/srv/irclogs.ubuntu.com/2015/01/18/#xubuntu-devel.txt

ochosibluesabre: you didn't push any of your catfish changes yet, right?00:02
bluesabrenope00:03
ali1234i have 140 zombie pidgins :(00:03
bluesabreochosi: saw that xubuntu-artwork was updated, will push that probably tonight00:03
ochosibluesabre: i originally wanted to wait until gnome had added his in-development wallpaper, but yeah, i'd say go ahead. that way we'll discover more missing icons etc00:04
knome:P00:04
bluesabrealright00:12
bluesabrethanks a lot gnome!00:12
bluesabres/g/k00:12
knomehah.00:13
knomegee00:13
knomei'm off to bed00:13
knomenighty00:13
bluesabrenighty knome, have fun00:15
Unit193ali1234: Wow!  Lock your doors, bar your windows!00:16
Unit193ochosi: And dang.00:16
ochosibrainwash: that MR looks a bit messy with the .pc folder, we'll see what potential uploaders will say00:30
yanpasHello everybody! I want to report a bug, but it doesn't refer to any package. I may explain it here09:22
elfyyou can try 09:22
elfyali1234: for what it's worth I reported mine 09:24
yanpasAutostart application start too early, so they have problems with gtk theme, fonts or even doesn't work. I use autologin option09:26
yanpasapplications*09:26
yanpaswill try to report it to xfce-session. Maybe I will be redirected.09:48
brainwashochosi: ok. but will someone look at it? I will have to ping a "potential" uploader, right?10:34
ochosibrainwash: no, i'll take care of that part10:42
ochosi(in case you're referring to your xdg-utils patch)10:42
brainwashochosi: yes, thanks10:43
ochosino problem10:44
ochosii'll just have to see what sort of feedback i get about that .pc dir10:45
ochosii hope they'll clean up the package a bit10:45
Unit193Only thing I can think of, micahg commented once that he dislikes making reviews with that, but didn't imply it was actually against general guidelines.10:46
ochosihm ok10:46
ochosiyeah, it makes the diff a bit messy10:46
Unit193^10:46
ochosianyway, will see what u-desktop folks say..10:47
brainwashI'm trying to patch our xubuntu keybind file in trusty (rename Control to Primary). this will fix the bug almost, only leaving the maximize keybind in a broken state10:49
brainwashhttps://bugs.launchpad.net/ubuntu/+source/xfce4-settings/+bug/1292290/comments/3110:49
ubottuLaunchpad bug 1292290 in xfce4-settings "Window manager keybindings don't work after reboot" [Medium,Confirmed]10:49
brainwashI don't think that we can remap the maximize keybind to the default Xfce one10:50
brainwashespecially for trusty10:50
brainwashand this the problem, the SRU should fix the bug 100%.. or is almost 100% ok too?10:52
ubottubug 100 in Launchpad itself "uploading po file overwrites authors list" [Medium,Fix released] https://launchpad.net/bugs/10010:52
knomepanel switch app, ooh ooh11:02
brainwashochosi: https://code.launchpad.net/~thad-fisch/xubuntu-default-settings/lp1292290/+merge/24684212:08
Unit193astraljava: Wow, welcome back.12:10
astraljavaHello, and thanks. :)12:10
brainwashochosi: oh snap, I guess every commit should also update the debian changelog12:12
brainwashI think that the merger is responsible for the packaging.. mmh12:14
knomeastraljava, hullo :)12:20
astraljavaHowdy! :)12:22
knomequestion: does xubuntu-team need to be subbed to -default-settings?12:24
knomei know it's the owner, but afaik, we could practically also mute the sub mail12:24
brainwashdid you receive a mail which informs you about my MR?12:25
knomeyes12:25
brainwashoh :)12:25
knome-- Your team Xubuntu Team is subscribed to branch lp:xubuntu-default-settings. 12:26
* Unit193 likes.12:26
knomebeing subbed or not being subbed?12:26
knomei mean i don't mind getting those, but isn't it a bit weird that everybody in the team gets those :)12:26
Unit193Getting it, though getting the diff too is nicer.12:26
ochosihey astraljava 12:27
knome(not to say they shouldn't get it, or that we should hide it...)12:27
knomeeverything is available in launchpad anyway12:27
Unit193Meh, if you do remove it, please ping me so I can add myself.12:28
knomei don't think i can, i guess only team admins can12:29
knomewhich is why i'm bringing it up here12:29
knomewhich tasks do we want to promote to http://community.ubuntu.com/contribute/find-a-task/ ?13:03
Unit193QA and translations it seemed like.13:03
knomeoki13:04
elfyand anything that we don't get enough people helping on 13:14
knomewell we could add everything13:14
knomebut let's start poking the ice with a few13:14
knomethen add more as needed13:14
astraljavaHi ochosi!13:15
elfyhey astraljava :)13:15
bluesabrehey astraljava, welcome :)13:16
brainwashbluesabre: hey, should I update the debian changelog file in my MR for xubuntu-default-settings or should the merger do that?13:23
