[15:12] <sbalneav> Morning all
[16:25] <highvoltage> morning sbalneav
[17:11] <Ahmuck> in a edubuntu system are there levels of administration
[17:32] <sbalneav> Ahmuck: With PolicyKit, there's the *potential* for levels of administration, however, most packages tend to come configured as the "superuser" gets the admin priv.
[17:32] <sbalneav> However, the "standard" unix way to do this would be to have groups to control certain policy options.
[17:33] <sbalneav> i.e. have an "accounts" group for creating, modding accounts, have a "printers" group for handling printing operations (clearing queue's, etc).
[17:34] <sbalneav> then assign pk rights based upon membership of the group.
[17:34] <Ahmuck> accounts for updating, installing sofware etc.?
[17:34] <Ahmuck> linux has control policy options?
[17:34] <sbalneav> Sure.  Simply depends on how "fine grained" you'd like to get.
[17:34] <Ahmuck> i've got an individual i'd like to put in charge of some things, but need to keep them from "roaming"
[17:35] <sbalneav> Well, you used to control these sorts of things with setgid programs.
[17:35] <Ahmuck> ie through user directories, etc.
[17:35] <sbalneav> Now you control them with pk
[17:35] <Ahmuck> ok
[17:35] <sbalneav> Well, actually, you do both, since not everything;s part of the new pk order yet :)
[17:35] <Ahmuck> is there a way to block process listing?
[17:35] <sbalneav> No
[17:36] <Ahmuck> ya, i havn't granted system wide access yet
[17:36] <sbalneav> That's pretty fundamental to Unix-like OS's
[17:36] <sbalneav> there are some kinds of things you may want to do that will be either very difficult or impossible to do in a Unix-like environment.
[17:38] <sbalneav> This is due to the fundamental design philosophy of Unix/Linux
[17:39] <sbalneav> A good forinstance would be the running of various programs, like ps, by a user.
[17:40] <sbalneav> So, you may say, "I don't want a user to be able to run ps, and see what processes are on the system".
[17:40] <sbalneav> OK, fine, so you enable ACL's on the filesystem, and remove execute rights from ps on that user.
[17:41] <sbalneav> Now tuxtype stops working, since it calls ps to make sure that the user isn't already running a tuxtype instance.
[17:41] <sbalneav> (that was just an example, I don't know if tuxtype does that in reality).
[17:42] <sbalneav> As a user, you have to expect that everything that's in /bin, or /usr/bin should be able to be run by you.
[17:43] <sbalneav> Linux permissions doen't get that fine grained.
[17:50] <Ahmuck> are there any good screenshot programs, similar to ksnapshot that doesn't depend upon clicking the new snapshot button?
[17:50] <sbalneav> Dunno, if I need a screenshot, I always just hit printscreen.
[17:56] <Ahmuck> i'm looking for specific screenshots, under a vm window without the vm border
[17:57] <Ahmuck> i can do it with ksnapshot, or a script using imagmagick, however i get the same problem, i have to go in and manually crop them
[17:57] <Ahmuck> i'm looking to automate the screenshots
[17:58] <Ahmuck> sbalneav: is there a way to prevent screen output.  what i'd be having problem with is individual users viewing proceses from other users.
[17:59] <Ahmuck> so for example, ellen's OO.o doc that is titled, "My Love Poem for David" would be presented under ps
[18:33] <alkisg> !info xorg-driver-sis671
[19:01] <sbalneav> Ahmuck: No, sorry, there's simply no easy way to prevent something like that in a Unix-Like environment.
[19:03] <sbalneav> You can do things like use pessulus to lockdown alt-f2, so they cant run things, and disable access to (gnome|x|k)term, but then they could just use Nautilus to browse to /usr/bin, and run ps directly.
[19:03] <sbalneav> Unix was originally designed for programmers to work in, and there was an orignal assumption that most things should be visible on the system.
