samba security update is broken and deliberately 403 [08:08] <_jm> They found a problem with it after it was pushed out, so marked it forbidden to stop people from downloading it [08:08] <pasic> ok:) thx [08:08] <pasic> what time about when accessible again? [08:09] <_jm> Likely when the problem is fixed, and a new version pushed out. [08:09] <pasic> LOL just seen up line :P [08:09] <pasic> ok, thx ... [08:53] <jjones> security.ubuntu.com repository files inaccessible.. who do we tell? [08:54] <jjones> files at http://security.ubuntu.com/ubuntu/pool/main/s/samba/ with "Last Modified" dates of 16-Nov-2007 have permissions set wrong [08:54] <lamont> jjones: see http://bugs.launchpad.net/bugs/163116 [08:54] <ubotu> Launchpad bug 163116 in samba "libsmbclient: upgrade fails with error 403" [Undecided,In progress] [08:54] * lamont sleeps [08:56] <jjones> ahhh.. wish I had spotted that on my own, thanks lamont. I'll pass the info along to others on Kubuntu IRC. [08:56] <lamont> jjones: generally speaking, if the file is 403, you _REALLY_ don't want it. it has been totally intentional both times I've seen it. [08:57] <lamont> (as in it's bad enough that it's better to have all these questions than to let people download it...) [09:02] <jjones> The kubuntu irc seems to be more aware of it now too.. 7 hours ago I got nothing. === lifeless_ is now known as lifeless [10:47] <mdke> mjg59: around by any chance? [10:58] * Hobbsee waves [11:01] <mdke> hi Hobbsee [11:17] <Kmos> * There's a session about how to properly read Stack traces in #ubuntu-classroom * === enrico_ is now known as enrico === \sh_away is now known as \sh [11:50] <\sh> moins [11:51] <\sh> slangasek, thx for taking care of xclass... === gouki_ is now known as gouki === nand`_ is now known as nand` [12:58] <jpatrick> doesn't the ubuntu font has accents? [12:58] <Chipzz> jpatrick: there is no such thing as the ubuntu font? [12:59] <jpatrick> ubuntu title font [12:59] <Chipzz> what on earth are you referring to? :P [13:00] <jpatrick> ttf-ubuntu-title [13:03] <Chipzz> heh === ogra__ is now known as ogra [13:04] <Chipzz> anyway, you could probably take a look using something like gucharmap or something [13:04] <Chipzz> although I believe it does substitution for missing characters [13:04] <Chipzz> wow [13:04] <Chipzz> that font does look pretty small [13:04] <Chipzz> Get:1 http://archive.ubuntu.com gutsy/universe ttf-ubuntu-title 0.1-1 [9858B] [13:05] <Chipzz> very much possible it in fact does not have accents [13:15] <ogra> it doesnt have accents .... [13:16] <ogra> it was done by an australian (who doesnt use accents) focused on the ubuntu string (which doesnt have accents either) [13:16] <ogra> feel free to submit patches for accents ;) [13:17] <Hobbsee> bah. who needs accents, anyway... </australian> [13:17] <jpatrick> ogra: and how could I do that? [13:17] <ogra> jpatrick, modify it, file a bug, attach a diff for the modifications you do to the source [13:24] <jpatrick> ogra: there appears to be a ttf-ubuntu at http://wiki.ubuntu.com/CatalanTeam/Grafisme with accents [13:24] <ogra> that should be included then === illovae[bis] is now known as lynette_scavo === lynette_scavo is now known as linette_scavo === linette_scavo is now known as illovae_ === Skiessl is now known as Skiessi === \sh is now known as \sh_away === ogra1 is now known as ogra [16:16] <ogra> jpatrick, hey, thanks :) [16:17] <jpatrick> ogra: don't mention it [16:18] <ogra> anything wrong ? [16:18] <jpatrick> nope [16:18] <ogra> :) [16:19] <jpatrick> just saying "bitte" :) [16:19] <ogra> ah :) gut [16:19] <ogra> hab ich falsch verstanden :) [17:46] <Skiessi> why nvidia-glx doesn't get updated to work with xserver-xorg-core? [17:47] <Skiessi> http://packages.debian.org/sid/nvidia-glx they have it already in debian :o [17:48] <Skiessi> or should I go talk about hardy in #ubuntu? [17:49] <Skiessi> oh they've restarted #ubuntu+1, I'll ask there === DrKranz is now known as DktrKranz [18:12] <cjwatson> slangasek: I haven't gone through all my notes yet, but I'm not sure we specified text [18:12] <cjwatson> I often tend to leave that up to the implementor in specs anyway ... [18:34] <kaleh> hello. how to set the path for a particular forlder, so as to run binaries from it? [18:34] <kaleh> do i have to use the setenv command? [18:37] <cjwatson> kaleh: please use #ubuntu or https://answers.launchpad.net/ubuntu [18:43] <kaleh> sure === cjwatson_ is now known as cjwatson [19:30] <IntuitiveNipple> cjwatson: Am I correct that you're a bit of an installer wiz? [19:31] <jdong> IntuitiveNipple: that's an understatement :) [19:32] <IntuitiveNipple> hehehe... just I have a quick question. I'm creating automated scripts to build Ubuntu User Mode Linux file systems and wondering if mkaing use of the installer logics might be a good way to go. Curerntly I'm doing deboostrap followed by a bunch of manual writes to various config files. [19:33] <Chipzz> IntuitiveNipple: depending on what you need to do you could also use debconf preseeding [19:33] <IntuitiveNipple> I was wondering if I could customize the server/alternate CD installer scripts or if that would be overkill! [19:34] <IntuitiveNipple> Chipzz: yeah, that's what I've been looking at. I'm trying to make it create an image that is identical to what the installers might create, to make prevent support issues because of differences in initial configuration [19:36] <cjwatson> IntuitiveNipple: it ought to be possible, although getting the right kernel in