[15:06] <alecu> hello
[15:06] <lool> seb128: (settings things up?)
[15:06] <seb128> lool, yeah, start broadcast now
[15:06] <timchen119> hi
[15:06] <Laney> o hai
[15:07] <seb128> ok, we are on
[15:07] <seb128> http://youtu.be/me8fjTGM0Gk
[15:07] <seb128> for the video
[15:07] <seb128> https://plus.google.com/hangouts/_/76cpi5e1q127qe0elqtkkts9ls?authuser=0 for the hangout
[15:07] <kenvandine> pad isn't connecting for me
[15:07] <lool> works here, albeit it's empty
[15:07] <seb128> http://pad.ubuntu.com/ep/pad/view/uds-1311-client-s-system-settings-panels for the notes (if it works, I get an error atm)
[15:08] <seb128> https://blueprints.launchpad.net/ubuntu/+spec/client-s-system-settings-panels for the blueprint
[15:08] <lool> I'm pink today
[15:08] <tedg> lool, It's a very pretty pink.
[15:08] <alecu>  etherpad fails for me too
[15:10] <lool> what happens when one switches between apps with side stage?
[15:11] <attente> can't login to the hangout :S
[15:11] <seb128> attente, why not?
[15:12] <lool> (sorry, previous question was ECHAN)
[15:12] <seb128> https://wiki.ubuntu.com/SoftwareUpdates#Phone
[15:13] <lool> tedg: Sounds too advanced to me
[15:13] <lool> tedg: in terms of user experience
[15:14] <tedg> lool, It's okay, you don't have to use it.  ;-)
[15:14] <lool> it will clutter settings though
[15:14] <Laney> Trust In Mpt
[15:14] <tedg> lool, It's not the default, it's more the "I screwed up and want to reset"
[15:14] <lool> there is nothing like this in android or ios
[15:14] <tedg> lool, Hoping it's going to be in a panel instead of it's own.
[15:14] <ralsina_> Is there any plan for being able to go from a app to settings (via a settings URL) and then go back to the app?
[15:14] <tedg> lool, Yes there is, preferred apps on Android
[15:15] <gatox> QUESTION: <ralsina_> Is there any plan for being able to go from a app to settings (via a settings URL) and then go back to the app?
[15:15] <lool> tedg: I only found a "reset preferred apps" button
[15:15] <lool> it's well hidden indeed
[15:16] <lool> tedg: use case for going back to the app is click scope installing a package after you add your U1 account
[15:16] <ralsina_> we open the panel from the dash :-)
[15:17] <lool> seb128: what happens is that you get to the main settings
[15:17] <lool> rather than going back to where you came from
[15:17] <lool> kenvandine: Yeah
[15:17] <tedg> lool, I don't think it's something we need to make easy, just something we need to make possible.
[15:17] <alecu> QUESTION: does this work too if system settings is already open?
[15:18] <alecu> (opening a given setting page)
[15:18] <Laney> yes
[15:20] <Laney> as of today ;-)
[15:21] <ralsina_> QUESTION: mardy, we are launching it from the dash, so modality is confsing at least until the dash is "just another app" in the future
[15:21] <jdstrand> tedg: there is a bug for that and a plan
[15:22] <tedg> jdstrand, And a prayer?  ;-)
[15:22] <jdstrand> tedg: bug #1230091
[15:22] <udsbotu> Ubuntu bug 1230091 in unity-mir "[enhancement] Window reparenting (required for appstore app trust model)" [High,Triaged] https://launchpad.net/bugs/1230091
[15:23] <ralsina_> cool
[15:23] <jdstrand> let me find the bp...
[15:24] <jdstrand> tedg: https://blueprints.launchpad.net/ubuntu/+spec/client-1311-trust-store-and-sessions. session later today
[15:24] <alecu> Laney: this is when doing app purchases from a preview in the dash
[15:24] <jdstrand> (http://summit.ubuntu.com/uds-1311/meeting/22059/client-1311-trust-store-and-sessions/)
[15:24] <tedg> jdstrand, Interesting, I don't know why that needs XEmbed or reparenting...  seems it can use system dialogs.
