/srv/irclogs.ubuntu.com/2009/01/20/#ubuntu-classroom.txt

=== asac_ is now known as asac
Ape3000Thank you15:52
Bodomhiho15:53
Ape3000Nah.. Maybe it's better if random users can't spam here?15:53
Bodomdo you mean me?15:53
intellectronicahi Bodom15:53
Ape3000I mean generally15:53
Ape3000The users should use the #ubuntu-classroom-chat, so why do they have to have voice in here?15:53
dholbachApe3000: no worries, it'll quieten down soon15:55
a7pApe3000: for the sake of volantary disciplin15:55
a7pworks astonishingly well ;)15:55
MyrttiApe3000: the channel will be most probably set +m soon15:55
Ape3000There is good sides with -m, too15:55
dholbachit worked fine without it yesterday15:56
dholbachand the other developer weeks before :)15:56
Ape3000Yeah..15:56
Ape3000We can do: /me applauses15:56
dholbach:)15:56
dholbachOK my friends... who's here for Day 2 of the Week of Awesome?15:57
dholbachWho's excited? :-)15:57
zerwasme :D15:57
Chris`Me :o15:57
MarkoKaao/15:57
Chris`รถ15:57
dholbachis that everybody? or is the rest of the 172 people in here so shy? :-)15:58
dholbachWelcome everybody to Day 2 of the Ubuntu Developer Week15:58
Ape3000intellectronica?15:58
intellectronicai'm not shy ;)15:58
cool2kyeah!!!!!15:58
dholbachThe schedule is up here https://wiki.ubuntu.com/UbuntuDeveloperWeek15:58
Riddellwoo15:58
sianisdate -u15:58
sianisuse it :P15:59
dholbachand we have Tom Berger, Mr intellectronica here who will talk to us about "Launchpad Bug Tracking"15:59
pedro_rock and roll!15:59
dholbachif you have questions, PLEASE ASK15:59
dholbachbut PLEASE ask in #ubuntu-classroom-chat15:59
dholbachand prefix your questions with   QUESTION:15:59
dholbachie. QUESTION: Tom, what is your favourite colour?15:59
dholbachALRIGHT15:59
intellectronicahi everone15:59
dholbachhave a great Day 2 everybody, hope you enjoy it!15:59
dholbachintellectronica: the stage is yours :-)16:00
intellectronicathanks dholbach. hugs aplenty16:00
dholbach:-)16:00
intellectronicaso, we gathered here today to celebrate an historic event :)16:00
intellectronicathanks to everyone who joined despite the obvious competition16:00
intellectronicai'd like to introduce you to, and mainly answer your questions about, Malone, the Launchpad bug tracker16:01
intellectronica(which I am taking part in developing)16:01
intellectronicaand which is the bug tracker ubuntu uses16:01
intellectronicai haven't prepared much in advance, since i don't know what's the level of familiarity you guys already have with LP16:02
slavikhow does it compare with bugzilla from the administration and setting up side?16:02
intellectronicaso let's start with a survey (you can answer here). on a scale of 1-10, how familiar are you guys with Malone16:02
intellectronica?16:02
slavik0 :(16:02
Chris`116:02
addc182016:02
schmiedc116:02
Ape3000716:02
creek23116:03
Riddell816:03
ccm5 i guess16:03
zerwas116:03
sianis516:03
porthose016:03
cool2k116:03
thekorn7.9916:03
dholbach816:03
theseas016:03
toobuntu_016:03
intellectronicathekorn: give me a break, you're more like 11 :)16:03
TheEnd2012016:03
slavikintellectronica: you're 11, we're all lowly -1 :(16:04
thekornintellectronica, hehe ;)16:04
intellectronicaslavik: the obvious difference is that Launchpad is a hosted service. there's no set up at all for the users16:04
intellectronicaunlike bugzilla, which you have to install on a server and administrate, launchpad runs off launchpad.net and the launchpad team takes care to maintain it16:05
intellectronicaso the only setup procedure you might have, is registering a new project you might want to track. that's quite simple to do16:05
intellectronicaand for your use of LP as a bug tracker for ubuntu, there's absolutely no setup you need to do. just create an account and start messing with bugs16:06
slavikintellectronica: I see. Can Launchpad authenticate against LDAP/AD?16:06
dholbachslavik: can you please ask questions in #ubuntu-classroom-chat?16:07
Chris`slavik: Just a note, we've been asked to prefix our questions in #ubuntu-classroom-chat with "QUESTION: Question to person?" there16:07
intellectronicaslavik: no. launchpad provides its own authentication system, which can also be used as an Open ID provider, and is widely used across the ubuntu landscape16:07
intellectronicaApe3000 is asking whether LP is available for private installations. the answer not yet. LP will become free software this summer, at which point you'll be able to install it anywhere (and modify it and help developing it)16:08
=== hggdh|away is now known as hggdh
intellectronicabut we very strongly believe that a lot of the value you get from Launchpad comes from it being a central hub in the middle of the free software ecosystem16:08
intellectronicathe ability to track and and connect bugs from ubuntu, as well as many other projects, using the same site, makes launchpad.net a very powerful tool16:09
intellectronicaone example of that, which we will look at shortly, is the ability to connect bugs in ubuntu to bugs upstream projects16:09
intellectronicaslavik asks what tools and languages are used for the development of LP16:10
intellectronicaLP is written in Python and uses Zope3 as its main web framework, Postgres as a database, Storm (the canonical-developed ORM) as a data layer and lots of other goodies16:11
intellectronicayou can also access launchpad using a public web service API which uses the REST protocol, from any language. we provide a python library which helps you use that service (more about that later today, when Leonard Richardson will present the API and library right here)16:12
intellectronicaand yes, Launchpad, obviously, runs on Ubuntu :)16:13
intellectronicalet's get on with some action!16:13
intellectronicahttps://bugs.launchpad.net/ubuntu is the top level page in LP for ubuntu bugs16:14
intellectronicait gives you an overview, and allows you to run simple searches for bugs16:14
intellectronicafor example, just type some (plausible) text into the text box and hit [Search] to get a bug listing16:15
intellectronicafor all the following examples i will use staging.launchpad.net16:16
intellectronicastaging.launchpad.net is a server we keep for testing and experimenting with LP. it has a copy of the launchpad database that is being restored daily16:17
intellectronicaIMPORTANT: please use the staging for trying out anything that changes the data (like creating new bugs, adding bogus comments, etc)16:17
intellectronicathat way you'll know that you can experiment freely without polluting LP itself with bad data16:17
intellectronicalikewise, remember that any changes you make on the staging server will be wiped out. do not use it for real work16:18
intellectronicaChris` is asking whether data from staging will be wiped out after posting. the answer is yes - it is being wiped out daily, so you've got anything from a few minutes to whole day to still work with this data16:19
intellectronicaso, you all see what a bug listing in LP looks like16:20
intellectronicayou can choose a new sort order and search again16:21
intellectronicaor, if you need a more complex search, you can click _Advanced search_16:21
intellectronicalet's do just that16:21
intellectronicai'm looking at https://bugs.launchpad.net/ubuntu/+bugs?advanced=116:22
intellectronicathe status and importance sections are obvious, i think. they will select any _inclusive_ combination of the values you tick16:23