astraljavaHey guys. :)13:43
bluesabrebrainwash: go ahead... if a new release has been tagged but not pushed, (release "UNRELEASED") do "dch -r" (revise), otherwise "dch -i" (increment) to set the new version number13:46
brainwashbluesabre: ok, I will do that for future commits14:49
brainwashbluesabre: want to prepare a new xubu default settings release after the MR? the keybind fix cannot be SRU'd back to utopic and trusty without it landing in vivid15:07
brainwashtrusty also needs a commit which is already included in utopic/vivid15:08
=== slickyma1ter is now known as slickymaster
bluesabrebrainwash: sure, is there anything else needed in vivid default-settings?16:14
brainwashbluesabre: does not look like it. cosmetic changes are not planned, or?16:15
brainwashthe development wallpaper thingy16:16
bluesabrethat's xubuntu-artwork package16:16
brainwashah, so the image path remains the same16:16
bluesabreyup --I'll package these things today16:17
brainwashok, thanks16:17
slickymasterknome, translations definitely re: http://community.ubuntu.com/contribute/find-a-task/16:23
slickymasterbesides QA, I belive that it's one of our major shortcomings16:24
knomeslickymaster, already forwarded19:00
jjfrv8ochosi, did you want me to update the xfpm docs to incorporate the Security tab?21:03
sidiknome, ?21:40
knomesidi, was?21:43
sidi"Set up a firewall" is totally useless for 90% of your users btw21:52
knomei'm aware of that21:53
knomemaybe we should add a note that it isn't usually needed21:53
sidii'll come to that21:54
knome"you should consider setting up a firewall only if you do X"21:54
sidiknome, wanna use a drive, so you can see what im typing and comment in live?21:54
knomeworksforme21:54
sidishared with your @shimmer address21:56
knomewill start monitoring that in a sec21:56
ochosijjfrv8: so far that tab hasn't been merged upstream and bluesabre and me are still discussing whether one of the options will remain there. but when it's finalized it can hopefully be merged upstream and then i guess adding it to the docs would be great!22:08
sidiknome, currently on Xubuntu you can set your password store to use the same password as your login, can't you?22:13
sidii can't remember how that's implemented but it seemed to me to be insecure...22:13
knomeprobably yes22:14
knomei don't use a password store so i wouldn't know though22:14
jjfrv8ochosi, ok, I'll stay tuned.22:14
ochosijjfrv8: thanks for being so attentive!22:15
sidiknome, you'll be responsible for squeezing this btw :p22:17
knomeor jjfrv8 or slickymaster 22:17
sidiknome, i would delete "firewall" altogether22:25
knomesidi, wfm22:25
sidiit only makes sense if you run public-facing services, or if you're not on a NAT22:26
sidi*any* non-tech-savvy home user will be on a NAT22:26
knomewell maybe we can leave a note22:26
sidiexcept maybe in China where they have IPv622:26
knome"if you run public-facing services or are on a NAT, consider setting up a firewall"22:26
sidiknome, the firewall, if not configured, does nothing. Blocking access to services you don't even run is useless. Security issues are in the services, not in the network stack ;p firewalls are useful for rate limiting and packet inspection only, and that isn't what they do without instructions.22:27
sidiSure22:27
knomeof course22:27
sidisuffix with "Understand that firewalls are not very useful in their default settings. You should consider what you want to achieve and configure the firewall accordingly. Firewalls can be useful to protect against denial of service attacks, limit access to a service to specific IP addresses or to inspect and reject suspicious packets. They cannot protect you against unknown or emerging threats, and they do not replace the need to install security upd22:29
sidiates." 22:29
knomedrop that in the doc and i'll take it22:29
sidiyeah sure.22:29
CajunTechieHey folks. What's the right chan for people who want to get involved in testing?22:30
knomeCajunTechie, this, or #ubuntu-quality22:30
CajunTechieThank you knome. :-)22:30
knomesidi, i've went through the passwords stuff now, once you are done, feel free to review if i'm getting the same message across22:33
ochosiCajunTechie: if you need help or anything, always feel free to ask. our testing lead is elfy (who's probably in dreamland now), but others will answer your questions too if they know22:35
CajunTechieThank you ochosi. I actually already have a question: is testing for 15.04 or 15.10 still happening now? And, if so, where can I get the images?22:36
knomeCajunTechie, we're testing 15.04 now22:36
knomeCajunTechie, see the xubuntu product at http://iso.qa.ubuntu.com/qatracker/milestones/326/builds (end of the page)22:36
