[01:57] yofel: anything I can do on the bug you said fixed in sid? [01:58] the openclipart bug [01:59] nigelb: don't think so, I posted a sync request for that (bug 529625), so we'll have to wait now [01:59] Launchpad bug 529625 in openclipart (Ubuntu) "Sync openclipart 0.18+dfsg-9 (universe) from Debian unstable (main) (affects: 1)" [Wishlist,New] https://launchpad.net/bugs/529625 [01:59] ah, so posted a sync request already [01:59] I was about to post one :) [05:57] Can somone take a look at Bug #529744 and tell me what they think needs done to it to get a code reviewer to look at it. [05:57] Launchpad bug 529744 in gnome-system-tools (Ubuntu) (and 1 other project) "When creating a user shortname should really be username. (affects: 1)" [Undecided,New] https://launchpad.net/bugs/529744 [06:03] Anzenketh: : you can leave it as in progress and subscribe the "review team" [06:04] Anzenketh: select the "subscribe someone else" , and search the "ubuntu review team" [06:06] Thanks [06:06] Anzenketh: why is there a GPG key in there? [06:06] in my patch [06:06] First time submitting a patch for ubuntu [06:06] last one I did was for gnome [06:06] yes, why is there a key in the patch? [06:06] Following instructions. [06:07] Anzenketh: from where? [06:07] https://wiki.ubuntu.com/PackagingGuide/Recipes/Debdiff [06:08] Was not clear on if I should or not [06:08] Anzenketh: also, it says debian/control is generated, but your debdiff shows it modified [06:08] Anzenketh: I don't think you understand the instructions [06:08] I don't think so either [06:08] Anzenketh: you sign the package with the key, not include it [06:09] Ok I am up to step 5 on that then [06:09] Anzenketh: I suggest you delete that patch and try to upload a cleaner one [06:09] Will do [06:10] Anzenketh: it looks like you did the debdiff right though... [06:14] Still trying to figure out how I am suppost to see if it did what I think it should have [06:14] aka verify the fix. [06:17] Anzenketh: idk [06:17] Neither do I I am going to try something else [06:17] Anzenketh: the string replaces looked good [06:18] Ya it was a easy fix [06:18] Just the type I like [06:19] Anzenketh: so, remove that key, rebuild and do the debdiff again [06:19] Working on it. [06:19] Anzenketh: remove the key from teh package dir [06:56] argh lp is really hungry :/ it eats half the comment at times.. [06:58] vish: you using gm scripts? [07:00] nigelb: yeah , i have it installed.. but the comment was from the edit-status box and did not use the bug squad response [07:00] vish: Does it happen when there is a release name mentioned in the comment? [07:00] like Lucid or Karmic.. [07:01] hmm , this time , i did mention.. dont recall earlier [07:01] If so turn off highlighting, its a bit buggy. [07:01] ddecator mentioned it here some time back [07:02] LP seems to be eating the comments up to the name of the release, but its actually the GM script [07:02] the funny thing is , the lp mail has my comment full , but just not *in* LP [07:02] its just hidden [07:02] what did i mention? [07:02] disable the highlighting [07:02] and refresh, you can see the whole thing [07:02] vish, turn of the highlighting option [07:02] ddecator: gm scripts being buggy ;) [07:02] vish, it's been reported [07:02] hm,.. [07:02] nigelb, yah, that's the only one i have trouble with... [07:03] ddecator: I noticed the same thing as vish [07:03] let me find the report... [07:03] it is now disabled for me [07:03] that's how i noticed it too, haha [07:03] ha , i can see ! [07:03] there it is! [07:03] hehe [07:04] bug 504956 [07:04] Launchpad bug 504956 in launchpad-gm-scripts "partially hidden comment in bug report (affects: 5) (dups: 1)" [Undecided,Confirmed] https://launchpad.net/bugs/504956 [07:04] hehe , others would have thought what am i talking about , i one bug report , i mentioned lp ate my comment and commented again ;p [07:04] in one* [07:04] hahaha [07:04] haha, if they use the scripts then i'm sure they'll know [07:05] i noticed it when i got an email showing the full path to an iso file when i was trying to help someone make a live cd, but then lp itself only showed part of it, then i noticed it always stopped after the highlighted text...not sure why there hasn't been any work on it [07:06] ddecator: brian will get to it [07:06] eventually ;) [07:06] ah, did brian write them? [07:06] ddecator: he wrote the highlight script [07:07] nigelb, gotcha...well i would rather he review my -control application first, the highlighting can wait ;) [07:07] lol [07:07] I tend to think the other way though [07:08] what, that the highlighting