place could be a little tricky [19:37] <cjwatson> but you can do arbitrary stuff in preseed/late_command scripts, so ... [19:37] <cjwatson> an automated d-i install is certainly where I'd start [19:39] <IntuitiveNipple> I'm wanting to not put the kernel in, obviously. I just want to take it from the deboostrap packages point === jdong is now known as notjdong === notjdong is now known as jdong [19:40] <IntuitiveNipple> The UML kernel is a binary on the host, and once the script has built it, and deboostrap has run, it copies the kernel modules into place. [19:41] <IntuitiveNipple> OK, from what has been said it sounds like the way to go. [19:41] <cjwatson> IntuitiveNipple: try preseeding base-installer/kernel/image to 'none' for that, although you'll probably also have to go to a bit of effort to avoid installing a bootloader [19:41] <cjwatson> but it should all be possible [19:42] <cjwatson> (it's "debootstrap" BTW) [19:42] <IntuitiveNipple> lol... no it's 'spulling mistaks' [19:43] <jdong> deboostrap is used on Oct 31. === noobuntu is now known as moo_cow [20:40] <attunix> How do I make my own X Windowing System? [20:43] <Chipzz> attunix: 1) please read the topic; this question is off-topic here; 2) your question is poorly formulated (ambiguous) and 3) supposing you think X itself is crap and you want to write something from scratch; don't. You're most likely looking at the output of top, thinking "OMG X eats a lot of memory! That must be inefficient!" and be terribly wrong about it [20:45] <attunix> Chipzz: 1) I know this is not an application development room, and it is on-topic, since I would like to attempt to implement this on an Ubuntu system. 2) I'll try to restate my question 3) I don't want to redesign X. GNOME runs on X. KDE runs on X. I want a windowing system like those two (more examples: XFCE, blackbox, etc.) and not make my own x-like thing. [20:45] <attunix> I mean windowing manager === cjwatson_ is now known as cjwatson [20:46] <Chipzz> the fact that you want to implement it on an ubuntu topic still doesn't make your question on-topic ;) [20:46] <cjwatson> if you wanted to write your own window manager, you would need to start by reading the ICCCM specification [20:46] <Chipzz> s/ topic// [20:46] <attunix> ok [20:46] <cjwatson> but it is NOT for the faint of heart or for anyone who needs to ask questions along the way ... [20:46] * Chipzz agrees [20:47] <Mez> why is it so damned hard to find someone to sponsor a package to debian (It's not like it's even a new package, it's just an update to a current package that I've mainained for about a year now!) [20:48] <Chipzz> attunix: btw, are you sure you want to implement a wm, or do you want to implement a desktop environment? [20:48] <attunix> Chipzz: what's the difference? [20:49] <Chipzz> a wm just draws the borders around windows. a DE consists of a wm plus other things (like a file manager and a panel) [20:49] <attunix> Chipzz: a windowing manager. [20:49] <Chipzz> you could argue that both the file manager and the panel are optional, and use something like gdeskltes instead [20:49] <Chipzz> *gdesklets [20:50] <slangasek> Mez: because your package has "nonfree" in the name ;) [20:50] <Mez> slangasek, true ;) [20:50] <Chipzz> attunix: btw, there are already a lot of wm's out there; have you tried all of them? a good place to start would be freshmeat (let me look up the link for you) [20:51] <attunix> ok, thanks :) [20:51] <Chipzz> attunix: http://freshmeat.net/browse/56/ may be a good place to start [20:52] <Mez> slangasek, *sighs* why I decided to maintain rar I don't know [20:52] <Chipzz> 153 projects found :P [20:52] <Mithrandir> Mez: then give it away? [20:53] * Chipzz frowns; why does freshmeat consider cedega a wm? :P [20:53] <Mez> Mithrandir, I'm happy to do it, but not being a DD is a PITA [20:53] <Mez> cause finding sponsors is a Pain [20:54] * Nafallo looks back and forth on Mez and Mithrandir a couple of times [20:54] <Nafallo> seems hard ;-) [20:55] <Mithrandir> Nafallo: no, I'm not going to sponsor random packages in Debian. [20:55] <Nafallo> :-) [20:55] <Mez> Mithrandir, I was assuming that you wont sponsor unless you've worked with me from the start with it [20:55] <Mez> however, I've had 2 sponsors dissapear on me so far - so need a new one [20:56] <Mez> (infinity was one of them!) [20:56] <Mithrandir> Mez: in this case, it's more that I'm spending little enough time on Debian that pretending to be your sponsor isn't something I want to do. [20:57] <Mez> Mithrandir, It's no problem, I know that you have a lot of things to do... hence why I didn't ask [20:57] <Mez> I know quite a few DDs in here, but a lot of them are either too busy, dont want to sponsor a non-free package, or wouldnt go for something that they havent walked through from the start with [20:58] * Mithrandir nods. [20:58] <Mez> that's at least the reason why infinity stopped sponsoring me (the time issues) [20:59] <Mez> though it'd be nice if I could get NM sponsorship based on rar - make my life easier :D [20:59] <jdong> hmm can a driver evaluate bug #157867 for SRU? [20:59] <ubotu> Launchpad bug 157867 in pbuilder "pdebuild-internal broken when XSBC-Orig-Maintainer used because of faulty sed command" [Undecided,Fix released] https://launchpad.net/bugs/157867 [20:59] <jdong> the patch is trivial [20:59] <jdong> and the debdiff I attached to the bug is already in SRU-ish format [21:22] <gnomefreak> when the ubuntu installer asks to import settings that doesnt