CajunTechieCool. I'll go check it out now.22:37
knomethat has links to downloads and the testcases, and is the place to report install tests22:37
knomeif you plan to test often, it's recommended to rsync22:37
knome(the first time makes no difference, but subsequential times will be faster)22:37
sidiknome, i'm kinda done with laying down the general ideas22:37
knomegreat!22:38
knome:)22:38
sidinow we can work on formatting, englishing and scoping up/down22:38
knomewell check 1/222:38
knomei think they are pretty good as they are now22:38
knomelet's do comments comments if needed22:38
knomeeg. not change the text22:38
knomeso it's easier to track changes22:38
sidi1, 2.1, 3.1 and 3.2  are the most important things btw22:39
knomewe can do an intro paragraph that mentions that22:39
sidianyone wanting to read/contribute https://docs.google.com/document/d/18sEImteNJVZ7T6o0RR7erJbCpS8dXwHDC0pRpu1K3aI/edit?usp=sharing22:39
sidisure22:39
knomeis ochosi a turtle22:39
ochosii am?22:40
knomedon't know22:40
knomean anonymous turtle is watching the document22:40
ochosiright, that's not me then22:41
ochosiprobably the nsa22:41
sidiknome, 1. doesnt make sense without the names of the vulns I referred to :p22:42
sidihahaha that turtle is hilarious22:42
sididoes it say "anon turtle" in finnish for you knome ?22:42
knomenope22:43
knomei don't even use google in finnish22:43
knomesidi, maybe do the name dropping after the tip though...22:43
sidiknome, hm yeah you're right22:43
sidiknome, can you add a "Consider encryption" in the hygiene part? i'll fill it later :p22:44
knomek22:45
sidihm my browser is freezing. Neat22:46
knomehaha.22:46
knomesecurity breach22:46
knomeochosi, are you the python or the anteater?22:46
sididon't you guys have automated sec updates?22:47
ali1234knome: you can't see which animal you are, but i'm not the anteater so i guess i am the python?22:49
knomei/we should check if a clean install does22:49
knomeali1234, probably :)22:49
ochosibrainwash: good writeup on the recent bugreport-comment22:49
brainwashochosi: the xfpm one?22:50
knomesidi, aren't you repeating?22:50
knomesee under distrivute22:50
knomes/v/b/ too22:50
ochosibrainwash: yup22:50
brainwashochosi: heh, I was about to assign the bug to bluesabre.. but then I realized that I cannot do that :D22:51
sidiknome, distribute?22:51
ochosibrainwash: and i'm not sure you followed the comments in #xfce-dev, but just as i thought we'll have to go with your patch for now. fixing the dbus inhibition is for "another day" and needs to happen upstream in xdg-utils. and i'm not even sure how easy it is to fix22:51
knomesidi, what you are typing exists in the subsection below22:52
brainwashochosi: sounds ok, and it works fine. should it be SRU'd too?22:52
ochosibrainwash: i'll discuss whether that's possible this week22:52
brainwashochosi: ok22:53
ochosibut first i need to get it merged for vivid anyway22:53
AgAuwhat are you thoughts about using something like keepass to store strong passwords?22:53
knomesidi, oh, not really22:53
sidiAgAu, mitigated22:55
sidithey're nice but:22:55
sidi1. you need to use them across all devices, else you end up still having to change passwords22:56
sidifor instance connecting to skype from a friend's computer22:56
sidiand then you have to "re-sync" the password with the newly reset password in your password manager or repeat the cycle22:56
sidi2. i dont store my passwords online on unknown servers via proprietary APIs, no thanks22:56
sidiso yeah, i think they're not an actual solution22:57
AgAuwell it's not a problem for me22:57
sidiif i can have a password manager in my pocket (with a backup at home and maybe another in a digital safe of my choosing) then fine22:57
AgAui carry my database on an encrypted drive22:57
AgAuand i don't use other peoples devices22:57
ali1234yeah, needing access to things from untrusted computers is the big reason why i don't use them22:57
ali1234if someone made a simple and cheap hardware password device i might use it22:58
ali1234and i don't mean like yubikey22:58
sidiali1234, look up the Pico project22:58
sidithere's a group at cambridge working exactly on this22:58
sidiwith strong security properties and a design-centric approach22:58
ali1234remember those casio personal organizers?22:58
sidiour boss does consulting for them :p22:58
AgAukeepass portable works on windows, linux and mac22:58
ali1234http://images.geeksimages.com/imageshare/S/300x300/SF2000-unit.jpg22:58
AgAuand you can easily use the same database file for all 322:59
ali1234i want something like that, with built in crypto and NO way to connect it to a computer without destroying it22:59
sidiAgAu, the problem is, who the hell is KeePass and what government do they respond to?22:59