intellectronicathe people section allows you to select bugs that are related to certain people. for example, you might want to look only at bugs reported by someone, or assigned to someone, and so on16:24
intellectronicausing the series and component section, you can filter so that only bugs specific to a series or a component within the distribution are selected. this is particularly relevant to you folks working with ubuntu, because as you might have noticed, dealing with all the bugs for ubuntu is pretty much impossible16:25
intellectronicathe upstream status section is very useful when you try to get bugs found in ubuntu and see how they are connected to the upstream projects where they originated16:26
intellectronicathis is, i think an especially important concept, so let's try and talk about it a bit more16:27
intellectronicamany bugs that are found it ubuntu, are actually bugs that originated in some upstream project which is being distributed as part of ubuntu16:28
intellectronicareporting it in ubuntu itself is a great first step, but it's usually not enough. we have to make sure that the upstream project knows about it, if we hope to get it fixed one day16:28
intellectronicaany questions so far?16:29
intellectronicaChris` is asking what is edge.launchpad.net and how it differs from staging16:30
intellectronicaedge is a launchpad server which uses the _real_ data, just like launchpad.net16:31
intellectronicait is available to LP beta testers (which you are all very welcome to join - it's fun and gives you an opportunity to help and influence LP development)16:31
intellectronicalaunchpad is released monthly with new features and bug fixes to launchpad.net16:32
intellectronicaon edge, these changes are released as soon as they are available16:32
intellectronicaso, you can 'live on the edge' and use a constantly changing version of launchpad - giving you a chance to test (and comment on) the latest features, or you can use launchpad.net and get a very stable version that gets updated once a month16:33
intellectronicashankhs is asking whether it is the responsibility of upstream devs to look for bugs in ubuntu that may be related to their project, or the responsibility of ubuntu devs16:34
intellectronicathe answer is that the relationship is collaborative, and anyone can deal with this, but you must remember that upstream devs have many things to deal with, and many other distributions. we can't expect them to always follow ubuntu16:35
intellectronicawhich is why we try to make it very easy for people to forward bugs upstream16:35
intellectronicalet's look at https://bugs.staging.launchpad.net/ubuntu/+source/pidgin/+bug/16270116:36
ubot5Launchpad bug 162701 in pidgin "pidgin freezes while typing a message" [High,Triaged]16:36
intellectronicanotice anything special about this bug?16:37
intellectronicathis bug might look like it's affecting two packages, but that isn't really the case16:38
intellectronicawe can see that it's affected the pidgin package in ubuntu16:38
intellectronicabut above it, we see that it also affects PulseAudio, which is an upstream project, not part of ubuntu16:38
intellectronicathis is a good example of how LP can represent the link between ubuntu and upstream projects16:39
intellectronicaif you click the _Also affectes project_ link, you can mark a bug as affecting other projects16:40
intellectronicacome on, give it a try (on STAGING)16:40
intellectronicaif you clicked, you can see that the pidgin package is already associated with the pidgin upstream project. we sometimes know this in advance, which can help you16:41
intellectronicait also tells you that pidgin tracks its bug outside of launchpad, using Trac, and gives you the url to the trac server it uses16:42
intellectronicaif you manage to find a relevant bug in trac, you can paste the url into the first box - launchpad will follow that bug on your behalf and update the status16:43
intellectronicalaunchpad can do this for many bug trackers: Trac, Bugzilla, Sourceforge (and some of its derivatives), Roundup, etc'...16:43
intellectronicafor Trac and Bugzilla, we provide a plug in which makes the communication with Launchpad especially efficient, and allows the bug trackers to exchange comments too (but it's the responsibility of the upstream project to install that plugin)16:44
intellectronicaah, i can see that many of you experimented with creating new tasks for that bug, linking it to other projects, distros and packages. you guys are quick learners! :)16:45
intellectronicaif you click the status of one of the lines that show the bug reported in an upstream project, you'll see that it's different from normal launchpad bugs16:46
intellectronicathat's the stuff pertaining to bug watches, the mechanism LP uses for tracking bugs in external bug trackers16:47
intellectronicashall we quickly look at reporting a bug? we're rapidly running out of time, so in parallel, please go ahead and ask questions if you have any16:48
intellectronicai'm looking at https://bugs.staging.launchpad.net/ubuntu/+filebug16:49
intellectronicathis is the start of the bug filing process, but it's way too general. it is very rare that you'll want to file a bug about ubuntu as a whole. it's almost always the case that a specific package would be more appropriate16:49
intellectronicayou can always start from something like https://bugs.staging.launchpad.net/ubuntu/+source/pidgin/+filebug and report the bug directly on the package16:51
intellectronicanotice how slow the staging server is, b.t.w :)   obviously, it doesn't have the same amount of resources as the real launchpad servers16:52
intellectronicaafter i enter a bug description, LP tries to find similar bug descriptions, so that i don't unnecessarily report a bug that's already reported16:53
intellectronicaif i don't identify the bug in the list of similar bugs, i can click 'No, i'd lke to report a new bug' and the details are shown16:53
intellectronicafirst, we're asked in what package the bug was found. it is really important to try and find out. otherwise, the ubuntu qa and development teams will have a very hard time dealing with it16:54
intellectronicayou can also look at the instructions at the bottom of the page for what to do and not to do16:55
intellectronicayou can include an attachment - perhaps some data for helping diagnose the problem16:56
intellectronicaif you suspect that the bug is a security vulnerability, it's important that you indicate that using the checkbox. the bug will become private until further notice and will be treated more urgently in many cases16:57
intellectronicaongolaBoy is asking about the different bug statuses16:57
intellectronicaNew: the bug has just been reported16:57
intellectronicaIncomplete: more information is needed for people to be able to work on the bug. the reporter, or other people, should add more information in comments16:58
intellectronicaInvalid: actually, this bug isn't relevant, or is not really a bug. you can ignore it16:58
intellectronicaWon't Fix: this bug will not be fixed. maybe it's impossible to fix it...16:59
intellectronicaConfirmed: not used by ubuntu, but in some other projects it means that someone managed to reproduce the bug16:59
intellectronicaTriaged: the relevant team has looked at the bug and decided what to do with it, what importance to give it, etc17:00
intellectronicaIn Progress: the bug is being worked on17:00
intellectronicaFix Commited: the fix is ready and commited to the source tree17:00
intellectronicaFix released: the latest version of the software no longer has the bug17:00
