[00:02] <ochosi> bluesabre: you didn't push any of your catfish changes yet, right?
[00:03] <bluesabre> nope
[00:03] <ali1234> i have 140 zombie pidgins :(
[00:03] <bluesabre> ochosi: saw that xubuntu-artwork was updated, will push that probably tonight
[00:04] <ochosi> bluesabre: i originally wanted to wait until gnome had added his in-development wallpaper, but yeah, i'd say go ahead. that way we'll discover more missing icons etc
[00:04] <knome> :P
[00:12] <bluesabre> alright
[00:12] <bluesabre> thanks a lot gnome!
[00:12] <bluesabre> s/g/k
[00:13] <knome> hah.
[00:13] <knome> gee
[00:13] <knome> i'm off to bed
[00:13] <knome> nighty
[00:15] <bluesabre> nighty knome, have fun
[00:16] <Unit193> ali1234: Wow!  Lock your doors, bar your windows!
[00:16] <Unit193> ochosi: And dang.
[00:30] <ochosi> brainwash: that MR looks a bit messy with the .pc folder, we'll see what potential uploaders will say
[09:22] <yanpas> Hello everybody! I want to report a bug, but it doesn't refer to any package. I may explain it here
[09:22] <elfy> you can try 
[09:24] <elfy> ali1234: for what it's worth I reported mine 
[09:26] <yanpas> Autostart application start too early, so they have problems with gtk theme, fonts or even doesn't work. I use autologin option
[09:26] <yanpas> applications*
[09:48] <yanpas> will try to report it to xfce-session. Maybe I will be redirected.
[10:34] <brainwash> ochosi: ok. but will someone look at it? I will have to ping a "potential" uploader, right?
[10:42] <ochosi> brainwash: no, i'll take care of that part
[10:42] <ochosi> (in case you're referring to your xdg-utils patch)
[10:43] <brainwash> ochosi: yes, thanks
[10:44] <ochosi> no problem
[10:45] <ochosi> i'll just have to see what sort of feedback i get about that .pc dir
[10:45] <ochosi> i hope they'll clean up the package a bit
[10:46] <Unit193> Only thing I can think of, micahg commented once that he dislikes making reviews with that, but didn't imply it was actually against general guidelines.
[10:46] <ochosi> hm ok
[10:46] <ochosi> yeah, it makes the diff a bit messy
[10:46] <Unit193> ^
[10:47] <ochosi> anyway, will see what u-desktop folks say..
[10:49] <brainwash> I'm trying to patch our xubuntu keybind file in trusty (rename Control to Primary). this will fix the bug almost, only leaving the maximize keybind in a broken state
[10:49] <brainwash> https://bugs.launchpad.net/ubuntu/+source/xfce4-settings/+bug/1292290/comments/31
[10:49] <ubottu> Launchpad bug 1292290 in xfce4-settings "Window manager keybindings don't work after reboot" [Medium,Confirmed]
[10:50] <brainwash> I don't think that we can remap the maximize keybind to the default Xfce one
[10:50] <brainwash> especially for trusty
[10:52] <brainwash> and this the problem, the SRU should fix the bug 100%.. or is almost 100% ok too?
[10:52] <ubottu> bug 100 in Launchpad itself "uploading po file overwrites authors list" [Medium,Fix released] https://launchpad.net/bugs/100
[11:02] <knome> panel switch app, ooh ooh
[12:08] <brainwash> ochosi: https://code.launchpad.net/~thad-fisch/xubuntu-default-settings/lp1292290/+merge/246842
[12:10] <Unit193> astraljava: Wow, welcome back.
[12:10] <astraljava> Hello, and thanks. :)
[12:12] <brainwash> ochosi: oh snap, I guess every commit should also update the debian changelog
[12:14] <brainwash> I think that the merger is responsible for the packaging.. mmh
[12:20] <knome> astraljava, hullo :)
[12:22] <astraljava> Howdy! :)
[12:24] <knome> question: does xubuntu-team need to be subbed to -default-settings?
[12:24] <knome> i know it's the owner, but afaik, we could practically also mute the sub mail
[12:25] <brainwash> did you receive a mail which informs you about my MR?
[12:25] <knome> yes
[12:25] <brainwash> oh :)
[12:26] <knome> -- Your team Xubuntu Team is subscribed to branch lp:xubuntu-default-settings. 
[12:26]  * Unit193 likes.
[12:26] <knome> being subbed or not being subbed?
[12:26] <knome> i mean i don't mind getting those, but isn't it a bit weird that everybody in the team gets those :)
[12:26] <Unit193> Getting it, though getting the diff too is nicer.
[12:27] <ochosi> hey astraljava 
[12:27] <knome> (not to say they shouldn't get it, or that we should hide it...)
[12:27] <knome> everything is available in launchpad anyway
[12:28] <Unit193> Meh, if you do remove it, please ping me so I can add myself.
[12:29] <knome> i don't think i can, i guess only team admins can
[12:29] <knome> which is why i'm bringing it up here
[13:03] <knome> which tasks do we want to promote to http://community.ubuntu.com/contribute/find-a-task/ ?