AgAuits opensource23:00
ali1234pico looks like exactly what idon't want... it interfaces with the computer, like yubikey23:00
sidiali1234, it has a concept of sibling tokens23:01
sidiusing RFC23:01
sidiit can tell whether it's close to you or not23:01
ali1234yeah, no23:01
sidiyou have embedded siblings in your clothes/belt/shoes, etc. and if they're absent, it's locked23:02
ali1234i want a thing that stores encrypted passwords in flash, decrypts them when i enter the passphrase, and displays the password on a small screen for me to transcribe23:02
ali1234it shouldn't be hard to do, those casio things were £20 20 years ago23:03
AgAuwhat happens if your yubi key beraks23:03
AgAubreaks*23:03
AgAuor you lose it 23:04
sidiali1234, transcribe, uuugh23:04
sidithose devices exist23:04
sidipeople hate them23:04
ali1234i'm not people23:04
sidicant reliably type a password above 6 characters23:04
sidiali1234, careful we get asked to evaluate really bad technology on a regular basis, i could add you to our participant pool :p23:04
ali1234i'm not saying everyone should use it23:04
CajunTechieOne more question: I'm going through the steps on the team page and they say to add yourself to the WhoWeAre and the Hardware pages. But the pages won't let me edit them. Do I need to submit my info somewhere?23:10
knomeCajunTechie, do you have a launchpad account?23:10
CajunTechieknome: I do and it says I am logged in23:11
knomeCajunTechie, try hard refreshing the page23:11
brainwashochosi: ah great, now I've reread the xfpm comment with the different test cases and it feels like I've missed something. with logind=false and action=lock, why does the system suspend? logind should be inhibited and xfpm should only lock, not suspend.. now this is getting way too confusing23:11
CajunTechieknome: Nope. It shows me as logged in but no edit button23:12
ochosibrainwash: too many options in too many places, it's really difficult to keep an overview of everything in place23:12
ochosibrainwash: but sounds like the inhibition wasn't successful or the logic of xfpm wasn't inverted yet hence logind was actually taking over23:13
brainwashochosi: once you think that you know what's going on.. you discover something new :)23:13
brainwashochosi: right, I will have to check the code again23:13
knomeCajunTechie, you can skip that for now23:14
CajunTechieknome: Great! So I can just get started testing and submitting bugs?23:14
knomeCajunTechie, absolutely23:15
CajunTechieVery cool23:15
sidiknome, i think we could upstream this document to Xfce docs btw23:15
knomesidi, i guess so, if they had a sensible place to put it to23:15
knomesidi, or if you are interested enough, register a domain and create a one-place-for-all site23:15
sidiknome, for security advice or for xfce docs? ;P23:17
knomesecurity advice23:17
sidiknome im running student projects every year on how to quantify and prioritise the known good security practice23:17
sidito produce concise and "impactful" documents to share with the general public23:17
knomeheh23:17
sidilast year's batch was disappointing23:18
knomethen for that23:18
knomeawwh23:18
sidibut yeah23:18
sidiwhen we have the evidence to back up claims23:18
sidiwe'll release documents23:18
knome;)23:18
sidithat's one of my secret phd goals :p23:18
knomeheh23:18
sidiknome, hmmm we should mention password managers23:20
knomego ahead23:20
knomesidi, i'm not sure of the xkcd comic, but thanks for the thought.23:21
sidi(FTR we use the word "security hygiene" to build a mental model of security practice as a repeated habit, that doesn't have to be blindly followed but that should be trained as a set of best-effort reflexes which have a generally desirable outcome)23:22
knomeaha23:22
sidi(security should be treated as hygiene rather than dogma or impossible tasks, the choice of word is very conscientious :p)23:22
knomepassword managers and firewall could go into a separate section near the end23:23
knomefwiw, we can't do docbook interlinks that have the different link name than the actual section name23:25
knomeat least easily23:25
sidiknome, i didnt get that :p23:25
sidimanagers should go with passwords though, methinks23:25
knomefine23:26
sidiknome, you removed a part at the end of "When to change your password", didnt you?23:37
sidii had posted something about not ignoring password alerts.23:37
sidioh its below23:37
knome:P23:37
sidiok, save for the Encryption and Password Manager bits, this is written!23:51
knomegreat23:53
knomewhen do you plan on doing that?23:53
knomei'd rather convert the whole stuff to docbook at once23:53
=== brainwash_ is now known as brainwash

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!