intellectronicai see that we're running out of time. of course, i managed to cover about 10% of what i wanted to :-/17:01
intellectronicabut let's take more questions before i'm being kicked out17:01
intellectronicaand of course, i hang out in #launchpad all the time, and you are all very welcome to drop by, ask me or any of the other devs questions and enjoy the view17:02
intellectronicaApe3000 is asking what my favourite colour. black, at least for today17:03
intellectronicashankhs: is asking about patches and fixing bugs17:03
intellectronicawhen you upload an attachment to launchpad, you can mark it as a patch17:04
intellectronicait is later easy to search for patches (you may have noticed it in the bug search form)17:04
intellectronicaif a project uses launchpad for code hosting, you can use bazaar for making fixes, which is really cool. there's a session on that later this week17:05
intellectronicaoright, i think it's time for ara to start her show17:05
intellectronicathanks everyone, and please, do feel free to continue asking questions on #launchpad17:06
intellectronica--------------------------------------------17:06
dholbachnext up is Ara Pulido who will talk about QA Tools!17:07
dholbachlet's hear a round of applause! :)17:07
Arc*cheers*17:07
Bodom*applause*17:07
kranichTheII*applause*17:07
jpds\o/ ara \o/17:07
B_a_l_a_k*applause*17:07
theseas*applause*17:08
porthose*applause*17:08
araok, enough, I am not Madonna17:08
araThanks all for coming and the warm welcome ;-)17:08
araQuestions in #ubuntu-classroom-chat, please17:09
araMy name is Ara and I am part of the Ubuntu QA Team (https://wiki.ubuntu.com/QATeam/)17:09
ara Do you guys know what are the duties of the QA team?17:09
kranichTheIIQuality Assurance ?17:09
Arcmaking sure the devs don't seriously break something for every Ubuntu user with an update17:10
arayes, yes, it is Quality Assurance, and yes we have to try to make sure that devs don't break many things (something always break...)17:11
araBut the two most important duties are Triaging (https://wiki.ubuntu.com/BugSquad) and Testing (https://wiki.ubuntu.com/Testing).17:11
aratriaging bugs is about making bugs report better, or ask for more information, or provide better information, etc. so the devs can start working on them17:12
araand testing gives a try to Ubuntu before it reaches the wider public17:12
araboth the buqsquad team, and the testing team are open to new contributors ;-)17:13
araTo perform our daily activities we have a set of tools to make the process easier and automate some of these tasks.17:13
araTo be able to try some of the tools that I am going to present, you will need to have installed 'bzr' in your computers. If you don't have it, you can install it easly:17:14
ara$ sudo apt-get install bzr17:15
araall set?17:15
kranichTheIIjup17:15
araLet's start grabbing the LP project (https://code.edge.launchpad.net/ubuntu-qa-tools) that contains several QA tools.17:15
arashankhs: complains that bzr doesnt support proxy and aythentication ... :(17:16
arashankhs: I am not a bzr expert, but I am sure there must be some workaround there17:17
araThe trunk is the branch that it is better maintained, get the source using bzr:17:17
ara$ bzr branch lp:ubuntu-qa-tools17:17
araThe first set of scripts that we are going to visit are those that parse the bug mailing list. Those scripts are available in the newly created folder ./ubuntu-qa-tools/bug-mailinglist/17:18
araall of these scripts are python scripts. be sure to have python on your machines17:18
araThe mailing list that receive every bugmail generated in Ubuntu has a copy at http://people.ubuntu.com/~listarchive/ubuntu-bugs/17:19
araTo use the bug-mailinglist scripts you have to grab a copy of one of the available archives and save it locally.17:20
arathis files are too big, for testing purposes you can just trim one of them17:20
araThe first script, triager-query.py queries the mailing list archive for actions performed by a specific bug triager.17:20
araactions like "add tag", "set as incomplete", "set as triaged", etc17:21
arasyntax go as17:21
arapython triager-query.py [email] [file]17:21
araexample:17:22
arapython triager-query.py sinzui.is@verizon.net ../test_bugs_mailing_list.txt17:22
araFrom sinzui.is@verizon.net: 117:22
arasinzui.is@verizon.net triaged: 117:22
arathis is the output of a trim of the January archive17:22
arawhy this information is useful?17:22
araAs you might know, triagers in Ubuntu are divided in two teams. The bug-squad team is open to anyone, but to enter the bug-control team you have to be an experienced triager17:23
arabecause bug-control members have access to potentially sensitive data17:23
araIf you're part of the bug-control team, one of your duties is to review new membership applications to the team17:24
aracount-senders.py parses the mailing list archive and returns the quantity of messages sent by individuals. This includes any activity in the bugs.17:24
arapython count-senders.py [email] [file]17:24
arabody-searching.py searches the mailing list archive for a user defined string, sys.argv[1], and returns bug numbers containing that string.17:24
arapython body-searching.py [string] [file]17:24
aratagged-bugs.py searches the mailing list for tags, and creates a HTML report with the date the tag was added to the bug17:25
arapython tagged-bugs.py [tag] [file]17:25
araall this information can be retrieve directly through Launchpad, of course, but if you have to do it daily, it is much easier to use the scripts17:25
araand faster17:25
aranot saying that the launchpad web interface is slow... (in case some of the LP is watching...17:26
furiclels17:27
araany questions about the bugs-mailinglist scripts? If not I am going to move to a script to help testers17:27
arabullgard4:  QUESTION: ':~$ python triager-query.py; python: can't open file 'triager-query.py': [Errno 2] No such file or directory'. What went wrong?17:28
arabullgard4: did you move to the right folder? once you branch you have to move to ubuntu-qa-tools/bugs-mailinglist17:29
araLet's move now to another tool, the dl-ubuntu-test-iso, a script that will help you keeping your testing images ISO up to date.17:30
arahave you ever helped with ISO images testing?17:30
arathen start now! ;-) https://wiki.ubuntu.com/Testing/ISO/17:32
araeach milestone released (alpha-1, alpha-2, point releases, etc.) need some ISO verification17:32
arato avoid having to download every single iso each time you can have them synced17:33
aradl-ubuntu-test-iso is based on rsync and can be configured to download only the necessary images.17:33
arashankhs: and it is not a python script. it is bash scripting ;-)17:34
araTo configure the tool you need to save your configuration file as ~/iso/iso.cfg. You can see an example here: http://people.ubuntu.com/~ara/udw/qatools/iso.cfg17:34
araIn the example configuration file we have set to download jaunty release, only for i386 architectures, and alternate, desktop and server.17:35
araOnce you have set up the configuration file, and running ./dl-ubuntu-test-iso, the images will start to be download to the ~/iso folder.17:35
araPlease, take into account that by default all the images are download, so if you do not have a configuration file, you will download every possible image.17:36
araIf you run the script daily (or weekly), you will need to download only the changes between both images17:37
arasaving you time17:37
araand bandwidth for your movies and music ;-)17:37