script is more important? [07:08] ddecator: You ought be hunting *others* to review the application first: bdmurray may be the admin, but doesn't tend to act as final arbiter. [07:08] a bug fix is more important than me and you getting rights [07:08] persia: I thought we were to wait for someone to do it? [07:08] (I did get 1 review, waiting for the ack) [07:08] persia, idk how i would "hunt" others...hg_gdh gave me a +1, but i thought brian had the final say [07:09] ddecator: you need two +1s [07:09] nigelb, ah...half way there =) [07:09] ddecator: same here ;) [07:09] bdmurray tends to just administer this, and it's the rest of bugsquad that should be reviewing. [07:09] persia: what is the criteria for bug control approval? some applicants get approved when there is just one person approving .. [07:10] I forget precisely. It's something like a set time period (may be longer) with positive advocations and no leftover questions or issues. [07:10] vish: are you confusing bug control and bug squad? [07:10] yah the whole system is a little "mysterious." the wiki pretty much says "let us know these things, and it may or may not happen" [07:10] nigelb: nope ;) [07:10] I think it's supposed to be some minimum number of endorsements, but most of us don't spend enough time reviewing work of potential applicants. [07:11] * nigelb prods persia to review applications ;) [07:11] So, if you're in bug control, please make an effort to respond to some of the applications. [07:11] there needs to be a minimum number of approvals [07:11] * persia reviews some, but on a time-available basis, and needs more time [07:12] -ahem- i agree with persia's idea of more -control people reviewing apps ;) [07:12] * nigelb feels like persia is like the wind, everywhere, all the time ;) [07:12] * ddecator agrees with nigelb [07:12] * vish wonders if persia's nick is because he likes/liked "Prince of persia" ;p [07:14] No. [07:14] There that bug is all fixed. [07:15] Speeking of bugcontrol how long should I wait before applying? [07:16] Anzenketh, as persia told me, you should apply when you feel ready =) [07:16] Ehh not quite there yet [07:17] Anzenketh: One thing to remember is that it's not about how much time has passed, but how much confidence and learning has occurred. [07:17] Anzenketh: area you running karmic? [07:17] Both [07:17] We had a recent new member who joined bugsquad a week before applying and was approved (but that person had been working towards being a developer for a few months first, so already had a lot of familiarity with working with LP bugs). [07:17] lucid and karmic [07:17] Some people take months or years before they apply. [07:18] Ugh Forgot to change that in my changelog [07:18] Anzenketh: yup ;) [07:19] Anzenketh: did you run what-patch on the source? [07:19] no [07:19] I know verry little about patching bugs [07:19] Don't even know what that does. [07:20] * Anzenketh goes out and looks for a patching ubuntu for dummies [07:20] Anzenketh: just ask in #ubuntu-motu, tell what you're doing [07:20] and people will offer help [07:22] Ok thanks [07:22] this may be better asked in motu, but how much programming knowledge is needed for patching? [07:23] ddecator: you should know how to read code [07:23] ddecator: hehe , ask in -motu ;p [07:23] vish, yah i kinda had a feeling, haha [07:24] * persia really needs to get around to cleaning up and separating the "how to make a patch" and "how to make a candidate revision as a developer" documentation [07:25] * ddecator still hasn't figured out how to package yet either...still not sure what he's doing [07:25] but anyway, back to bug convo =p [07:49] * Anzenketh thinks lucid is ready for use on my main machine. I can put up with a few bugs here or there. [07:49] so long as nouveau and plymouth behave... [07:51] Ya forgot about that. [07:51] It was runing fine on a older nvidia [07:52] it sounds like it may be a simple fix, but yah. it might not affect you. it happens to me on live usb so if it doesn't happen to you in a live session, you should be fine [08:20] well it happened to me in a live session. [08:20] what was that bug number. [08:42] Would anyone care to confirm Bug #529902 (simply install maxima and try to run it)? [08:42] Launchpad bug 529902 in maxima (Ubuntu) "maxima tries to find /lib/libreadline.so.5 but 9.10 has .6 (affects: 1)" [Undecided,New] https://launchpad.net/bugs/529902 [08:44] m0rn|ng [08:45] morning BUGabundo_remote :) [08:45] morning BUGabundo_remote :) === kermiac_ is now known as kermiac [08:46] hey guys [09:01] morning folks [09:01] mornin yofel :) [09:05] morning yofel :) [09:05] hi nigelb, kermiac [09:05] :) [09:43] hi [09:43] Would anyone care to confirm Bug #529902 (simply install maxima and run it)? [09:43] Launchpad bug 529902 in maxima (Ubuntu) "maxima tries to find /lib/libreadline.so.5 but 9.10 has .6 (affects: 1)" [Undecided,New] https://launchpad.net/bugs/529902 [09:47] are openpgp keys a person key to a profile on LP or can or will a certain team have pgp keys? [09:49] anyone can display correctly this site in flash on firefox ? http://www.grandpalais.fr/visite/fr/#/l-exploration/monument/histoire-du-monument/prouesse-architecturale/ i'd like to discriminate a flash problem from a video driver problem or other [09:50] pascalFR: what problem do you encounter? [09:51] nigelb: images are jumping inside the animation dont know how to say it better in english [09:51] pascalFR, are they flickering? [09:51] yes Zus [09:51] pascalFR: there is something wrong indeed. but it could be a problem with that site itself [09:51] flickering here also [09:52] i also just ran update manager before comming online...so i think im updatred [09:53] pascalFR, what site is this pretty cool [09:53] I deactivated composition on kde with shift-alt-f12 and same result less CPU indeed [09:54] i wonder if it is displayed correctly in windows [09:54] Anzenketh: Regarding the ubiquity hug day that you're trying to organize, if it comes to fruition, could you please make it clear to the participants that the most helpful thing people can do is try to reproduce reported bugs in ubiquity debug mode (ubiquity -d) and attach the logs upon failure using ubuntu-bug bugnumber? [09:54] Anzenketh: Also, please ask that they don't mark bugs as duplicates or close bugs that don't have logs or a response. [09:54] cant help there im on ubuntu 9.10 100% [09:54] We've had problems in the past where people have marked loads of bugs as duplicates that were not. [09:54] so am i [09:55] i have a question about pgp's [09:55] other friends say it is displayed correctly on windows [09:56] are pgp bound to me personaly or would a specific team have one ? [09:56] Zus: this isn't the right place to ask that, sorry [09:56] ev: I don't understand what fruition is. [09:56] a little bit flickering but not the black flickerring under linux [09:57] Zus: Try asking in #launchpad : it may be trivial (but it may not), as pgp identities are email addresses, which teams can have. [09:57] Anzenketh: apologies. It roughly translates to "if the bug day you're planning happens" [09:58] ok then thanks i guess you need it to sign the code of conduct [09:59] pascalFR: It flickers horribly but works otherwise and when not moving about.. [10:00] oh hi arand [10:01] Zus: Yea, I'm everywhere ;) [10:01] arand: yes ok so i'm not alone what video chipset ? [10:02] pascalFR: Nvidia, 185, proprietary, laptop... 32bit flash.. compiz.. [10:02] ev: Ok I added a notes page to the wiki. [10:03] pascalFR: G84 [GeForce 8600M GT] [10:04] arand: ok i am on intel GM965 so its not video driver dependent [10:18] I am outa see ya all === kermiac is now known as kermiac_ === pascalFR is now known as PascalFr_parti [12:20] :) [12:37] I just found an interesting hardware dependency (PIII faster than P4) concerning a mobile broadband bandwidth issue – Bug #525049. What could be the packages affected? [12:37] Launchpad bug 525049 in ppp (Ubuntu) "3G download speed is very slow compared to Hardy or Microsoft Windows OSs (affects: 1)" [Undecided,New] https://launchpad.net/bugs/525049 [12:39] hello [12:40] anybody here? [12:40] !ask [12:40] Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) [12:41] i dont have a question, i have a bug [12:41] :) [12:42] in Acer Aspire 5710z Synaptics driver [12:42] the bug is with the laptop mode, if i change battery or AC power i got some touchpad malfunction, its jumping all over the screen and opening menus or submenus [12:43] anybody heard of this bug? [12:45] !bug synaptics [12:49] maja87_: Have you searched fro the bug in launchpad? [12:51] maja87_: odd , i have an Acer Aspire too and I noticed something similar with windows XP , and that was before I installed Ubuntu[linux] .. when using windows i just imagined it was a virus and reinstalled the drivers... [12:51] vish: And you don't get it now? [12:52] nope.. :) [12:52] bdmurray: ping [12:53] i trying to find it in launchpad yes [12:53] and in xp there is no error [12:54] bdmurray: I got a mail overnight saying I need to contact you (or ogasawara or jcastro or pedro_) to prevent my (https://launchpad.net/~charles-rebelbase) ubuntu-bugcontrol membership from expiring [12:54] the problem only stand