[15:25] <jdstrand> I am the wrong person to talk to about that
[15:25] <jdstrand> tvoss_ gave a presentation on his ideas. I think he is going to go over it in the session
[15:25] <tvoss_> jdstrand, o/
[15:25] <mdeslaur> QUESTION: any plans on making the icons interactive, so clicks actually look like they worked?
[15:25] <tedg> jdstrand, Oh, cool.  It's fun to yell at tvoss_! ;-)
[15:25] <jdstrand> tvoss_: hi! :)
[15:26] <jdstrand> tvoss_: I was talking up your session later today :)
[15:26] <attente> i did something with the display languages panel before where there was an activity indicator there
[15:26] <tvoss_> jdstrand, \o/
[15:26] <tvoss_> jdstrand, kenvandine just to make sure: no xembed :)
[15:26] <tvoss_> or mirembed
[15:27] <kenvandine> haha
[15:27] <kenvandine> tvoss_, indeed
[15:28] <mdeslaur> cool, thanks
[15:30] <seb128> https://blueprints.launchpad.net/ubuntu/+spec/client-t-system-settings-testing
[15:30] <cyphermox> seb128: at the very least the timing for the tests shows up in jenkins, sometimes
[15:32] <seb128> cyphermox, thanks
[15:33] <Laney> I was thinking that it has a test for opening each panel
[15:33] <Laney> so it could record how long that takes
[15:34] <JackYu> seb128, is there any part of this project that Ubuntu Kylin can join?
[15:36] <seb128> https://wiki.ubuntu.com/LanguageAndText#phone
[15:36] <seb128> JackYu, do you have any specific topic/panel/setting in mind?
[15:37] <JackYu> seb128, not yet. We want to join first:)
[15:38] <JackYu> sure, thanks. I think this a interesting work.
[15:38] <seb128> JackYu, you are welcome to join, we have lot of workitems aligned, if you want to take with any feel free, just check with us first to make sure we don't dup work
[15:39] <JackYu> seb128, I see. Thanks.
[15:40] <Laney> Maybe try it out in Chinese and find all of the bugs that none of us have seen yet :-)
[15:40] <seb128> thanks everyone
[15:41] <JackYu> Laney, yep, that should be the first step.
[15:41] <Laney> like I'm pretty sure the list of cities in the timezone selector never gets translated
[15:41] <Laney> no idea how you'd even fix that
[15:43] <JackYu> Laney, :)
[16:02] <seb128> jdstrand, mdeslaur, sbeattie: https://plus.google.com/hangouts/_/7ecpi5pr9tj3nrh2h513kh3srg?authuser=0
[16:03] <mdeslaur> seb128: thanks
[16:03] <jdstrand> mterry: https://plus.google.com/hangouts/_/7ecpi5pr9tj3nrh2h513kh3srg?authuser=0
[16:05] <seb128> http://youtu.be/T1j5-yKTguo
[16:05] <xnox> o/
[16:05] <seb128> ^ live stream
[16:09] <lool> tyhicks: ecryptfs seems to have a different performance profile too
[16:09] <lool> tyhicks: like, listing files in a directory, or closing a file might be more expensive operations
[16:10] <qengho> Comparing no crypto, whole-disk, and per-user-home, what is I/O cost like?
[16:10] <ritz> the  /boot is not encrypted , afaik . wrt full disk encryption
[16:10] <ritz>  android offers two mode - full disk, and user data only
[16:10] <ritz>  atleast samsung does
[16:12] <ritz> related - https://bugs.launchpad.net/ubuntu/+source/plymouth/+bug/1239004
[16:12] <lool> xnox, seb128: Sorry, would you mind relaying the performance question?
[16:12] <udsbotu> Launchpad bug 1239004 in plymouth (Ubuntu) "plymouth doesn't support touch screens - Cannot enter full disk encryption passphrase on Lenovo Helix in tablet mode" [Wishlist,Confirmed]
[16:12] <xnox> qengho: there is a hit, but it's symetric encryption so the overhead is linear.