araIf you want to start helping with Ubuntu, ISO testing is a great way to start. and really, really helpful17:38
araAnd now that we are talking about the dl-ubuntu-test-iso script to test ISO images, do you know the ISO tracker?17:38
araThe ISO tracker is a web application that we, at the QA team, use to track the testing of the ISO images. It is located at http://iso.qa.ubuntu.com/ and it is updated with the ISO images that we should be focusing in (right now the focus is taking by Hardy's point release).17:39
araIt is really helpful to create an account in the ISO tracker (if you have an account in the Brainstorm site, that one would work in the ISO tracker site as well) and submit your testing results.17:40
araOn the menu on the left, you can select the flavour that you're testing. Let's select Ubuntu flavour.17:41
araThen you have to click on the ISO image that you're testing. Let's say that we are going to test Alternate i386 (the installer that does not have a Live session)17:41
araWhen you click in one of the options, a list of testcases will appear, and a link to the ISO image, in case you haven't downloaded yet.17:42
araNice and easy17:42
araIn the list of testcases you can see what it is outstanding and have your pick taking that into account. Click on the chosen testcase to read it and submit your results.17:43
araAny questions about the ISO testing site or ISO testing in general? (before I move back to bug triaging)17:43
arabullgard4:  QUESTION: What is 'Hardy's point release'?17:44
arabullgard4: Hardy (Ubuntu 8.04) is a LTS release (Long Term Support)17:45
arabullgard4: we realease "point release" 8.04, 8.04.1, 8.04.2... that contain the latests updates already in the ISO images17:46
aralet's move to some useful reports that will make triagers life easier. When triaging bugs is useful to have access to some important information through the reports. Here's a list of some of them:17:47
araYesterday bugs: http://qa.ubuntu.com/reports/bugnumbers/yesterday.html17:47
araBugs reported yesterday. Useful to Invalid, Mark as Duplicate or request more information.17:47
araWith more duplicated bugs: http://qa.ubuntu.com/reports/launchpad-database/bugs-with-most-duplicates.html17:48
arathis is really useful when you're reading a bug that you "feel" "sure, this has been reported before"17:48
=== tate_ is now known as teskew
ara25 oldest bug task that are <put here>:17:50
aranew: http://qa.ubuntu.com/reports/launchpad-database/oldest-new-ubuntu-bug-tasks.html17:50
araIncomplete http://qa.ubuntu.com/reports/launchpad-database/oldest-incomplete-ubuntu-bug-tasks.html17:50
araConfirmed http://qa.ubuntu.com/reports/launchpad-database/oldest-confirmed-ubuntu-bug-tasks.html17:50
araTriaged http://qa.ubuntu.com/reports/launchpad-database/oldest-triaged-ubuntu-bug-tasks.html17:50
araProgress http://qa.ubuntu.com/reports/launchpad-database/oldest-in-progress-ubuntu-bug-tasks.html17:50
araFix Committed http://qa.ubuntu.com/reports/launchpad-database/oldest-fix-committed-ubuntu-bug-tasks.html17:50
araHelpful if you want to clean Launchpad from obsolete bugs17:51
araThe newest addition to the list, just announced a week ago, is the team assigned reports. As you might know, Canonical gives support to the packages in main, therefore, it is useful to have a list of the tasks assigned to one of this teams. The format of the URL of these reports is17:51
arahttp://qa.ubuntu.com/reports/team-assigned/canonical-<team>-assigned-bug-tasks.html17:51
arai.e. for the mobile team:17:52
arahttp://qa.ubuntu.com/reports/team-assigned/canonical-mobile-assigned-bug-tasks.html17:52
araA list of them can be found at http://qa.ubuntu.com/reports/team-assigned/17:52
gman16khttp://qa.ubuntu.com/reports/team-assigned/17:52
araThese reports can be useful, in case a triager sees that an already assigned bug with high importance hasn't been touched in a while, he or she could ping the correct person directly, to try to push the resolution.17:53
aratriaging bugs involves a lot of talking through the IRC. If you like IRC, you will love triaging bugs!17:54
araI am running out of time, I would like to move to testing again before I finish17:54
araany questions on the triaging side?17:54
araok, let's move back to testing17:55
ara we will talk a bit about SRU testing. Does anyone know what SRU stands for?17:55
davmor2stable release update17:55
araSRU stands for Stable Release Updates. This is, those updates that are found in the Update Manager when we are running a stable release of Ubuntu.17:56
aradavmor2: you're a great student! ;-)17:56
araBriefly, the process goes as:17:57
ara* An important bug, that needs to be fixed through updates, is found in a stable release.17:57
ara* A fixed is written and apply to the package. The package gets updated in the -proposed archive.17:57
ara* A tester willing to help with the SRU process (and has the -proposed repositories enabled; https://wiki.ubuntu.com/Testing/EnableProposed) installs the package and verifies that the bug has been fixed.17:57
ara* The fix is apply to the -updates repository.17:57
araFor more information about the SRU process you can go to https://wiki.ubuntu.com/StableReleaseUpdates17:57
araTo help tracking the outstanding bugs to test and help people coordinate the efforts, we have a very helpful tool, the SRU tracker:17:57
arahttp://people.ubuntu.com/~sbeattie/sru_todo.html17:58
araIn this tracker you can easily spot what fixes need verification (and for which release) and a test case if available.17:58
araIf you're running a stable release of Ubuntu (hardy, intrepid...) this is a great way to help the QA team to make Ubuntu better.17:58
araany questions before leonardr starts the following session?17:59
aracounting down:18:00
ara5...18:00
ara4...18:00
ara3...18:00
ara2...18:00
ara1...18:00
charlie-tcaThanks ara, That was GREAT!18:00
araOk, that's it for today! I will be running another session on Thursday, to explain how to use Ubuntu Desktop Testing to create automated tests for the desktop.18:00
davmor2thanks ara18:00
dinxtercheers!18:01
araThanks all for coming!!18:01
bullgard4Thank you, ara.18:01
porthosethank you ara18:01
=== heikki_ is now known as heikki
leonardrok, i'll get started now18:02
leonardrHi all.18:02
leonardrMy name is Leonard Richardson. I'm on the Launchpad Foundations team and I'm the co-author of the O'Reilly book "RESTful Web Services".18:02
leonardrI'm here to talk about the Launchpad web service API--how to use it and what advances have been made since the last UDW.18:03
leonardrI'll do an infodump and then take your questions.18:03
leonardrIf you have questions in the meantime just put them in #ubuntu-classroom-chat.18:03
leonardrMost of this infodump will be familiar to those of you who were at this chat at the last UDW. I ask you to bear with me so I can get everyone up to speed.18:03
leonardr 18:03
leonardr1. Intro18:03
leonardrFirst thing to know is that we've got docs talking about the API here: https://help.launchpad.net/API18:03
leonardrPut simply, we've created an easy way for you to integrate Launchpad into your own applications.18:03
leonardrIf you perform the same tasks on Launchpad over and over again, you can now write a script that automates the tasks for you.18:03
leonardrYou don't have to rely on fragile screen-scraping.18:04
leonardrIf you're a developer of an IDE, testing framework, or some other program that has something to do with software development, you can integrate Launchpad into the program to streamline the development processes.18:04