in 9.04, 9.10 [13:19] hi, it would seem ubuntu fails to provide an fire wall [13:19] that is at least as capable as windows firewalls where back in 1999 or so [13:20] Are you sure? We have heaps of firewall packages. [13:21] but iptables is broken [13:21] it fails to provide --cmd-owner option [13:21] which makes it impossible to make the most obvious and important thing in firewall: disable given PROGRAMS to use internet [13:22] LimCore: Well, I'd claim that the issue is that iptables is buggy, rather than the issue being that a firewall isn't provided. [13:22] Has this bug been filed? [13:22] not yet. its probably a compilation option [13:22] for unknown reasons, perhaps someone breain dead designed it [13:22] Well, either file it or go fiddle and fix it first :) [13:23] But statements like "hi, it would seem ubuntu fails to provide an fire wall" don't help reach the goal. [13:23] "hey, we have 592 options in firewall, but lets take one of 3 MOST IMPORTANT security options in iptables, and lets make THIS option to be optional / not compiled by default =)" what where they thinking [13:23] now but seriously [13:23] what where they thinking??? [13:24] Well, that's the nature of what we do. All of us (including you) find stuff that doesn't do what we want. We then fix it. [13:24] Eventually we'll be perfect, but it might take a while :) [13:24] most important firewall options: 1. block all inbount (all server connections) 2. block given outbound ports. 3. block unauthorized programs. And Ubuntu proviedes, 1, and 2, and then 100 other options, but fails to provide 3rd... ??? [13:24] Those aren't my most important options at all :) [13:25] I am happy for all the work on free software and so on, but someone had to be really very incomeptent or short sighted to disable such super imprtant thing [13:25] My three would be 1) provide port filtering for inbound and outbound access, 2) provide smart proxies for selected protocols, 3) provide an authentication mechanism that allows clients to adjust filter application [13:26] In fact, on reflection, I probably never want to block based on process owner because I don't run trusted machines in untrusted networks. [13:26] And I don't run programs on firewalls. [13:27] This isn't to say the feature isn't useful, just that I'm unlikely to use it [13:28] (note also that process owner is defined by the command executed, and is not particularly difficult to spoof) [13:28] huh? [13:28] you block local originating connections based on local application [13:28] in example [13:28] you want ping to use internet, and firefox [13:28] but you do not want adobe-pdf-reader binary to connect to internet =) [13:29] nor you want ./from-my-friend/trojan.lol.bin to connect [13:29] Zone Alarm did it right [13:29] on windows [13:29] in 1999 or so [13:29] now we could do it as well on ubuntu (just 10 years later ;) IF we have --owner-cmd in iptables [13:30] I understand the feature you want to exist. I am unlikely to use it myself. I have ideas as to how to work around such a filter. [13:30] only really noob users would not use this [13:30] So, if you implement it, and I have some time, I might file some private security bugs if I can spoof it. [13:30] do not take this personally, I just take it from windows [13:31] only most noob users did not used Zone Alarm or similar thing. And that is by 2000's standards [13:31] LimCore: don't make personal comments/statements then [13:31] LimCore: your attitude/rantings towards bugs has to stop now [13:31] it's gone on long enough [13:31] well everyone is a noob in some area of life nothing to be ashame of. I am sure Im noob about for examply health care and such ;) But ok then [13:31] so how to rebuild iptables with this option [13:32] this really needs to be patched [13:32] LimCore: only a noob would ask that question [13:32] LimCore: Really, it's not as simple as that. I wouldn't bother because I trust my network and have a cryptographic trail for every executable on every trusted machine. As a result, there's no point. But I agree that most people aren't as paranoid as I. [13:32] LimCore: the function you require, is it in iptables, yes/no ? [13:32] persia: are you sure none of your applications contains an exploit? [13:32] ikonia: it is available, but turned off in ubuntu [13:32] LimCore: how is it turned off ? [13:33] LimCore: what has been done to disable it ? [13:33] LimCore: Rather, I'm sure nearly all of them are, but I'm sure none are currently passing information in a way I'm not aware of. [13:34] hmmmm [13:34] this seems surprisingly undocumented on iptables homepage [13:34] * LimCore digs in [13:34] persia, I am rather curious to know how you deal with the checksums or whatever for your executables. Is it something like tripwire or AIDE? [13:35] LimCore: are you %100 sure the functionality exists in iptables [13:35] ikonia: yes [13:35] LimCore: how ? [13:35] LimCore: what gives you this confidence [13:35] thousands of forums and iptables mailing lists guestions [13:35] A quick google search reveals that those commands should exist for iptables. [13:35] Pici: where I'm going is what version [13:36] Pici: it is surprisingly hard to find descriprion of that cmd in iptables homepage [13:36] site:netfilter.org "--cmd-owner" -lists -ftp -svn returns nothing [13:36] site:netfilter.org "--cmd-owner" -lists returns something else [13:36] LimCore: at what point was this command introduced to iptables, is it new/legacy ? [13:36] I see mentions of it from years ago [13:36] ok - so it's legacy [13:36] I remember experimetin with it years ago too [13:37] so have you contacted either by mail/launchpad/bug the iptables package maintainers for ubuntu to find out why it's been removed and how ? [13:37] cyphermox: I use debsums actually, and prohibit executables outside of / and /usr (and track failures in /etc). [13:37] LimCore: your arguments and the way you discuss them is almost indistinguishable from some forms of trolling I've seen in my life. Could you make your point in a more acceptable way and not call us, users or the way we do things "stupid", "noobs" et cetera? [13:37] persia, nice. [13:39] cyphermox: It's a little annoying to set up because you need to mount everything in special places, and eset noexec in fstab, etc. but once it's there, it just works. One of the advantages of debian-based systems that people don't always know about. [13:39] LimCore: wrt --cmd-owner please see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=492284 [13:40] kklimonda: Error: Could not parse data returned by Debian: (-2, 'Name or service not known') [13:40] LimCore: don't we have SElinux and similar to do precisley that? [13:40] kklimonda: interesting so it's been dumped from the kernel support [13:40] persia, does sound nice. I've been asked to build *very* secure systems on RHEL in the past, similar things exist but there's often just a little thing missing or slightly wrong (IMO). Make me do some pretty cool code to extend acct though :) [13:41] cyphermox: My solution isn't *very* secure. It is subject to tampering. If you need to be more paranoid, run several different integrity checkers, and store the results remotely for comparison. [13:41] But I think my solution is secure enough that with traffic monitoring I can know if something unexpected is happening, and have a fair degree of confidence. [13:42] BUGabundo_remote: there is, but SELinux is a bit "too big guns" and apparmor is not so good yet [13:42] persia, it's still pretty good... one needs to keep a reasonable balance between security and convenience. [13:43] cyphermox: Indeed. Just don't try to sell the default system as *very* secure :) [13:43] LimCore: what are the limitations of apparmor that make it "not so good yet"? [13:43] persia, oh no :) [13:43] jdstrand: it is not trivila to use, the error messages are not always helpfull, there are some bug(s) that I reported, it lacks a nice gui etc [13:43] * BUGabundo_remote wonders when did #-bugs got renamed to #-security [13:44] I like the topic, but it's a bit OT in here [13:44] its a security bug/missing feauture [13:44] LimCore: no [13:44] LimCore: it's been removed from the kernel [13:44] BUGabundo_remote, I did get a little off-topic, thanks ;) [13:44] LimCore: #ubuntu-bugs is for bug triaging ... not winning [13:44] tired of this ranting about nonsense [13:44] LimCore: well, the point of apparmor in Ubuntu is to mostly stay out of the way of the user (which is why a gui hasn't been developed yet). as far as other MAC systems are concerned, it is considerably easier to use [13:45] Belongs in -hardening, but they probably have an even better solution. [13:45] persia: you security system will not prevent a targeted attack to quickly and simply use exploit in any application to steal data from the user [13:45] LimCore: then log a bug to the kernel develoeprs on kernel.org [13:45] LimCore: I suppose. That's why I don't keep critical data on machines that have access to the internet. [13:45] LimCore: there are bugs in all software, however, apparmor does a lot to help security in the default install [13:46] jdstrand: if he cares about security as much as he claims with these random "security