manually their xorg.conf ?
[10:13] <sivang> seb128: ie : nvtv etc
[10:13] <seb128> sivang: no idea. But there dualhead is kind of broken in hoary
[10:14] <seb128> for GNOME at leastr
[10:14] <seb128> -r
[10:16] <sivang> seb128: is there anything internal to gnome that allows for dualhead setups?
[10:18] <mdz> Kamion: around?
[10:18] <mdz> Kamion: wondering why ssh-agent is setgid ssh
[10:19] <mdz> ah, changelog says it's just for the side effects
[10:30] <Kamion> mdz: yes, to stop ptrace attacks, it drops its group privilege immediately and group ssh has no other privileges anyway
[10:31] <mdz> Kamion: I just noticed that ssh-agent doesn't seem to take any precautions against secrets being written to swap
[10:31] <lamont> Kamion: that's a kewl bit of hackery
[10:31] <mdz> Kamion: did it ever do so, or did I imagine it?
[10:31] <Kamion> mdz: I don't remember it being added or removed; what kind of precautions would it need to take?
[10:31] <mdz> Kamion: mlock
[10:32] <mdz> Kamion: under most unices, this requires root privileges, but with Linux >=2.6.9 it doesn't anymore
[10:33] <mdz> so I thought it would be nice to de-privilege-ify ssh-agent, which I genuinely believed was setuid root and used mlock
[10:33] <mdz> but I discovered that I apparently dreamed this
[10:33] <Kamion> guess that's why they didn't add it (how does Linux 2.6.9 prevent DoS attacks anyway?)
[10:33] <mdz> Kamion: it adds an rlimit for it
[10:33] <Kamion> aha
[10:33] <mdz> I think there is a better reason why it isn't implemented, though
[10:33] <mdz> in poking around the source, i found this in sshd.c:
[10:33] <mdz>  * structure. The idea is that this structure could be locked into memory so
[10:33] <mdz>  * that the pages do not get written into swap.  However, there are some
[10:33] <mdz>  * problems. The private key contains BIGNUMs, and we do not (in principle)
[10:33] <mdz>  * have access to the internals of them, and locking just the structure is
[10:33] <mdz>  * not very useful.  Currently, memory locking is not implemented.
[10:34] <Kamion> ach
[10:34] <Kamion> OpenBSD has encrypted swap support, which could also be why they're less bothered :)
[10:34] <mdz> is it impossible to read encrypted swap even with root privileges?
[10:35] <mdz> that sounds hard
[10:35] <Kamion> surely a root process can just ptrace ssh-agent
[10:35] <mdz> right, but the idea is that they shouldn't stay around after ssh-agent goes away
[10:37] <Kamion> sounds like you'd have to be able to invent arbitrary virtual->physical address mappings in order to retrieve stuff like that from swap at will
[10:37] <Kamion> I don't know what layer encrypted swap is implemented at in OpenBSD though
[10:38] <Kamion> http://www.usenix.org/publications/library/proceedings/sec2000/full_papers/provos/provos_html/
[10:39] <Kamion> ah, they use volatile encryption keys
[10:41] <Kamion> so even if you get the key out of kernel memory, there's an upper bound on the time for which it's useful
[10:58] <mdz> thom: dude, you stole my stopwatch
[10:58] <mdz> thom: I expect to see some major improvements in hoary's boot time to compensate me :-)
[11:04] <Kamion> it's incredibly annoying to watch everything being pulled from archive.ubuntu.com when I have a perfectly good local mirror
[11:06] <pitti> good night, guys and girls!
[11:06] <pitti> I wish you a happy Christmas
[11:06] <ogra> same to you pitto
[11:06] <Kamion> and USING ALL MY BANDWITH
[11:06] <Kamion> +D
[11:06] <ogra>  pitti
[11:06] <Kamion> night pitti :)
[11:10] <lamont> Kamion: I just added a rule at my firewall that blocks archive.ubuntu.com
[11:11] <lamont> Kamion: sounds like a simple preeseed to me, no?
[11:12] <Kamion> oh, there are any number of ways I could make it act differently, but I don't think defaulting to archive.ubuntu.com for a big download without asking is viable in the long term
[11:15] <lamont> Kamion: yeah, but asking increases the number of questions by something like 20%, no? :-)
[11:15] <lamont> the issue is that just because you _can_ reach archive.ubuntu.com doesn't mean that you _want_ to
[11:16] <lamont> it could check and then ask if you want to use it.  get all the info if you say no to 'direct to archive.ubuntu.com'
[11:16] <lamont> but you do have to get it past the 'no-questions' nazis
[11:16] <ogra> couldnt that get tied to the lang or TZ  selection ?
[11:17] <Kamion> lamont: I think the no-question-nazi bit is mostly for CDs
[11:17] <lamont> ah, this is netinst. doh.
[11:17] <Kamion> in fact I think the mirror question is *accidentally* not asked
[11:17] <lamont> ISTR that it was only asked if it couldn't instantiate a connection to archive.ubuntu.com:80
[11:17] <Kamion> ogra: would have to be country, and that could be used as a hint to select a default, but even then it's far from optimal
[11:17] <Kamion> lamont: that's base-config post-reboot; this is choose-mirror pre-reboot ...
[11:18] <Kamion> although I think choose-mirror may have some similar logic now that you mention it
[11:18] <lamont> ah
[11:18] <Kamion> ogra: anything that involves going out over my ADSL link is suboptimal :)
[11:18] <Kamion> lamont: no, I think you're right
[11:18] <ogra> Kamion: if you hide TZ papersize and mirror behind this one question ? 