leonardrIf you run a website for a project hosted on Launchpad, you can get project data from Launchpad and publish it on your website.18:04
leonardrAnd so on. You'll eventually be able to use the API to do most of the things you can do through the Launchpad web site.18:04
leonardr 18:04
leonardr2. Tools18:04
leonardrThe simplest way to integrate is to use launchpadlib, a Python library we've written.18:04
leonardr(see https://help.launchpad.net/API/launchpadlib)18:04
leonardrThis gives you a Pythonic interface to the Launchpad API, so you don't have to know anything about HTTP client programming:18:04
leonardr>>> launchpad.me.name18:05
leonardru'leonardr'18:05
leonardr>>> launchpad.bugs[1].title18:05
leonardru'Microsoft has a majority market share'18:05
leonardrBut it's also easy to learn the API's HTTP-based protocol and write your own client in some other language.18:05
leonardr(see https://help.launchpad.net/API/Hacking)18:05
leonardr 18:05
leonardr3. Progress and Roadmap18:05
leonardrAt the last UDW I said that the web service publishes information about people, bugs, and the Launchpad registry, (the projects, milestones, etc.).18:05
leonardrSince then, the bugs work has been more or less completed. CVEs have also been published through the web service.18:05
leonardrCode branches have come online.18:05
leonardrMerge proposals have been published but are currently read-only. They should be read-write within a week.18:06
leonardrAdditional bits of the registry, like milestones, have been published since the last UDW.18:06
leonardrSome of the Soyuz functionality has come online: archives and archive permissions.18:06
leonardrThe hardware database will be the next thing to be published, hopefully within a month.18:06
leonardrPublication through the web service is still not a priority for translations, answers, and blueprints.18:06
leonardrso, that's the infodump, i invite your questions18:06
leonardr<sianis> QUESTION: do you plan write API for Rosetta?18:07
leonardrso, the team that does some part of launchpad, like rosetta, is also responsible for publishing that part of launchpad through the web service18:08
leonardri talked to the translations team today and they don't have plans to publish translations through the web service, per se18:08
leonardrhowever, we will also be using the web service to add ajax functionality to the launchpad website18:09
leonardrand they will be publishing some of the translations functionality for that, so you will get at least some of the translations18:09
leonardrbut there's no plan right now to publish the whole things as there was for bugs--what they publish might be useful to you, it might not18:09
leonardr<bullgard4> QUESTION: What is a " Pythonic interface "?18:10
leonardra pythonic interface is one that "looks like python". it presents objects that act like built-in python data structures, as opposed to (eg.) one with a lot of getters and setters18:10
leonardr<thekorn> Question: can you please explain (in short) the different access-level?18:11
leonardr<thekorn> and especially: why is there a "no access level"18:11
leonardris there a no access level? let me check18:11
leonardri'm opening up the list of access levels18:11
leonardrall right18:12
leonardrso, we've set up authorization to the launchpad web service using the oauth standard18:12
leonardrwhich is basically a way for the end-user to delegate a certain amount of authority to a program18:12
leonardrthe problem is that although you trust your web browser enough to type in your launchpad password18:13
leonardryou probably don't extend that same level of trust to other programs, like IDEs or "portal" websites that promise to show you a dashboard of your launchpad activity18:13
leonardryou shouldn't trust those sites with your launchpad password18:14
leonardroauth is a way to delegate a certain amount of power to those sites, without giving them your password18:14
leonardrin that context, the access levels are the different amounts you can trust a particular site or application18:14
leonardrif a site promises to make a dashboard for you, then you can give the site read-only access to your data18:14
leonardrit has no business modifying your data18:15
leonardrsimilarly, you can authorize an application to only access public data on your behalf18:15
leonardras for the 'no access' level, flacoste said in classroom-chat:18:15
leonardr<flacoste> thekorn: say a rogue application try to ask for a token, the user can click on no access level to dismiss the request18:15
leonardrit's a 'cancel' button18:15
leonardrhopefully that provides at least some enlightenment18:16
leonardr<maxb> QUESTION: Will it become possible to use launchpadlib without needing to login, if all you want is read-only programmatic access to public data?18:16
leonardrour initial decision was to prohibit this altogether. we're now reconsidering but we haven't made a decision one way or the other yet18:16
leonardr<ia> QUESTION: could you just name, please, a few apps, which uses LP API?18:17
leonardri think thekorn could name more than i can18:17
leonardri'm also bad with names18:17
thekornthere are some tools switching from screenscraping to lplib,18:17
leonardr<flacoste> the is a bzr plugin for eclipse18:17
thekornlike ubuntu-dev-tools18:18
leonardralso, for every publicly available tool there are several private scripts18:19
leonardrpeople write everyday scripts to get around whatever annoys them about launchpad or to do batch operations18:19
leonardr<maxb> QUESTION: Rationale for prohibiting launchpadlib access to data which can be screen-scraped without auth would be interesting?18:19
leonardrthere's a general worry about access to the web service getting out of control18:20
leonardrwe have various ways to throttle usage for different scenarios, and one of the scenarios is when one person is using too many resources, whether by accident, due to a bug, or maliciously18:21
leonardrin that case we'd throttle all access by that person18:21
leonardrlike i said, we're reconsidering it18:21
leonardr<istaz_> QUESTION: Is there a way to ask for change to be Pushed to you  instead of having to poll?18:22
leonardrno, not really18:22
leonardrare you thinking something like email?18:22
leonardrin general the web works on polling, even if you're just polling a summary of what's changed18:23
leonardr<istaz_> leonardr: yes18:23
leonardrno, there's no email or other kind of push architecture18:23
leonardrif you're worried about bandwidth usage, there are standard http techniques like conditional get that we use and plan to use more of18:24
leonardrlaunchpadlib automatically uses them18:24
leonardrxmpp is an interesting possibility but i don't think you should expect it anytime soon18:25
leonardrany other questions?18:28
leonardr<thekorn> Question: is there any work on a javascript implementation of the API, like launchpadlib for python18:29
leonardryes, there is, actually18:29
leonardrbecause as i said, we are going to be using the web service to add ajax ui elements to launchpad18:29
leonardryou can actually see it now18:29
leonardrhttps://launchpad.net/+icing/rev7479/launchpad-ajax.js18:30
leonardrbut right now it only works on pages on launchpad itself18:30
leonardrthis is partly because of the design and partly because of the 'same-origin policy' that makes it difficult to have a page on foo.com that makes an XMLHTTPRequest to bar.com18:30