[16:13] <xnox> qengho: it's not significant 1-2% CPU on my laptop. and I use it to compile software just fine.
[16:13] <lool> jdstrand: it's actually harmful to encrypt the read-only part as the contents are well known this makes the encryption weaker
[16:13] <xnox> lool++
[16:14] <qengho> xnox: i'd expect disk to be much slower than CPU and so CPU isn't really a factor, but perhaps there are size changes or a problem in suboptimal block sizes that aren't knowable at install time.
[16:14] <xnox> qengho: there is no size change.
[16:17] <ritz> lvm resize on live volume might break system
[16:19] <ritz> so, ro for converged devices. Do we update in "boot mode", or remount with rw to update
[16:33] <neupuceni> hi to all
[16:35] <qengho> For a encrypted device and no user has logged in, we need to store incoming events and inject them into the user's data when she first logs in.  Getting a SMS should go into a black box.  Taking a photo should be visible now, and then be stored. An incoming call gets no CID lookup, but goes into the call log later.
[16:38] <slangasek> jdstrand: hey, so the other session ended early, I could join the hangout if you want me in there
[16:38] <xnox> slangasek: https://plus.google.com/hangouts/_/7ecpi5pr9tj3nrh2h513kh3srg?authuser=0
[16:38] <xnox> slangasek: was the other session bootsplash?
[16:39] <slangasek> yes
[16:39] <slangasek> it was short, we didn't have people available to speak to the Mir system compositor side
[16:40] <xnox> slangasek: any summary? will we have a point to unlock ecrypted partitions?
[16:40] <xnox> slangasek: ah =(
[16:40] <slangasek> which partitions are you encrypting? :)
[16:40] <slangasek> are you encrypting the root partition?
[16:40] <xnox> slangasek: depends which ones we can unlock =)
[16:40] <slangasek> and, we don't really have provisions for plymouth touch support
[16:40] <xnox> slangasek: right, and mir will start from root partition?
[16:41] <rsalveti> xnox: I think encryption in touch would probably be part of the root fs as well, right?
[16:41] <slangasek> so currently, to avoid putting the system compositor + plymouth in the initramfs (where we may have space limitations), we're currently planning to have it only in the rootfs, and have low-battery mode boot to the rootfs with a different initial event (à la friendly-recovery)
[16:42] <rsalveti> you want a proper UI, virtual keyboard and such to be able to do something
[16:43] <xnox> rsalveti: crazy idea - use NFC token which emits the unlock password (e.g. YubiKey NEO) - or use camera to take & decode QR code to input a secure long password.
[16:44] <xnox> rsalveti: touch keyboard sucks to type 64 character long password.
[16:47] <rsalveti> xnox: haha, right, that is a developer oriented feature, clearly :-)
[16:47] <rsalveti> it's cool, but we need something more human friendly :-)
[16:48] <xnox> rsalveti: is NFC token not friendly? =(
[16:48] <jdstrand> tyhicks: fyi, I tried to take notes in the etherpad
[16:49] <tyhicks> jdstrand: I noticed half way through - thank you!
[16:50] <rsalveti> xnox: well, guess that depends, but I never encrypted my phone to see how that is handled currently
[16:50] <rsalveti> but I'd guess it just encrypts a part of the system
[16:51] <rsalveti> as our rootfs will be ro anyway (in the touch case), seems that requesting input after unity8 is up is fair (login screen?)
[16:51] <xnox> rsalveti: sure.
[16:51] <xnox> rsalveti: unless somebody pushes out customized RO image with private/corporate stuff.
[16:52] <rsalveti> indeed
[18:59] <tvoss_> seb128, r u the session lead?