[11:18] <Kamion> ogra: nah, still sucks for me. archive.ubuntu.com is my closest mirror
[11:18] <ogra> Kamion: ahh, ok
[11:18] <Kamion> or near enough, anyway
[11:19] <lamont> Kamion: while you're dinking with defaults... fix #4674, ktnxbye
[11:19] <Kamion> lamont: heh
[11:19] <lamont> hrm.. time to rev util-linux from upstream yet again, and then upload to ubuntu as well.
[11:20] <Kamion> ogra: for some questions you can seed sensible defaults but still have to ask (e.g. the default country is picked depending on your language, but you often still have to select the country); for others you can pick the answer automatically. It's not always easy to tell
[11:21] <Kamion> ogra: you might think that language and country is enough to figure out the keyboard layout automatically, and we tried that, but it got a lot of complaints ...
[11:21] <lamont> Kamion: 4674 just needs to have en_US* -> letter, I think...
[11:21] <lamont> Kamion: yeah - no where near enough for keyboard layout
[11:21] <Kamion> and for TZ and mirrors it's particularly hairy because you might be travelling
[11:21] <ogra> Kamion: norsk vs swedish .... i remember
[11:22] <Kamion> if I'd been doing an install in Mataro that I'd wanted to keep around, I'd have wanted to say English and United Kingdom but have TZ=Europe/Madrid and a mirror in Spain
[11:22] <lamont> Kamion: use the magic list that rosetta uses?
[11:23] <ogra> lamont: you are my hero, i am waiting for such a thing since years (#4674)
[11:23] <Kamion> lamont: geoip scares me
[11:24] <ogra> and i'm willing to help on that one after my screensaver stuff is done
[11:24] <Kamion> lamont: anyway, what was our IP in Mataro again? :-)
[11:24] <Kamion> 192.168.0.*, IIRC ...
[11:25] <lamont> Kamion: nah - peer IP as seen by the far end of a tcp/udp connection to 'findme.ubuntu.com' :-)
[11:25] <lamont> ogra: you in US?
[11:26] <Kamion> lamont: ick :)
[11:26] <ogra> lamont: nope, in DE but i suffered from letter as default for years now, i know how you feel with ubuntus a4 default ;)
[11:27] <lamont> ogra: yeah - I understand that A4 is the correct default in 99.9% of locations, and 60%+ of computers, but...
[11:27] <ogra> lamont: come on, you had 10 years of letter, now its our turn ;)
[11:28] <lamont> ogra: I just want it to pick based on locale, that's all.
[11:28] <lamont> and I think en_US* is all that should be letter, but I'm willing to be wrong on that...
[11:28] <ogra> lamont: yep, the right way imho
[11:29] <lamont> actually - it should query the default printer and see what size paper it has in it...
[11:29] <ogra> lamont: hmm, needs some gnome-print improvement i guess
[11:30] <lamont> but that would be, well, wrong.
[11:31] <ogra> heh, sure
[11:43] <Kamion> so, does python-minimal want to get Essential: yes in its control file?
[11:44] <Kamion> noting that, once we do that, changing its name EVER is *really hard*
[11:48] <calc> also once something is essential it no longer needs to be depended on, right?
[11:48] <calc> so it will have to be essential forever
[11:48] <Kamion> in practice that only really applies to the stuff that's been essential for ages, as you still have to support upgrades
[11:48] <Kamion> I think that's the plan in Ubuntu though
[11:49] <Kamion> and since it's an Order From On High I'm certainly not going to worry about that part of it
[11:51] <mxpxpod> is there a way to get the evolution gaim plugin?
[11:51] <calc> putting python stuff into the bootup?
[11:51] <Kamion> boot != Essential
[11:52] <Kamion> those two things are orthogonal
[11:52] <calc> true, but theres not a lot of other stuff that really needs to be essential other than boot related stuff
[11:52] <Kamion> no, essential is for the core packaging system
[11:52] <Kamion> the point of essential is that if you remove it then the packaging system won't work any more
[11:53] <calc> oh i thought essential was if you remove it the whole os stops working
[11:53] <Kamion> you ought to be able to boot far enough to run dpkg, sure, but that's a pretty lean requirement :)
[11:53] <Kamion> no, this seems to be a common misunderstanding
[11:53] <calc> of course python-minimal will need to be at least as high priority as anything using it
[11:53] <Kamion> (a) it's required (b) I'm not sure we care in Ubuntu :)
[11:54] <Kamion> policy or the packaging manual used to talk about what Essential was for, but I can't see the text I remember any more
[11:55] <calc> ok
[11:55] <Kamion> the text was something like "the package manager will not let you remove essential packages; if you do, then you might not be able to run dpkg to put them back"
[11:56] <calc> not sure why e2fsprogs is essential but everything else makes sense
[11:56] <calc> i guess its left over from when all debian supported was ext2
[11:57] <Kamion> e2fsprogs is a bit of an anomaly; it does have the generic fsck wrapper though
[11:57] <calc> oh
[11:57] <Kamion> I have a bug open about how to split it out smoothly, but it's quite difficult to do right without breaking in upgrade corner cases
[11:58] <calc> if essential is just for the package manager to run then looks like other things just need to be required as well
[11:59] <Kamion> mostly, yeah
[11:59] <calc> like eg login
[11:59] <Kamion> essential isn't even a closed set
[11:59] <Kamion> (under dependencies)
[11:59] <Kamion> it should always be a subset of required though
[11:59] <calc> yea