leonardrit's not a huge priority for us but eventually the javascript library should be usable outside of launchpad18:31
leonardrhowever, note that it's very different from launchpadlib18:31
leonardrbecause it doesn't have access to the wadl file, you have to know a lot more about the url structure and what the web service looks like on the http level18:32
leonardranything else?18:33
leonardrok, i'll stick around until the next presentation in case there are any more questions18:36
leonardr<creek23> QUESTION: Can we extract XML for Flash display?18:36
leonardrthe web service serves JSON, not xml18:37
leonardrit's also pretty likely that a flash application will run afoul of the same-domain policy, just like a javascript application18:37
leonardrif you can get around the same-domain policy somehow, there's got to be a json parser written in flash18:38
leonardrbut that's not a case we're really thinking about18:38
=== Kelemen3 is now known as Kelemen
redcloverdate -u18:59
keesI'll go ahead and get started.  As usual, please ask questions at any time in the -chat room, and we'll answer them as we see them.  :)19:01
keeswelcome everyone!  I'm Kees Cook, and I'm the technical lead of the Ubuntu Security Team (and employed by Canonical).19:01
keesthis is going to be a quick intro to how the Security Team operates within Ubuntu, and how people can help create high-quality updates.19:01
keesI'm joined by Jamie Strandboge and Marc Deslauriers, who will be helping with the presentation.19:02
keesthe main wiki page for information about the team is here: https://wiki.ubuntu.com/SecurityTeam19:02
keesour page is still a bit young, so pardon the lack of details in the FAQ and KnowledgeBase areas.19:02
keeswe might be able to populate some of the FAQ with today's classroom's questions.  :)19:03
jdstrand\o/19:03
keesthe most active subteams within the Security Team are "ubuntu-security" and "motu-swat"19:03
kees19:03 < ScottK> QUESTION: Since Marc is new(ish) perhaps he could introduce himself ...19:04
mdeslauryes, I guess I could :)19:04
mdeslaurI'm from Quebec City, Canada, and have been a Canonical employee since the beginning of November19:04
mdeslaurI used to be a security and open source consultant for various companies19:05
mdeslaurAnd used to build security updates for the defunct Fedora Legacy project19:05
keeswe're glad to have him as part of the team.  :)19:06
mdeslauruhmm...that's about it I guess, feel free to ask me any question you may have19:06
jdstrand*very* glad :)19:06
keesso, when there are security updates that need to happen, "ubuntu-security" and "motu-swat" are the ones handling it usually, though we have many additional contributors.19:07
keesin general, our "update procedure" is here: https://wiki.ubuntu.com/SecurityUpdateProcedures19:07
keeswe focus on fixing "CVE"s in published ubuntu releases19:07
kees(CVE stands for Common Vulnerabilities and Exposures)19:07
keesa CVE is basically a number identifying a flaw in software that has security implications19:08
keesthe central collection of CVEs here: http://cve.mitre.org/19:08
keessome of the URLs for more information that I'm listing here can also be found in our KnowledgeBase: https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase19:08
keessince CVEs are global identifiers, they cover software (and hardware) from any vendor in the world -- only some CVEs apply to Ubuntu software.19:08
keesthe first step to fixing security problems in Ubuntu is keeping up to date with new CVEs, and checking to see in Ubuntu is affected.19:08
kees19:08 < bullgard4> QUESTION: What does 'swat' stand for in  "motu-swat"?19:09
kees'swat' is in reference to "Special Weapons and Tactics", a specialize police force19:09
keeshttp://en.wikipedia.org/wiki/SWAT19:09
jdstrandI like to think of them as swat'ing security bugs19:10
keesthat works too :)19:10
keesto help coordinate between teams and people, we have an ubuntu-specific reponsitory for tracking CVEs: https://code.launchpad.net/~ubuntu-security/ubuntu-cve-tracker/master19:10
keesthis is a bzr branch, with details about every CVE that has been issued.19:11
keesOnce you have a local branch of ubuntu-cve-tracker, the first thing to do is read, surprisingly, the README file.  :)19:11
keesmost of the CVEs are flagged "ignore" since they apply to unpackaged software, different vendors like Apple or Microsoft, etc.19:11
keessince not everyone is interested in digging into a bzr repo just to see how things look, it is also published: http://people.ubuntu.com/~ubuntu-security/cve/main.html19:11
keesand universe: http://people.ubuntu.com/~ubuntu-security/cve/universe.html19:11
keesand for individual CVEs, those can be examined too, e.g. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2008-232719:12
ubot5kees: Multiple buffer underflows in the (1) LZWDecode, (2) LZWDecodeCompat, and (3) LZWDecodeVector functions in tif_lzw.c in the LZW decoder in LibTIFF 3.8.2 and earlier allow context-dependent attackers to execute arbitrary code via a crafted TIFF file, related to improper handling of the CODE_CLEAR code. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2327)19:12
kees(thanks ubot5)19:12
keesonce CVEs have been identified, the team will prioritize them, and start either tracking down patches or making our own.19:12
keessome CVEs are initially private, while upstream (and the vendors) try to figure out solutions.  This is called an "embargoed" issue.19:12
keesthe ubuntu tracker only shows public CVEs, since none of the vendors are allowed to discuss embargoed issues until they reach their "coordinated release date"19:13
keesonce the teams gets a patch to fix a problem, they test them, and finally publish the fixes.19:13
kees(I'll be coming back to this in a moment...)19:13
keespresently, security updates for main/restricted packages (mostly handled by "ubuntu-security") get "Ubuntu Security Notices" (USNs) published: http://www.ubuntu.com/usn/19:13
keesthere is a mailing list for this as well: http://lists.ubuntu.com/archives/ubuntu-security-announce/19:13
keesthe Universe Security Team ("motu-swat") handles updates for universe and multiverse.19:14
keesbesides the two teams handling security updates, we also have a team dedicated to providing better security globally to Ubuntu.  this is the "ubuntu-hardened" team.19:14
keesIt started very SELinux-centric, but has grown to include people interested in AppArmor and other hardening techniques.19:14
keeswe also have a "white hat" team ("ubuntu-whitehat") that is dedicated to hunting down new security issues.  it is still young and has plenty of room for growth.19:14
keessince all of the teams are rather small, we still use a single IRC channel (#ubuntu-hardened) and a single mailing list (ubuntu-hardened)19:15
keesswitching back to update process, once we've tracked down an issue and a fix, we have to test it.  for details on this process, I'll turn it over to jdstrand!19:15
jdstrandthat's my cue19:15
jdstrandHi! I'm Jamie Strandboge. I am a member of the Ubuntu Security Team and a Canonical employee.19:15
jdstrandAs many of us know, it is estimated that Ubuntu has 10 million installations world-wide, with only several thousand running the latest development release (10,000 IIRC).19:16
jdstrandUsers of released versions of Ubuntu expect and deserve a stable system with as few regressions as possible. As such, ensuring high quality updates to released versions of Ubuntu is of utmost importance.19:16