[19:01] <seb128> tvoss_, no, I'm hosting the hangout but I've no clue about the topic
[19:01] <tvoss_> seb128, ah okay :) I guess I'm asking for the hangout link :)
[19:01] <seb128> tvoss_, starting it, one min
[19:01] <tvoss_> seb128, cool
[19:02] <seb128> tvoss_, https://plus.google.com/hangouts/_/72cpj8vicba1srt47kotesqh7c?authuser=0
[19:02] <seb128> kenvandine, ^
[19:02] <tvoss_> mdeslaur, ^
[19:03] <seb128> kenvandine, sorry, I assumed you wanted to join that one, maybe not ;-)
[19:03] <kenvandine> i do
[19:03] <kenvandine> be right there
[19:03] <zyga> hi
[19:04] <seb128> tedg, ^?
[19:04] <tedg> I was watching.
[19:05] <tedg> Not sure I'm needed on the hangout
[19:05] <seb128> ok
[19:05] <kenvandine> tedg, come on...  you can sing
[19:05] <tedg> I don't own a scarf, I can't be on a hangout with tvoss_
[19:06] <tvoss_> tedg, come on
[19:06] <tvoss_> tedg, https://plus.google.com/hangouts/_/72cpj8vicba1srt47kotesqh7c?authuser=0
[19:06] <kenvandine> we'll forgive you from not having a scarf
[19:06] <tedg> Heh, okay.
[19:06] <jdstrand> I asked jj to join the fishbowl
[19:06] <seb128> http://youtu.be/MR9ghJ0av3k
[19:06] <seb128> ^ streaming
[19:07] <zyga> live
[19:09] <jdstrand> jjohansen: mdeslaur is describing the concept of trusted helpers
[19:09] <zyga> QUESTION (just feel free to answer when there is a time for that), will the policykit model be usable on the touch security model? can we still use pkexec to elevate permissions? etc. Thanks
[19:09] <jjohansen> yep
[19:17] <jdstrand> can people not hear me?
[19:17] <mdeslaur> jdstrand: you're muted
[19:18] <mdeslaur> zyga: not for confined apps, no
[19:18] <jdstrand> I wasn't before
[19:18] <jdstrand> I think I worked it out. we'll see
[19:18] <mdeslaur> zyga: well, actually, yes...for permissions but not for auth prompts
[19:18] <zyga> mdeslaur: so a confined app won't be able to talk to something else using dbus and get that thing to ask policykit questions?
[19:19] <mdeslaur> zyga: confined apps have a limited set of stuff they can access using dbus
[19:19] <mdeslaur> zyga: I don't think anything uses policykit auth currently
[19:19] <mdeslaur> zyga: I don't expect that to work
[19:20] <mdeslaur> zyga: do you have a specific case or example?
[19:20] <zyga> mdeslaur: so desktop apps that currently use that will start to fail
[19:20] <mdeslaur> desktop apps aren't confined currently
[19:20] <zyga> mdeslaur: I mean, assuming I get to run something like udisks on my converged phone/tablet/desktop, wanting to format a disk I have just plugged into my device
[19:20] <zyga> mdeslaur: sure but I expect them to be sooner than later
[19:21] <zyga> mdeslaur: I'm looking for pointers on how app developers that rely on that now are supposed to migrate (or if they should migrate in the first place)
[19:30] <mdeslaur> zyga: I don't have an answer for that right now...I assume formatting a device won't be allowed from apps, but only from a system element
[19:30] <jdstrand> tvoss_: fyi https://wiki.ubuntu.com/SecurityAndPrivacySettings
[19:33] <zyga> mdeslaur: essentially it seems just like asking for the location service, it's doing a special operation that is granted through policykit as an untrusted app, the same way that gnome-disks can be rewritten to have different look and feel but still talk to udisks over dbus, and get udisks to use policykit to either grant or not, access to certain operations
[19:34] <zyga> mdeslaur: I would expect to have a clear policy on how this is going to work in the convergence story, breaking that model would be rather scary as lots of stuff just uses it now, today, and if we expect to keep using it we need a plan on how that works in the touch model
[19:35] <mdeslaur> zyga: yes, we'll definitely think about this and have a clear policy once we start thinking about the converged devices
[19:35]  * zyga doesn't understand why we're doing something different form what policykit provides now, with regards to UI interaction s
[19:35] <mdeslaur> zyga: but policykit isn't appropriate for performing security decisions based on applications within the user's session
[19:35] <mdeslaur> zyga: that's not what policykit does
[19:35] <zyga> mdeslaur: what do you mean by that?