[19:04] <sbalneav> This ultimately became the posix standard
[19:04] <sbalneav> and Linux is (or tries to be :) ) posix compliant.
[19:06] <sbalneav> Ahmuck: As for the screenshots, can gimp do it for you?  It can acquire screenshots without border decorations.
[19:13] <sbalneav> There is a bug that's been filed against nautilus:
[19:15] <sbalneav> Hmmm, can't find it off the top of my head, but it was a patch for lockdown, "no execure", so that it wouldn't execute programs when launched from Nautilus.  Thhis would help somewhat.
[19:32] <Lns> Ahmuck: also, you can use .hidden files to hide directories/files from viewing in nautilus (won't affect openoffice save/open dialogs and friends though).. have you seen the ubuntu wiki page on locking the system down?
[19:32] <Lns> https://help.ubuntu.com/community/UbuntuLTSP/HideFilesystemInNautilus
[19:33] <sbalneav> Lns: HUH!
[19:34] <sbalneav> I didn't even know nautilus did that
[19:34] <joerg_> hey
[19:34] <sbalneav> joerg_: Hey there!
[19:34] <sbalneav> looked at your spec
[19:34] <joerg_> sbalneav, did u find some time look at the specs? :)
[19:34] <sbalneav> looks fantastic!
[19:34] <joerg_> ah cool
[19:34] <joerg_> sbalneav, when did u look at it?
[19:34] <sbalneav> all kinds of good detail in there
[19:35] <sbalneav> last friday
[19:35] <joerg_> changed a lot of things recently
[19:35] <joerg_> w8
[19:35] <sbalneav> oh, cool.
[19:36] <joerg_> sbalneav, http://www.labpixies.com/campaigns/calories/calories.xml
[19:37] <joerg_> oh, sorry
[19:37] <joerg_> that's my test opensocial app :D
[19:37] <joerg_> http://www.myserv-project.org/specs:core
[19:38] <sbalneav> Excellent, thanks!
[19:39] <joerg_> sbalneav, should I start recruiting people? :D
[19:39] <joerg_> sbalneav, I am just working on the opensocial stuff
[19:40] <joerg_> sbalneav, which is not that easy....there's just one very poor python implementation for the google app engine
[19:40] <sbalneav> I'd certainly be more than willing to help out.
[19:42] <sbalneav> Lns: yeah, that's a good tip.  Unfortunately, the wily "hacker" can still do a "control-L/usr/bin", so it definitely helps, but doesn't eliminate the problems.
[19:43] <Ahmuck> it's not hackers i'm worried about, rather, nosey teenagers
[19:43] <Ahmuck> though i aught to be glad their learning
[19:43] <sbalneav> One supposes we could create a "hidden" package that supplies a set of ".hidden" files for a bunch of directories.
[19:43] <sbalneav> Ahmuck: heh, that's why "hackers" was in quotes.
[19:45] <Lns> sbalneav: for sure. it's just 'out of sight, out of mind' type stuff =)
[19:46] <sbalneav> Hmm, so if I do a "cd /usr/bin ; ls > .hidden" that makes /usr/bin disappear.
[19:46] <sbalneav> Sooooooooo.
[19:46] <sbalneav> by extention....
[19:46] <Lns> haha!
[19:47] <sbalneav> We could write a relatively short shell script that could be plunked in /etc/cron.hourly...
[19:47] <Lns> well
[19:47] <Lns> in my experience, if you lock down the root dir, there's not a lot that can slip by..
[19:47] <sbalneav> that would go around to all the "bad" areas, like /bin, /usr/bin, /sbin, etc.
[19:48] <sbalneav> and create a ".hidden" file from all the contents.
[19:48] <sbalneav> 30, 40 lines of shell at most.
[19:48] <sbalneav> I'll hack something together tonight, stuff it in my ppa.