include bookmarks and such right? === \sh_away is now known as \sh === \sh is now known as \sh_away [22:15] <Viper550> just wondering, is it possible to make a text-based install which is as fast as the graphical install? [22:44] <LaserJock> Viper550: depending on the hardware that's already done :-) [22:45] <Viper550> I mean, using the different method the live CD uses, I know for a fact that it doesn't use debian-installer in the Live CD installer. [22:45] <LaserJock> yeah sure [22:45] <LaserJock> I was just teasing [22:45] <LaserJock> I had an old computer that I tried a LiveCD install on [22:45] <LaserJock> and it was slower than the Alt disk [22:46] <LaserJock> it's certainly possible to make a text-based installer use a squashfs system like the LiveCD does [22:46] <Viper550> yeah [22:47] <Viper550> They truly need to do that, debian-installer is slow. [22:47] <Viper550> Think I should blueprint that idea? [22:48] <wasabi> Eh. I like d-i [22:48] <wasabi> I really dislike the livecd method of installing. =) [22:48] <LaserJock> Viper550: I would think a blueprint has already be created to cover that [22:49] <wasabi> d-i can be done over the network, etc. [22:49] <wasabi> since it uses apt to retrieve packages [22:49] <Viper550> I mean, have it "emulate" the process and UI of the installer, but make it use the Squashfs style system [22:49] <wasabi> Yeah. Discard the best parts? Psssh. [22:50] <LaserJock> a quite common request is to have the LiveCD have an option that installs without booting into the live system first [22:50] <Viper550> that'll add ANOTHER CD to the batch, we'd have Live CD, Alternate installer, and then the "advanced installer" [22:50] <Viper550> also [22:50] <wasabi> I really like how it is now. [22:50] <wasabi> LiveCD for UIish desktop people, d-i for people who want something more low level/customizable. [22:50] <Viper550> On Sabayon, if you're wondering how they handle launching the installer without the full desktop, they just load the installer through Fluxbox. [22:51] <wasabi> I wouldn't mind having a d-i frontend that used X. [22:51] <wasabi> But I must have d-i. ;) [22:51] <Viper550> they do have a d-i frontend with X [22:52] <LaserJock> Viper550: I think people have thrown around the idea of going lighter than fluxbox [22:52] <Viper550> openbox? [22:52] <LaserJock> no WM at all [22:52] <wasabi> We have a d-i X frontend that WORKS? [22:52] <Viper550> yeah. [22:52] <wasabi> News to me. I remember that being the original idea. [22:52] <wasabi> But nobody ever finishing it [22:52] <Viper550> http://www.cyberciti.biz/tips/wp-content/uploads/2006/08/debian-testing-gui-installer-paritition-disks-2.png final version uses a Clearlooks theme though [22:53] <Viper550> It's not default on Etch though, you have to type "guiinstall" at the boot prompt to use it [22:53] <wasabi> Oh, neato. [22:53] <Viper550> I have been wanting Ubuntu to maybe add that though [22:54] <Viper550> http://alioth.debian.org/~fjp-guest/tmp/g-i_new_banner_progress.png here's another shot but with the theme [22:54] <wasabi> I really like d-i. There's some rough parts of it, sure... but I like how easy it is to customize. [22:54] <wasabi> I have in a few instances added my own content to it. [22:55] <wasabi> The hackyness involved in using debconf for complex UI layout sucks. [22:56] <Viper550> What I wanted was maybe a text-based d-i "clone", emulates it exactly (maybe even using debconf), but copies files instead of installing packages. [22:58] <wasabi> why? [22:58] <wasabi> instaling packages is little more than copying fies. [22:59] <wasabi> And any other overhead should actually just be fixable. [22:59] <Viper550> but with debian-installer, it's gotta go through this "complex ritual" of configuring them and all that too. [22:59] <wasabi> It's not done on the LiveCD because you can't boot into packages/ ANd with a full desktop you can't fit a package of everything. [22:59] <Viper550> compress it? [22:59] <wasabi> It's already out of psace. [22:59] <wasabi> Lots of packages have postinst scripts that do nothing. Thouse should be fixed. [23:00] <wasabi> Lots of them that do things repeatidly, we have dpkg triggers now [23:01] <wasabi> THere's the slight CPU overhead of decompressing the files. [23:01] <wasabi> BUt you do sort of have that with the LiveCD too, since it's squashed [23:02] <wasabi> Hmm. In fact, makes me wonder if it's really the case that the d-i shouldn't be possibly made FASTER than the LiveCD. Reading a single .deb from a CD is no doubt faster than reading thousands of files individual. [23:02] <wasabi> seeking on a CD is not good. [23:08] <luk__> s/guiinstall/installgui/ [23:09] <jdong> wasabi: the livecd is compressed way harder than .deb packages... [23:09] <jdong> AFAIK squashfs uses gzip level 9 basically [23:09] <wasabi> ahh [23:09] <wasabi> WHy can't data.tar.gz be done that way? [23:10] <jdong> the main overhead with ubiquity is that of the live environment to begin with [23:10] <jdong> unpackaging .debs definitely is more IO intensive than what ubiquity does. [23:10] <wasabi> Mind explaining how? [23:10] <jdong> there are still postinsts that do real work [23:10] <wasabi> Sure. [23:10] <jdong> while that would be "cached" on a liveinstall [23:10] <jdong> because the results of the postinst scripts would be saved essentially. [23:11] <wasabi> Of course. [23:11] <jdong> not to mention temp files are written, dpkg databases are written, dependencies are resolved, and so on in a dpkg based install [23:11] <wasabi> Heh. okay. ;) [23:11] <jdong> I don't think d-i can ever become faster than a copy-the-files based install method... it can probably get very close though