jdstrandHopefully this part of the session will help people to understand the processes, information and tools available to help create high-quality updates.19:16
jdstrandBefore an update to an Ubuntu release can be made, typically a patch must be created and submitted to Launchpad for review.19:16
jdstrandhttps://wiki.ubuntu.com/StableReleaseUpdates discusses when and how a bug fix can be incorporated into a released version of Ubuntu, while https://wiki.ubuntu.com/SecurityUpdateProcedures discusses the process of fixing security bugs.19:17
jdstrandIn general, whether the update is a stable release update (SRU) or security update, the updated package should follow the process described in https://wiki.ubuntu.com/SecurityUpdateProcedures#Preparing%20an%20update.19:17
jdstrandMost importantly:19:17
jdstrand1. Make the minimum changes necessary to fix the bug19:17
jdstrand2. Prefer packaging the changes as proper patches (ie, when there is a patch system (eg, cdbs, dpatch, quilt, et al), use it. When the patch system supports it, follow https://wiki.ubuntu.com/UbuntuDevelopment/PatchTaggingGuidelines)19:17
jdstrand3. Properly test that the package builds and still works (see qa-regression-testing, discussed later)19:18
jdstrand4. Make sure the changelog has the proper formatting. This includes the proper version, distribution, bug references, patch origin, and CVE. All of this information is needed for review and so it is clear to anyone who looks at the changelog what changed.19:18
jdstrand(the CVE is needed only if it's a security update, of course)19:19
jdstrand5. If Debian is still affected, send the patch to them by following https://wiki.ubuntu.com/Debian/Bugs. We need to always give back to Debian, because it is the right thing to do and because it helps Ubuntu in the next development cycle.19:19
jdstrandWhen submitting patches, please read through and follow this section of SecurityUpdateProcedures in its entirety, as the above only touched on the most important points.19:19
jdstrandWhen performing a security update or SRU, it is of utmost importance to make sure that the update does not introduce any regressions and verify that the package works as intended after an update.19:19
jdstrandWhile we are all human and some regressions are inevitable, we can go a long way towards ensuring that we do everything possible to be reasonably sure the update works as intended.19:20
jdstrandThis is where the QA Regression Testing bzr branch (https://code.launchpad.net/~ubuntu-bugcontrol/qa-regression-testing/master) can help.19:20
jdstrandqa-regression-testing was started by Martin Pitt (pitti), and continued by me, kees, mdeslaur and others.19:20
jdstrandqa-regression-testing is used extensively by the Ubuntu Security team, as well as the Ubuntu QA Team, Ubuntu Server Team and others. It is also used in the SRU (Stable Release Update) process and when testing Apparmor profiles.19:20
jdstrandThe bzr branch contains a lot of information to help with an update.19:21
jdstrandI highly recommend reading README.testing, which talks about things to look out for in an update, best practices, checklists and more.19:21
jdstrandFor example, README.testing discusses checking the differences between builds, exercising patched code, running build tests, checking for ABI changes, and more.19:21
jdstrandIt also lists various software that can be helpful in debugging, analysis, auditing, and ensuring package QA (among other things).19:21
jdstrandFinally, it contains a checklist that can be invaluable in making sure that you done/checked various tasks.19:22
jdstrandbuild_testing/ and notes_testing/ have notes and instructions on how to enable build testing, use testing frameworks for a particular application and any other notes pertinent to testing. For example, build_testing/apache2 has notes on using the Perl-Framework from http://httpd.apache.org/test/.19:22
jdstrandThe scripts/ directory contains scripts for testing various programs. As of today, there are 58 test scripts.19:22
jdstrandThe main idea behind these scripts is not build/compile testing, but rather application testing for default and non-default configurations of packages.19:23
jdstrandFor example, the test-openldap.py script will test slapd for various configurations like ldap://, ldapi://, ldaps://, sasl, overlays, different backends and even kerberos integration.19:23
jdstrandtest-openoffice.org.py opens various files that openoffice.org supports to make sure they still work.19:23
jdstrand*IMPORTANT* the scripts in the scripts/ directory are often destructive, and should NOT typically be run on a production machine. We typically run these in a virtual machine, but often a chroot is sufficient.19:24
jdstrandMost of the scripts use python-unit. At the top of each script are instructions for how to use it, caveats, etc. There is also a skeleton.py script along with libraries (testlib*.py) that can be used when developing new scripts.19:24
jdstrandWhile python-unit doesn't perfectly lend itself to GUI testing, it may be able to be used to automate some aspects of the testing of certain files, such as test-openoffice.org.py and test-xine.py.19:25
jdstrandWork is being done to help automate GUI functionality, and can be seen in https://wiki.ubuntu.com/Testing/Automation and later this week in the 'Automated Desktop Testing' session.19:25
jdstrandThe scripts in qa-regression-testing typically are written when there is a new security update, and specifically tests the functionality that pertained to a given patch.19:25
jdstrandAs such, the scripts are in varying states of completeness, and any help in creating and extending these is most welcome. :)19:26
jdstrandHelp is also welcome in any of the q-r-t parts-- eg build_testing/ information for applications not listed19:27
jdstrandBy following the checklists, best practices, developing new scripts and using existing scripts for qa-regression-testing, we all can go a long way in helping to ensure as few regressions as possible.19:27
* kees <3 q-r-t19:27
* jdstrand hands it back over to kees19:27
keesthe work in q-r-t is very important, so if anyone wants to help with updates, that's by far one of the best places to focus on.19:28
jdstrandit also is not hard to get started, and often a fun/small coding project19:29
keesI did a quick overview of the various other areas of the security team.  are there any specific questions or areas that people would like to hear more about?19:29
jdstrandSomething I didn't mention while discussing testing19:31
jdstrandas we all know, Ubuntu is split up into different releases, such as dapper, gutsy, hardy, intrepid, and jaunty19:31
jdstrandin the changelog, after the version, there is a 'distribution' field19:32
jdstrandfor the development release (eg 'jaunty'), the distribution field is simply the release name19:32
jdstrandfor security updates, you should append -security to the release name, eg hardy-security19:32
jdstrandfor SRUs, you should append -proposed (updates are tested in -proposed first)19:33
jdstrandmany people know about all that, however, what is less widely known is how security updates and SRUs end up getting built19:33
jdstrandwhen testing an update destined for -security (eg, hardy-security), keep in mind that security updates are *only* built with the release pocket and the security pocket enabled19:34
jdstrandspecifically, -updates and -proposed are not in sources.list when a -security update is being built19:35