[19:36] <mdeslaur> policykit is for user apps talking to system-level apps
[19:36] <zyga> mdeslaur: right
[19:36] <mdeslaur> that's not what we're doing here
[19:36] <mdeslaur> this is all running _inside_ the user's session
[19:36] <zyga> mdeslaur: how is talking to the location service not just exactly like that?
[19:36] <zyga> jdstrand: ah
[19:36] <zyga> mdeslaur: ah
[19:36] <mdeslaur> because the location service is a daemon runnin in the user's session
[19:36] <zyga> mdeslaur: and running as the same UID?
[19:36] <mdeslaur> yes
[19:37] <zyga> mdeslaur: why is that?
[19:37] <zyga> mdeslaur: why isn't the location service something that runs as a dedicated daemon/
[19:37] <zyga> mdeslaur: I agree that for talking between apps inside the session policykit makes no sense
[19:37] <tedg> zyga, For instance, it could need a user account to get data.  i.e. a Yahoo or Google account.
[19:37] <zyga> mdeslaur: but the example that was given so far made this confusing
[19:37] <zyga> ah, right
[19:38] <zyga> interesting
[19:38] <mdeslaur> zyga: yes, the location service is a weird example
[19:38] <zyga> yeah, that makes sense
[19:38] <zyga> but still it could be a multi-tier thing
[19:38] <zyga> one that only has access to the hardware, another that runs as the user that, for example, has all the credentials and history, and lastly apps, but this is not something that policykit could solve by itself
[19:40] <zyga> IDEA: maybe all of the ui interactions could be delegated to modular trusted applications, so the shell or mir won't care about location service prompts, the location service "app" will
[19:40] <zyga> this way all the future cases could be handled consistently
[19:49] <tvoss_> zyga, that's exactly the idea here
[19:51] <zyga> not sure how this fits the conversation
[19:52] <zyga> on android you see more and more apps that request every possible permission you can think of
[19:52] <zyga> because instead of passing on to another activity to perform some operation
[19:52] <zyga> they instead want to perform that themselves so that they have more consistent UI (maybe?)
[19:53] <zyga> and the result is that the user has dozens of apps that can access stuff that should ideally be only handled by system-level, trusted, open source software
[19:53] <zyga> is there anything we can do to not repeat that problem
[19:53] <mdeslaur> that's exactly what we're trying to prevent. Apps won't be allowed to access stuff directly, they will only be able to access trusted helpers
[19:54] <mdeslaur> apps won't be able to access the gps directly, they can only query the location service
[19:54] <mdeslaur> and the location service itself will do the user prompts
[19:54] <mdeslaur> using the library/service we're developing
[19:54] <mdeslaur> that library/service will ensure the user interface for prompting is consistent
[19:54] <zyga> if an app can "load contacts" vs "pick one contact" then the security feature is basically lost, it's about preventing a class of data theft apps that hide under simple toys with manifests that grant them permissions users don't understand
[19:54] <kenvandine> https://wiki.ubuntu.com/Security/TrustStoreAndSessions
[19:54] <kenvandine> mardy, ^^
[19:55] <mardy> kenvandine: thanks
[19:55] <mdeslaur> zyga: apps can't access contacts. the only thing they can do is ask the system to ask the user to pick a contact
[19:55] <mdeslaur> at which point the app gets a single contact
[19:55] <zyga> mdeslaur: that's good to hear!
[19:56] <zyga> quick question
[19:56] <zyga> will all of this still work if we choose to implement html5 mobile phone APIs?
[19:57] <tvoss_> zyga, sure, it comes down to wiring up the runtime correctly
[19:57] <tvoss_> runtime = web runtime
[19:57] <zyga> thanks