[00:07] Burgundavia: bahhh, leave me alone ;-) [00:16] cjwatson: cool, thanks. [00:29] keescook: In ubuntu-cve, what do you do about CVEs in universe packages at the moment? [00:29] Fujitsu: currently we just document them, and marked the "needs-triage" [00:30] (but this is why I want to changelog scanner running again -- the universe CVEs are getting out of date) [00:30] keescook: Do you attach package references to them? (sorry, still checking it out, X died on me a couple of times) [00:31] Fujitsu: yes, we assign the CVE to packages. [00:31] (the "new CVE" process is codified in the "check_cves" script in the root dir of the tree) [00:31] I would explore, but I fear the working copy in ~pitti is woefully out of date. [00:31] it basically display information about the CVE, and then prompts for package name, etc, then spawns and editor after populating the new CVE file [00:31] Aha. [00:32] Fujitsu: the bzr tree is okay, so a local "bzr branch" of it should be fine. [00:32] keescook: Right, I'm doing that now; it just takes a while. [00:32] true. The "README" in the root dir is good too. [00:32] (and -intel being really unstable and occasionally hard-locking at the moment doesn't help) [00:32] (let me go see if I can convince the working tree to update...) [00:33] A bzr up in ~pitti/bzr/ubuntu-cve should do it. [00:33] Hm, maybe a co. [00:33] If rookery even has a recent enough bzr, that is... [00:34] woo, it worked. [00:34] Aha, thanks. [00:36] if people want to start helping with the tracking, I'll likely move it to a bzr tree on LP [00:38] I'll definitely be going through it regularly and filing bugs for universe stuff, and hopefully getting some if it fixed. [00:39] Fujitsu: cool; one of the other script I was hoping to write was an auto-LP-bug-opener [00:42] keescook: That would be good. [00:42] Yay, checkout finished. [00:42] I figure it'd look up the CVE, check for the pkg, and if it's not there, open a new bug. with python-launchpad-bugs it should be pretty straight forward. [00:42] heh [00:45] keescook: I presume you would know this if anybody did: is there a way to apt-get source something like `sourcepackage/release'? [00:46] Fujitsu: if there is, I haven't found it. I tend to use sbuild+LVM and do the apt-get sources inside the chroots [00:46] schroot -c dapper "apt-get source ...." [00:46] Ah. [00:46] Yep. [00:50] keescook: DNE is for stuff that just isn't packaged, NOT FOR US is stuff that will never be? [00:51] Fujitsu: there is a bit of confusion there, but basically, yes. [00:52] jdstrand was making the distinction, but I haven't tended to. [00:52] NFU would be for totally alien things (cisco, microsoft, etc), DNE for random php CMSs, etc [00:52] I can see it might be useful at times. [00:52] Yep. [00:52] That's what I thought. [00:55] Fujitsu: I've updated the README a bit to clarify [00:56] (haven't pushed yet) [00:56] keescook: Thanks. [00:57] heya keescook ^^ [00:57] hi emgent ! [00:57] all good ? :) [00:58] emgent: I need another 10 hours a day. I'll have to move to Jupiter or something. :) [00:58] ehhehe [00:58] keescook: net connectivity will be very laggy from there. [00:59] lamont: Just a bit. [00:59] lamont: crap, good point. radiation I can deal with. latency, though.... no way. [01:00] keescook: Are we manually tracking things synced into Hardy at the moment? [01:00] Fujitsu: yeah, there's nothing automatic in the CVE tracker at this point. [01:00] keescook: someone was talking in church a few years back about "what's important" based on his getting a job offer to an island off the coast of south america. My singular question when he started the discussion (to myself, not out loud) was "How fat is the pipe???" [01:01] keescook: And autosyncs aren't logged anywhere. Joy. [01:01] lamont: hehe. when I was comparing climates when moving away from Chicago, "is there any technology?" was the first question after climate. Pago Pago was right out. :) [01:04] exactly [01:13] keescook: What's the correct status if a release already has the fix? (not in SECURITY, but RELEASE) [01:14] Fujitsu: if it's in hardy, it's the "devel" release, in which case I tend to mark things as "not-affected" if they were okay when I got there, or "release ($VERSION)" if I had to apply fixes [01:15] if it's an earlier release and the CVE is just out of date or wrong, I would mark it not-affected [01:15] * desrt allows google to convince him that "kees" is a valid nickname for people named cornelius [01:15] keescook: OK. (there's very little documentation on what the statuses are for...) [01:15] heh [01:16] Fujitsu: valid point, I can add a section for that. [01:16] desrt: even though neither google translate nor babelfish substantiates the claim that "kees" is a Dutch word for "horn"? :) [01:17] * keescook is confused now [01:17] * desrt too [01:17] keescook: Is the upstream_blah field meant to contain the fixed version? [01:18] Fujitsu: yeah, look in the retired/ tree for recent CVEs. [01:18] Good point. [01:18] keescook: by me, or by something security-ish? [01:19] slangasek: by you. where is the "horn" claim from? [01:20] keescook: one of the google hits I found when I was looking for it said that etymologically, "kees" is a nickname for "Cornelius" because it's a Dutch word meaning horn (where "cornelius" < Lat. CORNUS, horn (of