[19:49] <sbalneav> Ahmuck: So if you:
[19:49] <sbalneav> 1) removed Gnome-Terminal from the menu
[19:49] <sbalneav> 2) Locked out alt-f2 "run" dialogue
[19:49] <sbalneav> 3) run the little "hide things" script
[19:50] <Lns> Ahmuck: sbalneav also: check out https://help.ubuntu.com/community/UbuntuLTSP/GnomeOptimize  -- I've put some things in there a while back about lockdown that might help
[19:50] <sbalneav> You'll make it difficult enough to do a "ps" looking for who little suzie's writing love notes too as to make it "almost impossible"
[19:50] <sbalneav> :)
[19:51] <sbalneav> Lns: You don't get enough credit for all the work you've done/do on the ltsp bits of the wiki.
[19:51] <Lns> lol
[19:52] <Lns> sbalneav: i did that a long time ago, it was kind of a stint that i got all that stuff up there. i wish i kept up on it more
[19:52] <Lns> but thank you =)
[19:54] <sbalneav> Well, it's important.
[20:02] <Lns> *sniff* i'm so glad you understand me sbalneav =)
[20:03] <Lns> actually, i'm planning on making a string of youtube video tutorials with edubuntu, starting with how to install it
[20:03] <Lns> but last week i was having issues with virtualbox so i couldn't set up my recording environment right
[20:30]  * Lns is installing edubuntu 9.10 amd64 for the first time =)
[20:31] <Ahmuck> heh, Lns, that's what were doing here in the last week
[20:31] <Ahmuck> henced i was asking about screenshots
[20:31] <Lns> =)
[20:32] <Lns> hrm, "installing system" information should reflect edubuntu, not ubuntu
[20:32] <Lns> i could probably come up with some wordage
[20:32] <Lns> if someone knows how to change it in the install dvd
[20:35] <Lns> wow, those screen wipes during the installation really get your attention! haha
[21:34] <Lns> hmm, it seems to me that the iconset for Gnome "Places" menu are pretty inconsistent with "Applications" and other menus
[21:34] <Lns> a.k.a. nautilus iconset i guess
[21:59] <mhall119> highvoltage, ping
[22:02] <highvoltage> mhall119: pong
[22:03] <mhall119> hey, I'm finally getting my Qimo packages started
[22:03] <mhall119> I was wondering what format they need to be in to get into Universe
[22:03] <mhall119> source packages, package branches?
[22:03] <mhall119> just something in my PPA?
[22:04] <mhall119> I've got a group for qimo-developers in LP, I was going to use that PPA for the packages as they become available
[22:04] <mhall119> I finally got the last of my xfce issues resolved
[22:05] <sbalneav> mhall119: Getting them into your ppa's a great first start.  Then someone like stgraber or highvoltage can look at 'em and upload to universe.
[22:05] <mhall119> ok
[22:06] <mhall119> do I need to make separate PPA's for packages targetting lucid and karmic?
[22:11] <sbalneav> No, the ppa will automatically handle multiple distros.
[22:20] <highvoltage> mhall119: source packages
[22:20] <highvoltage> mhall119: you can use your current ppa
[22:21] <mhall119> ok, cool
[22:21] <mhall119> I'll let you know when they're up and relatively stable
[22:22] <highvoltage> mhall119: great!
[22:22] <mhall119> if I get XSplash and GDM themes up now, can I update them with my new artwork when it comes in?
[22:22] <highvoltage> yes you can indeed
[22:22] <mhall119> excellent
[22:22] <mhall119> I want to get caught before Alpha 3
[22:22] <highvoltage> you'll just have to release a new version of the package
[22:23] <mhall119> how do you manage the edubuntu cd, do you upgrade the packages in place, or get a new base image and re-apply your packages each time?
[22:33] <highvoltage> mhall119: built from scratch daily
[22:33] <highvoltage> (as in debootstrap and then meta-packages are installed)
[23:08] <mhall119> debootstrap?
[23:09]  * mhall119 reads the man page