jdstrandthis is important to note when testing, because sometimes subtle (and not so subtle) bugs can creep in when you test your package with -updates enabled, but upload to -security19:35
jdstrandwhich doesn't have -updates enabled (they are essentially different packages)19:36
jdstrandanother thing to keep in mind, is what components a package is built with19:36
jdstrandthe components are main, restricted, universe and multiverse19:37
jdstranda package destined for main is only built with the main component19:37
jdstrandrestricted is built with only main and restricted19:37
jdstranduniverse is built with main and universe19:37
jdstrandmultiverse is built with main, restricted, universe and multiverse19:37
jdstrandwhy is this important? sometimes debian/control has a Build-Depends like (foo | bar)19:38
jdstrandif foo is in universe and bar is in main, a package destined for main will be built with bar, but if the universe component was in sources.list during your testing, you might have tested with the package built against foo19:39
jdstrandQUESTION: How do backports and security updates fit in with each other?  Do we patch the original released or the backported version?19:39
jdstrandgood question19:40
jdstrand-backports is a different pocket entirely, and does not receive official support from the Security Team, and often doesn't receive backported fixes from motu-swat19:40
jdstrandupdated packages that fix a CVE will pull from -updates though19:41
jdstrandso the source will come from -updates, but will be built against only -security (and release)19:42
jdstrandit is general policy to backport fixes to the packages that exist at release time, rather than doing an upload of a new version19:42
jdstrandfor example, if package foo is at version 1.2.3, and upstream releases version 1.2.4 (that has a CVE fix), we will backport the security fix in 1.2.4 to 1.2.3, rather than upgrading foo to 1.2.419:43
jdstrandthere are exceptions though-- firefox, postgresql and clamav are some of them19:43
jdstrandQUESTION: What is "the release pocket and the security pocket"?19:44
jdstrandthe release pocket is simply the release name, eg "jaunty"19:44
jdstrandafter a version of Ubuntu is official, then the release pocket is frozen, and updates must go to other pockets (these can be seen in your /etc/apt/sources.list file)19:45
jdstrandso, "hardy" is the release pocket for hardy, "hardy-security" gets security only fixes, and "hardy-updates" gets bug fixes (and security fixes are copied into it)19:46
jdstrand"hardy-proposed" is the pocket people upload to when they want a bug fix ultimately destined for "hardy-updates"19:46
jdstrandQUESTION: You are doing your best to create high-quality updates. Where is laid down what an Ubuntu user should do to have a very secure Ubuntu computer and network?19:47
jdstrandUbuntu by default is installed with no open ports19:49
jdstrandas long as you keep your system up to date, the typical Ubuntu user will have a secure system19:49
jdstrandonce you start adding services to it, like a web server, Ubuntu can keep the package up to date, but misconfiguration can always be a problem19:50
jdstrandthere are various tools such as apparmor and ufw that can help lock down services and network capabilities, but this is really a question that can't be sufficiently answered in this session19:51
jdstrandQUESTION: If -security is built without -updates, what happens  when you need to prepare a security update to a package which has  an update already published in -updates?19:51
jdstrandwe pull the version in upddates, patch the security fix in it, and change the version such that it is higher than in -updates19:51
jdstrandwe are about out of time. are there any more questions?19:55
jdstrandOk. thanks to kees and to everyone who attended. Please feel free to jump in with patches for security, SRUs or testing scripts :)19:57
jdstrandhappy hacking!19:57
ickisnice talk19:58
ickisthanks!19:58
jdstrandthanks you :)19:58
* pitti args19:59
pittiI just did something *incredibly* stupid19:59
pittiI deleted my talk!19:59
bullgard4jdstrand, kees: Thank you for a most interesting class!19:59
pittiI'm terribly sorry, I'm afraid I have to cancel this and move it to a later place19:59
jdstrandbullgard4: :)20:00
ickisups20:00
bekkspitti: may i take you into a short query regarding talks at general?20:00
pittianyone knows how to undelete on ext3?20:00
pittibekks: let me try to rescue this file20:00
bullgard4pitti: Oh, no. Start it now without your document.20:01
pittisorry, it's a bit too complicated to do it from scratch20:01
Delkiagod luck pitti !20:01
bekkspitti: on ext3, there is not a fair chance to undelete, cause inode entries are overwritten with zero.20:01
bekksI'm sorry for those bad news.20:01
waltharigood evening to everybody20:02
* pitti looks in .viminfo20:02
pittiapparently not20:02
pittiand my backup didn't catch it yet20:03
stefanlsdpitti: maybe the grep idea   http://www.linuxforums.org/forum/linux-security/13416-ext3-filesystem-can-undelete-work.html20:03
Ape3000pitti: You should use trash, so that you can recover accidentally deleted files from there20:04
pittiyeah, I will next time20:04
pittiargh, this has cost me 3 hours to write20:04
mnemoubuntu should have a "delete to trash" version of "rm" :(20:05
Ape3000And don't automatically empty the trash. Wait for at least an hour before emptying the trash. You might still want to get that file back.20:05
mneptokext2 just marks these blocks as unused in the block bitmaps and marks the inode as "deleted" and leaves the block pointers alone.20:05
bekksmnemo: you could do that with an alias20:05
mneptokgah20:06
istaz_mneptok: take a look at http://pages.stern.nyu.edu/~marriaga/software/libtrash/20:06
istaz_s/ mneptok / mnemo /20:06
Ape3000You could use: alias rm='rm -i'20:06
mneptokistaz_: not much help now, though20:06
istaz_it a lib you preload and remove all call to rm and replace them to mv .trash20:07
istaz_mneptok: no but for the future20:07
Ape3000pitti: Can we still have the session with debugging?20:07
mnemoor will you re-write the notes for tomorrow maybe?20:08
pittiI'll have it later in the week20:08
pitti4112384 inodes scanned, 0 deleted files found20:08
pitti:(20:08
pittiseems I'll rewrite it from scratch then20:08
theseasbye everyone!!!20:09
mnemojavaJake has some idea about grepping the HDD image20:09
pittiI'm sorry everyone20:09
javaJakeThat came from stefanlsd's link20:10
jpdspitti: That's a shame, I personally use something like: http://paste.ubuntu.com/107438/ which make a copy of the doc on save.20:10
pochupitti: don't worry. I'll be here when/if you can do it, as long as it's not the day before an exam :)20:11
pochupitti: I guess, no mydocument~ (like gedit does by default for backups)?20:12
Ape3000So you pressed some keys that did "delete all text" on vim?20:12
pittipochu: no, .vim removes the swap file after you exit20:12
xnoxuse bzr next time you write it and commit after every pragraph =)20:19
gh1234date -u20:19
=== heinrich_ is now known as heinrich
evolu_date -u21:22
evolu_'date -u'21:22
mneptokthanks, but i'm taken21:46
istaz_what is the date -u things everybody write?22:12
istaz_date -22:12
istaz_date -u22:12
jpdsistaz_: Type it into the console.22:13
hollowayistaz_: put it in your terminal22:13
istaz_yes it give the date but why is everybody typing it on the chan?22:14
jpdsistaz_: Cos they read the topic and just type it...22:16
istaz_oh22:17

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!