an animal)) [01:21] but then I couldn't find anyone that agreed this is what "Kees" meant in Dutch :) [01:21] slangasek: bizarre. [01:22] google of "kees cornelius" shows all sorts of people with stuff in ()'s. :P [01:22] http://en.wikipedia.org/wiki/Dutch_name [01:23] yes, but all that proves is that you've compromised google. and wikipedia. [01:23] slangasek: *rofl* if only. [01:24] (is there a "blame" view in wikipedia?) [01:24] not AFAIK :) [01:25] sweet. then you'll never find n0tk33s's strategic edits! [01:25] Heh. [01:26] anybody here know how to get ObjC code to compile on 7.10? [01:26] i keep getting an error that cc1obj cant be found [01:28] BBHoss: Do you have gobjc package installed? [01:28] * Hobbsee waves [01:28] heya Hobbsee [01:28] lemme check [01:28] keescook! [01:29] apparently not :) [01:29] cool thank minghua [01:30] Fujitsu, kees: wrt NFU and DNE, I have basically said that NFU is for something that will/cannot be used in/on Ubuntu (eg Cisco IOS), but DNE is something that could actually run on Ubuntu (ie php apps), but isn't in the archive [01:30] but like kees said, it's really pretty loose and means the same thing in the end [01:30] jdstrand: That makes sense. [01:31] not-for-exist [01:32] jdstrand: I'm add a section on "status" [01:32] keescook: cool [01:34] Fujitsu, keescook: I have on my TODO list to somehow check upstream_pkg against devel, and warn if it looks like it is fixed in devel (kinda like we do with retired) [01:34] it'd slow things down though, so would likely need to be a separate script or option [01:35] (I haven't worked out much beyond getting it on my todo list ;) [01:35] jdstrand: ooh, yeah, that's another good way to find stuff. frequently the changelog for such things will just say "New upstream release" without mentioning CVEs. [01:36] * keescook adds a TODO file [01:36] jdstrand: That sounds good. [01:36] * jdstrand hopes keescook doesn't get too crazy with that TODO file [01:38] cjwatson: did we have specific text to include for the update-grub ucf template? this wasn't preserved in the gobby session [01:39] keescook: or maybe you remember? [01:39] slangasek: oh... did we specify something like that? [01:40] keescook: well, there was some reason we didn't want to use the standard ucf text, but perhaps the replacement text wasn't fully specified :) [01:40] slangasek: I don't think it came up, but since I'm not familiar with ucf, not everything made sense [01:43] keescook, do you have tomcat ? [01:43] emgent: "have", as in, installed? I don't, no. [01:43] uhm ok. np. [01:43] but there is tomcat5 and tomcat5.5 in the archive. [01:43] yes i saw [01:44] but i found bug in tomcat 6.0 [01:44] ah, cool. Yeah, that software has a lot of CVEs against it. [01:45] I think in earlier versions too. [01:45] it's a stupid XSS [01:46] I think the other CVEs are mostly XSS too: http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=tomcat [01:47] yes i'm in :P [01:49] oh it's old uhm.. [01:49] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2449 [01:49] Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the ';' character, as demonstrated by a URI containing a "snp/snoop.jsp;" sequence. (http://cve.mitre.org/cgi-bin/cvename.cgi? [01:50] poor tomcat :) [01:50] heh [02:08] Mez: unfortunately, only by name at the moment. [03:22] siretart: Under "Outstanding issues" on https://wiki.ubuntu.com/EncryptedFilesystems, would it make sense to have passphrase/key management available from multiple places? For instance, it relates to partitions, so you should be able to do it in GParted, but it's also a password/encryption key management task, so it would seem to also make sense to have stuff in Seahorse. [03:22] using glade, how do i resize a button or other control on the window 'form' ? [03:39] oh i guess I add panes to the window and place/resize controls in there? [03:40] * Hobbsee notes this is not a gtk help channel. [03:41] otay then.. where is it [03:42] and then.. how do you develop, what tools? Qt? [03:43] for the kde stuff, yes. [03:43] for the gnome stuff, it's gtk. [03:43] i can see the panes in this Konversation app [03:44] ok [03:47] gnome apps work on kde, can kde apps work on gnome? [03:47] sure [03:47] why wouldn't they? [03:47] works fine here. [03:51] flake: there are a number of gtk+ help channels on irc.gimp.org; among which #gtk+ and #pygtk === nemo_work is now known as nemo_home [05:48] where can I find out about the magical juice that makes Ubuntu JeOS good for VMWare appliances? [06:48] Hi all! === asac_ is now known as asac === pabspabspabs is now known as pabs3 === macd_ is now known as macd [08:03] <_jm> Anybody who could run a quick GTK+ test program for me real quick? I'm experiencing a very weird bug, but it's so severe I want to ensure it's not a problem with my system. [08:04] <_jm> For some reason, using the U+FF5E character causes many CJK characters to stop displaying in GTK+. C version at http://pastebin.ca/778083 , Python version at http://pastebin.ca/778084 [08:05] <_jm> Figured it was best to ask somebody to confirm this, rather than posting a bug and getting lots of "works for me". [08:06] hi guys [08:07] i tryed to access samba packages to upgrade/install but them cannot readable at security.ubuntu.comn [08:07] -n [08:07] is it normal, or mistake? [08:08] <_jm> samba security update is broken and deliberately 403 [08:08] <_jm> They found a problem with it after it was pushed out, so marked it forbidden to stop people from downloading it [08:08] <pasic> ok:) thx [08:08] <pasic> what time about when accessible again? [08:09] <_jm> Likely when the problem is fixed, and a new version pushed out. [08:09] <pasic> LOL just seen up line :P [08:09] <pasic> ok, thx ... [08:53] <jjones> security.ubuntu.com repository files inaccessible.. who do we tell? [08:54] <jjones> files at http://security.ubuntu.com/ubuntu/pool/main/s/samba/ with "Last Modified" dates of 16-Nov-2007 have permissions set wrong [08:54] <lamont> jjones: see http://bugs.launchpad.net/bugs/163116 [08:54] <ubotu> Launchpad bug 163116 in samba "libsmbclient: upgrade fails with error 403" [Undecided,In progress] [08:54] * lamont sleeps [08:56] <jjones> ahhh.. wish I had spotted that on my own, thanks lamont. I'll pass the info along to others on Kubuntu IRC. [08:56] <lamont> jjones: generally speaking, if the file is 403, you _REALLY_ don't want it. it has been totally intentional both times I've seen it. [08:57] <lamont> (as in it's bad enough that it's better to have all these questions than to let people download it...) [09:02] <jjones> The kubuntu irc seems to be more aware of it now too.. 7 hours ago I got nothing. === lifeless_ is now known as lifeless [10:47] <mdke> mjg59: around by any chance? [10:58] * Hobbsee waves [11:01] <mdke> hi Hobbsee [11:17] <Kmos> * There's a session about how to properly read Stack traces in #ubuntu-classroom * === enrico_ is now known as enrico === \sh_away is now known as \sh [11:50] <\sh> moins [11:51] <\sh> slangasek, thx for taking care of xclass... === gouki_ is now known as gouki === nand`_ is now known as nand` [12:58] <jpatrick> doesn't the ubuntu font has accents? [12:58] <Chipzz> jpatrick: there is no such thing as the ubuntu font? [12:59] <jpatrick> ubuntu title font [12:59] <Chipzz> what on earth are you referring to? :P [13:00] <jpatrick> ttf-ubuntu-title [13:03] <Chipzz> heh === ogra__ is now known as ogra [13:04] <Chipzz> anyway, you could probably take a look using something like gucharmap or something [13:04] <Chipzz> although I believe it does substitution for missing characters [13:04] <Chipzz> wow [13:04] <Chipzz> that font does look pretty small [13:04] <Chipzz> Get:1 http://archive.ubuntu.com gutsy/universe ttf-ubuntu-title 0.1-1 [9858B] [13:05] <Chipzz> very much possible it in fact does not have accents [13:15] <ogra> it doesnt have accents .... [13:16] <ogra> it was done by an australian (who doesnt use accents) focused on the ubuntu string (which doesnt have accents either) [13:16] <ogra> feel free to submit patches for accents ;) [13:17] <Hobbsee> bah. who needs accents, anyway... </australian> [13:17] <jpatrick> ogra: and how could I do that? [13:17] <ogra> jpatrick, modify it, file a bug, attach a diff for the modifications you do to the source [13:24] <jpatrick> ogra: there appears to be a ttf-ubuntu at http://wiki.ubuntu.com/CatalanTeam/Grafisme with accents [13:24] <ogra> that should be included then === illovae[bis] is now known as lynette_scavo === lynette_scavo is now known as linette_scavo === linette_scavo is now known as illovae_ === Skiessl is now known as Skiessi === \sh is now known as \sh_away === ogra1 is now known as ogra [16:16] <ogra> jpatrick, hey, thanks :) [16:17] <jpatrick> ogra: don't mention it [16:18] <ogra> anything wrong ? [16:18] <jpatrick> nope [16:18] <ogra> :) [16:19] <jpatrick> just saying "bitte" :) [16:19] <ogra> ah :) gut [16:19] <ogra> hab ich falsch verstanden :) [17:46] <Skiessi> why nvidia-glx doesn't get updated to work with xserver-xorg-core? [17:47] <Skiessi> http://packages.debian.org/sid/nvidia-glx they have it already in debian :o [17:48] <Skiessi> or should I go talk about hardy in #ubuntu? [17:49] <Skiessi> oh they've restarted #ubuntu+1, I'll ask there === DrKranz is now known as DktrKranz [18:12] <cjwatson> slangasek: I haven't gone through all my notes yet, but I'm not sure we specified text [18:12] <cjwatson> I often tend to leave that up to the implementor in specs anyway ... [18:34] <kaleh> hello. how to set the path for a particular forlder, so as to run binaries from it? [18:34] <kaleh> do i have to use the setenv command? [18:37] <cjwatson> kaleh: please use #ubuntu or https://answers.launchpad.net/ubuntu [18:43] <kaleh> sure === cjwatson_ is now known as cjwatson [19:30] <IntuitiveNipple> cjwatson: Am I correct that you're a bit of an installer wiz? [19:31] <jdong> IntuitiveNipple: that's an understatement :) [19:32] <IntuitiveNipple> hehehe... just I have a quick question. I'm creating automated scripts to build Ubuntu User Mode Linux file systems and wondering if mkaing use of the installer logics might be a good way to go. Curerntly I'm doing deboostrap followed by a bunch of manual writes to various config files. [19:33] <Chipzz> IntuitiveNipple: depending on what you need to do you could also use debconf preseeding [19:33] <IntuitiveNipple> I was wondering if I could customize the server/alternate CD installer scripts or if that would be overkill! [19:34] <IntuitiveNipple> Chipzz: yeah, that's what I've been looking at. I'm trying to make it create an image that is identical to what the installers might create, to make prevent support issues because of differences in initial configuration [19:36] <cjwatson> IntuitiveNipple: it ought to be possible, although getting the right kernel in place could be a little tricky [19:37] <cjwatson> but you can do arbitrary stuff in preseed/late_command scripts, so ... [19:37] <cjwatson> an automated d-i install is certainly