incidents" he'd learn how to setup apamor or selinux [13:46] LimCore: But we're well off-topic. The issue is the feature you want. Apparently linux doesn't support it any more. You want something like SELinux or Tomoyo or apparmour, etc. [13:46] persia: having 5 computers for every other thing you do is very secure, but very uncomfortable. A simple application matching filtering with simple GUI to learn would suffice [13:46] LimCore: Depends on the use case. Like I said, that it's not important for me has *nothing* to do with whether it's important for you. [13:46] ikonia: sure. I was not responding to backscroll so much as the isolated comment. if my reply was out of context, I apologize [13:47] jdstrand: not out of context at all, very valid [13:47] ikonia: each time you see some a bit advanced topic you say its "nonsense". This area of security is definatelly not nonsense [13:47] LimCore: it's not an advanced topic, I see the point you're trying to make, but you make these comments without ANY research [13:47] is apparmor stil the prefered security MAC tool in ubuntu? [13:47] LimCore: yes [13:47] or perhaps are we moving to tomoyo or grsec [13:47] it's still the default enabled [13:48] ikonia: the reaserch is that I know that this feauture is very needed. If its not supported by iptables no more than well it is quite unfortunate. [13:48] LimCore: the ubuntu-kernel team has put a lot of effort into it in the last two cycles to get it in mailine (it is *very* close). the ubuntu-security team has also done a lot of work on profiling [13:48] Hopefull this still can be achieved [13:49] well this could be done as well by apparmor [13:49] LimCore: we've also pretty much incorporated everything in grsec that can be incorporated in a mainstream distribution, aiui [13:50] pax randomization too? [13:50] LimCore: a.) you don't know it's needed b.) you've not looked at why / how it was removed c.) you call people like the ubuntu developers incompetant - when actually it is YOU who are looking like you don't know what you're doing by making random issues up, when in reality here is the bug "I limcore would like this iptables feature enabling somehow in ubuntu" - it's not a bug, it's a feature request, [13:50] Not that it's a default recommendation, but I know that tomoyo upstream was happy with the state of tomoyo on karmic. I expect the same would be true for lucid, so users have lots of options (as many as can be sensibly combined). [13:50] LimCore: https://wiki.ubuntu.com/Security/Features has all the details [13:50] and it's not an ubuntu issue - it's a change in the kernel design [13:51] persia: re tomoyo> that is very good to hear! [13:51] ok so I was mistaken, its sad that kernel upstream removed this -owner-cmd [13:51] in either way [13:51] paxtest has all the answers [13:52] I am sure Ubuntu should provide a application + host/port filtering application with easy to use GUI [13:52] LimCore: they do ufw [13:52] jdstrand: Is there interest in ensuring it works? The Japanese team does a bit of coordination with the Tomoyo team, and I could maybe send them your way. [13:52] Otherwise I suspect they'll stick to filing kernel bugs if required. [13:52] to provide protection like with ZoneAlarm; Each new application for given user asks, like, are you sure you want to allow Firefox to connect? Yes ; Only to LAN ; Only to port 80; No [13:53] are we thinking of moving from app armor to tomoyo? [13:53] LimCore: no [13:53] LimCore: No. Or at least, not soon. [13:53] LimCore: no [13:53] I don't know why you keep saying that [13:53] I was happy to see apparmor, but after some testing I found number of problems, especially in area of tweaking it easly [13:53] LimCore: Did you file bugs? [13:53] like the other security issues you find [13:54] LimCore: apparmor is more fully functional, tested and integrated into Ubuntu. tomoyo is there for those who want it, but apparmor is the default and that is not going to change in the forseeable future [13:54] bug #421216 [13:54] Launchpad bug 421216 in apparmor (Ubuntu) "Useless "null-complain-profile" warnings flood dmesg log (affects: 1)" [Undecided,Incomplete] https://launchpad.net/bugs/421216 [13:54] yeah I should go back into this topic [13:55] perhaps app armor will work out after all [13:55] so your customer profiles create error messages.......Hmmmmm [13:55] * jdstrand actually asked LimCore for more information in that bug, but never received it ;) [13:55] jdstrand: I was just going to say that ;) [13:55] ikonia: the bug is that this error message not allowing user to understand where are they from [13:56] LimCore: Please update the bug, rather than chatting here. It will get a better result. [13:56] that too, but Im more interested in this equivalent of ZA [13:57] that's your hot topic of the hour [13:57] LimCore: btw, that is obviously a bug, but you asked for at least the PID in that-- it is part of the line 'pid=19145' [13:57] LimCore: why not revisit your firewire bug that's all ubuntu's fault [13:57] or one of the many otherss [13:58] ikonia: that ZA is the firewall bug [13:58] LimCore: there is currenrlty no ZoneAlarm style app developed by ubunutu, there is UFW, firestarter, iptables-builder - all are gui and can assist you [13:58] LimCore: no - it's not a firewall bug, it's a kernel bug and nothing to do with ubuntu [13:58] slight correction-- ufw is cli, but there is gufw that is a gui for ufw [13:59] go to #kernel and tell the developers they are incompentant - in the same way you call the ubuntu developers [13:59] lets see how far that stinking attitude gets you [13:59] main point of ZA is that user is interactivly informed and asked to confirm given connection while a new application is trying to connect (and then this rules are updated based on his response) [13:59] LimCore: zonealarm is not a linux product - stop referencing it [14:00] LimCore: if you want to right zone alarm for linux - go for it, but don't you dare start calling people incopentant again for a freature you want but doesn't have - and you've done nothign about [14:00] ikonia: Linus do have a very family friendly style [14:00] LimCore: that has nothing to do with it [14:00] hmm ok perhaps I was not clear previously [14:00] SORRY I WAS MISTAKEN, it is a kernel decission to remove this command I needed; and there seem to be some reasons for that [14:00] LimCore: go and rant at #kernel for their foolish designs and treat them the same way you treat this channel and the people of the ubuntu community [14:01] we discussed that feature of ZA recently, and it is not something that is particularly interesting (to me and the security team) due to the potentially extrememly poor user experience: "I want to do something, so now I have to click Ok on a bunch of popups" [14:01] since they want to do it, they will clock 'Ok' [14:01] LimCore: it doesn'tmatter if you where mistaken, you think this is incompetance, so therefore it's the kernels developers incompetence, or are your instults and lack of respect saved up just for ubuntu developers [14:02] ikonia: above remarks should go to kernel, yes [14:02] LimCore: no - they should not go anywhere [14:02] LimCore: your attitude towards people who offer there time, needs to change, as you can tell I'm pretty annoyed by your presistant rude and offensive approach to logging bugs and feature requests, and it has to stop now [14:02] /if/ they killed a potentially important part of security, then it is not very good [14:02] Um, can we get back to the bug please? [14:03] persia: actually I'm not sure [14:03] persia: I'm fed up of this attitude and I'm questioning if this sort of attitude should get attention [14:03] this would be more of a blueprint then a bug? [14:03] behave like a child, rant and rave and get your bug looked at, rather than do the research, log the bug and commuicate clearly [14:04] ikonia: you said you will fix a bug for a bug I fix, then lets do this one [14:04] this isn't a bug [14:04] ikonia: We don't actually do anything other than help triage bugs here. Don't fear that any different engagement model will get different results. [14:04] this is you wanting an application desgned and developed [14:04] humf [14:04] guys take 5 everyone [14:05] we all need to fresh our heads for a bit [14:05] LimCore: So anyway, bug #421216 needs a comment, I suspect. [14:05] Launchpad bug 421216 in apparmor (Ubuntu) "Useless "null-complain-profile" warnings flood dmesg log (affects: 1)" [Undecided,Incomplete] https://launchpad.net/bugs/421216 [14:05] LimCore: please rest a bit, and file all bugs and wishbugs as approprieted [14:05] ok. Have to build a test box first. Then we will finish it [14:06] LimCore: And please file a new bug asking for the per-command network restrictions. That iptables can't do it anymore doesn't mean that there isn't another way (perhaps with apparmor) [14:06] LimCore: Thanks. [14:08] for a new tool, c++ + libboost + wxWidgets should be fine? or are his dependencies "too big" [14:09] LimCore: speak to designers, this is a bug channel [14:16] hum. I see that life was not boring while I slept [14:17] good morning hggdh ;) [14:18] good morning thekorn [14:18] er, afternoon [14:18] eheh hggdh :p wb [14:18]