where I'd start [19:39] <IntuitiveNipple> I'm wanting to not put the kernel in, obviously. I just want to take it from the deboostrap packages point === jdong is now known as notjdong === notjdong is now known as jdong [19:40] <IntuitiveNipple> The UML kernel is a binary on the host, and once the script has built it, and deboostrap has run, it copies the kernel modules into place. [19:41] <IntuitiveNipple> OK, from what has been said it sounds like the way to go. [19:41] <cjwatson> IntuitiveNipple: try preseeding base-installer/kernel/image to 'none' for that, although you'll probably also have to go to a bit of effort to avoid installing a bootloader [19:41] <cjwatson> but it should all be possible [19:42] <cjwatson> (it's "debootstrap" BTW) [19:42] <IntuitiveNipple> lol... no it's 'spulling mistaks' [19:43] <jdong> deboostrap is used on Oct 31. === noobuntu is now known as moo_cow [20:40] <attunix> How do I make my own X Windowing System? [20:43] <Chipzz> attunix: 1) please read the topic; this question is off-topic here; 2) your question is poorly formulated (ambiguous) and 3) supposing you think X itself is crap and you want to write something from scratch; don't. You're most likely looking at the output of top, thinking "OMG X eats a lot of memory! That must be inefficient!" and be terribly wrong about it [20:45] <attunix> Chipzz: 1) I know this is not an application development room, and it is on-topic, since I would like to attempt to implement this on an Ubuntu system. 2) I'll try to restate my question 3) I don't want to redesign X. GNOME runs on X. KDE runs on X. I want a windowing system like those two (more examples: XFCE, blackbox, etc.) and not make my own x-like thing. [20:45] <attunix> I mean windowing manager === cjwatson_ is now known as cjwatson [20:46] <Chipzz> the fact that you want to implement it on an ubuntu topic still doesn't make your question on-topic ;) [20:46] <cjwatson> if you wanted to write your own window manager, you would need to start by reading the ICCCM specification [20:46] <Chipzz> s/ topic// [20:46] <attunix> ok [20:46] <cjwatson> but it is NOT for the faint of heart or for anyone who needs to ask questions along the way ... [20:46] * Chipzz agrees [20:47] <Mez> why is it so damned hard to find someone to sponsor a package to debian (It's not like it's even a new package, it's just an update to a current package that I've mainained for about a year now!) [20:48] <Chipzz> attunix: btw, are you sure you want to implement a wm, or do you want to implement a desktop environment? [20:48] <attunix> Chipzz: what's the difference? [20:49] <Chipzz> a wm just draws the borders around windows. a DE consists of a wm plus other things (like a file manager and a panel) [20:49] <attunix> Chipzz: a windowing manager. [20:49] <Chipzz> you could argue that both the file manager and the panel are optional, and use something like gdeskltes instead [20:49] <Chipzz> *gdesklets [20:50] <slangasek> Mez: because your package has "nonfree" in the name ;) [20:50] <Mez> slangasek, true ;) [20:50] <Chipzz> attunix: btw, there are already a lot of wm's out there; have you tried all of them? a good place to start would be freshmeat (let me look up the link for you) [20:51] <attunix> ok, thanks :) [20:51] <Chipzz> attunix: http://freshmeat.net/browse/56/ may be a good place to start [20:52] <Mez> slangasek, *sighs* why I decided to maintain rar I don't know [20:52] <Chipzz> 153 projects found :P [20:52] <Mithrandir> Mez: then give it away? [20:53] * Chipzz frowns; why does freshmeat consider cedega a wm? :P [20:53] <Mez> Mithrandir, I'm happy to do it, but not being a DD is a PITA [20:53] <Mez> cause finding sponsors is a Pain [20:54] * Nafallo looks back and forth on Mez and Mithrandir a couple of times [20:54] <Nafallo> seems hard ;-) [20:55] <Mithrandir> Nafallo: no, I'm not going to sponsor random packages in Debian. [20:55] <Nafallo> :-) [20:55] <Mez> Mithrandir, I was assuming that you wont sponsor unless you've worked with me from the start with it [20:55] <Mez> however, I've had 2 sponsors dissapear on me so far - so need a new one [20:56] <Mez> (infinity was one of them!) [20:56] <Mithrandir> Mez: in this case, it's more that I'm spending little enough time on Debian that pretending to be your sponsor isn't something I want to do. [20:57] <Mez> Mithrandir, It's no problem, I know that you have a lot of things to do... hence why I didn't ask [20:57] <Mez> I know quite a few DDs in here, but a lot of them are either too busy, dont want to sponsor a non-free package, or wouldnt go for something that they havent walked through from the start with [20:58] * Mithrandir nods. [20:58] <Mez> that's at least the reason why infinity stopped sponsoring me (the time issues) [20:59] <Mez> though it'd be nice if I could get NM sponsorship based on rar - make my life easier :D [20:59] <jdong> hmm can a driver evaluate bug #157867 for SRU? [20:59] <ubotu> Launchpad bug 157867 in pbuilder "pdebuild-internal broken when XSBC-Orig-Maintainer used because of faulty sed command" [Undecided,Fix released] https://launchpad.net/bugs/157867 [20:59] <jdong> the patch is trivial [20:59] <jdong> and the debdiff I attached to the bug is already in SRU-ish format [21:22] <gnomefreak> when the ubuntu installer asks to import settings that doesnt include bookmarks and such right? === \sh_away is now known as \sh === \sh is now known as \sh_away [22:15] <Viper550> just wondering, is it possible to make a text-based install which is as fast as the graphical install? [22:44] <LaserJock> Viper550: depending on the hardware that's already done :-) [22:45] <Viper550> I mean, using the different method the live CD uses, I know for a fact that it doesn't use debian-installer in the Live CD installer. [22:45] <LaserJock> yeah sure [22:45] <LaserJock> I was just teasing [22:45] <LaserJock> I had an old computer that I tried a LiveCD install on [22:45] <LaserJock> and it was slower than the Alt disk [22:46] <LaserJock> it's certainly possible to make a text-based installer use a squashfs system like the LiveCD does [22:46] <Viper550> yeah [22:47] <Viper550> They truly need to do that, debian-installer is slow. [22:47] <Viper550> Think I should blueprint that idea? [22:48] <wasabi> Eh. I like d-i [22:48] <wasabi> I really dislike the livecd method of installing. =) [22:48] <LaserJock> Viper550: I would think a blueprint has already be created to cover that [22:49] <wasabi> d-i can be done over the network, etc. [22:49] <wasabi> since it uses apt to retrieve packages [22:49] <Viper550> I mean, have it "emulate" the process and UI of the installer, but make it use the Squashfs style system [22:49] <wasabi> Yeah. Discard the best parts? Psssh. [22:50] <LaserJock> a quite common request is to have the LiveCD have an option that installs without booting into the live system first [22:50] <Viper550> that'll add ANOTHER CD to the batch, we'd have Live CD, Alternate installer, and then the "advanced installer" [22:50] <Viper550> also [22:50] <wasabi> I really like how it is now. [22:50] <wasabi> LiveCD for UIish desktop people, d-i for people who want something more low level/customizable. [22:50] <Viper550> On Sabayon, if you're wondering how they handle launching the installer without the full desktop, they just load the installer through Fluxbox. [22:51] <wasabi> I wouldn't mind having a d-i frontend that used X. [22:51] <wasabi> But I must have d-i. ;) [22:51] <Viper550> they do have a d-i frontend with X [22:52] <LaserJock> Viper550: I think people have thrown around the idea of going lighter than fluxbox [22:52] <Viper550> openbox? [22:52] <LaserJock> no WM at all [22:52] <wasabi> We have a d-i X frontend that WORKS? [22:52] <Viper550> yeah. [22:52] <wasabi> News to me. I remember that being the original idea. [22:52] <wasabi> But nobody ever finishing it [22:52] <Viper550> http://www.cyberciti.biz/tips/wp-content/uploads/2006/08/debian-testing-gui-installer-paritition-disks-2.png final version uses a Clearlooks theme though [22:53] <Viper550> It's not default on Etch though, you have to type "guiinstall" at the boot prompt to use it [22:53] <wasabi> Oh, neato. [22:53] <Viper550> I have been wanting Ubuntu to maybe add that though [22:54] <Viper550> http://alioth.debian.org/~fjp-guest/tmp/g-i_new_banner_progress.png here's another shot but with the theme [22:54] <wasabi> I really like d-i. There's some rough parts of it, sure... but I like how easy it is to customize. [22:54] <wasabi> I have in a few instances added my own content to it. [22:55] <wasabi> The hackyness involved in using debconf for complex UI layout sucks. [22:56] <Viper550> What I wanted was maybe a text-based d-i "clone", emulates it exactly (maybe even using debconf), but copies files instead of installing packages. [22:58] <wasabi> why? [22:58] <wasabi> instaling packages is little more than copying fies. [22:59] <wasabi> And any other overhead should actually just be fixable. [22:59] <Viper550> but with debian-installer, it's gotta go through this "complex ritual" of configuring them and all that too. [22:59] <wasabi> It's not done on the LiveCD because you can't boot into packages/ ANd with a full desktop you can't fit a package of everything. [22:59] <Viper550> compress it? [22:59] <wasabi> It's already out of psace. [22:59] <wasabi> Lots of packages have postinst scripts that do nothing. Thouse should be fixed. [23:00] <wasabi> Lots of them that do things repeatidly, we have dpkg triggers now [23:01] <wasabi> THere's the slight CPU overhead of decompressing the files. [23:01] <wasabi> BUt you do sort of have that with the LiveCD too, since it's squashed [23:02] <wasabi> Hmm. In fact, makes me wonder if it's really the case that the d-i shouldn't be possibly made FASTER than the LiveCD. Reading a single .deb from a CD is no doubt faster than reading thousands of files individual. [23:02] <wasabi> seeking on a CD is not good. [23:08] <luk__> s/guiinstall/installgui/ [23:09] <jdong> wasabi: the livecd is compressed way harder than .deb packages... [23:09] <jdong> AFAIK squashfs uses gzip level 9 basically [23:09] <wasabi> ahh [23:09] <wasabi> WHy can't data.tar.gz be done that way? [23:10] <jdong> the main overhead with ubiquity is that of the live environment to begin with [23:10] <jdong> unpackaging .debs definitely is more IO intensive than what ubiquity does. [23:10] <wasabi> Mind explaining how? [23:10] <jdong> there are still postinsts that do real work [23:10] <wasabi> Sure. [23:10] <jdong> while that would be "cached" on a liveinstall [23:10] <jdong> because the results of the postinst scripts would be saved essentially. [23:11] <wasabi> Of course. [23:11] <jdong> not to mention temp files are written, dpkg databases are written, dependencies are resolved, and so on in a dpkg based install [23:11] <wasabi> Heh. okay. ;) [23:11] <jdong> I don't think d-i can ever become faster than a copy-the-files based install method... it can probably get very close though