[13:03] <Unit193> QA and translations it seemed like.
[13:04] <knome> oki
[13:14] <elfy> and anything that we don't get enough people helping on 
[13:14] <knome> well we could add everything
[13:14] <knome> but let's start poking the ice with a few
[13:14] <knome> then add more as needed
[13:15] <astraljava> Hi ochosi!
[13:15] <elfy> hey astraljava :)
[13:16] <bluesabre> hey astraljava, welcome :)
[13:23] <brainwash> bluesabre: hey, should I update the debian changelog file in my MR for xubuntu-default-settings or should the merger do that?
[13:43] <astraljava> Hey guys. :)
[13:46] <bluesabre> brainwash: go ahead... if a new release has been tagged but not pushed, (release "UNRELEASED") do "dch -r" (revise), otherwise "dch -i" (increment) to set the new version number
[14:49] <brainwash> bluesabre: ok, I will do that for future commits
[15:07] <brainwash> bluesabre: want to prepare a new xubu default settings release after the MR? the keybind fix cannot be SRU'd back to utopic and trusty without it landing in vivid
[15:08] <brainwash> trusty also needs a commit which is already included in utopic/vivid
=== slickyma1ter is now known as slickymaster
[16:14] <bluesabre> brainwash: sure, is there anything else needed in vivid default-settings?
[16:15] <brainwash> bluesabre: does not look like it. cosmetic changes are not planned, or?
[16:16] <brainwash> the development wallpaper thingy
[16:16] <bluesabre> that's xubuntu-artwork package
[16:16] <brainwash> ah, so the image path remains the same
[16:17] <bluesabre> yup --I'll package these things today
[16:17] <brainwash> ok, thanks
[16:23] <slickymaster> knome, translations definitely re: http://community.ubuntu.com/contribute/find-a-task/
[16:24] <slickymaster> besides QA, I belive that it's one of our major shortcomings
[19:00] <knome> slickymaster, already forwarded
[21:03] <jjfrv8> ochosi, did you want me to update the xfpm docs to incorporate the Security tab?
[21:40] <sidi> knome, ?
[21:43] <knome> sidi, was?
[21:52] <sidi> "Set up a firewall" is totally useless for 90% of your users btw
[21:53] <knome> i'm aware of that
[21:53] <knome> maybe we should add a note that it isn't usually needed
[21:54] <sidi> i'll come to that
[21:54] <knome> "you should consider setting up a firewall only if you do X"
[21:54] <sidi> knome, wanna use a drive, so you can see what im typing and comment in live?
[21:54] <knome> worksforme
[21:56] <sidi> shared with your @shimmer address
[21:56] <knome> will start monitoring that in a sec
[22:08] <ochosi> jjfrv8: so far that tab hasn't been merged upstream and bluesabre and me are still discussing whether one of the options will remain there. but when it's finalized it can hopefully be merged upstream and then i guess adding it to the docs would be great!
[22:13] <sidi> knome, currently on Xubuntu you can set your password store to use the same password as your login, can't you?
[22:13] <sidi> i can't remember how that's implemented but it seemed to me to be insecure...
[22:14] <knome> probably yes
[22:14] <knome> i don't use a password store so i wouldn't know though
[22:14] <jjfrv8> ochosi, ok, I'll stay tuned.
[22:15] <ochosi> jjfrv8: thanks for being so attentive!
[22:17] <sidi> knome, you'll be responsible for squeezing this btw :p
[22:17] <knome> or jjfrv8 or slickymaster 
[22:25] <sidi> knome, i would delete "firewall" altogether
[22:25] <knome> sidi, wfm
[22:26] <sidi> it only makes sense if you run public-facing services, or if you're not on a NAT
[22:26] <sidi> *any* non-tech-savvy home user will be on a NAT
[22:26] <knome> well maybe we can leave a note
[22:26] <sidi> except maybe in China where they have IPv6
[22:26] <knome> "if you run public-facing services or are on a NAT, consider setting up a firewall"
[22:27] <sidi> knome, the firewall, if not configured, does nothing. Blocking access to services you don't even run is useless. Security issues are in the services, not in the network stack ;p firewalls are useful for rate limiting and packet inspection only, and that isn't what they do without instructions.
[22:27] <sidi> Sure
[22:27] <knome> of course
[22:29] <sidi> suffix with "Understand that firewalls are not very useful in their default settings. You should consider what you want to achieve and configure the firewall accordingly. Firewalls can be useful to protect against denial of service attacks, limit access to a service to specific IP addresses or to inspect and reject suspicious packets. They cannot protect you against unknown or emerging threats, and they do not replace the need to install security upd
[22:29] <sidi> ates." 
[22:29] <knome> drop that in the doc and i'll take it
[22:29] <sidi> yeah sure.
[22:30] <CajunTechie> Hey folks. What's the right chan for people who want to get involved in testing?
[22:30] <knome> CajunTechie, this, or #ubuntu-quality
[22:30] <CajunTechie> Thank you knome. :-)
[22:33] <knome> sidi, i've went through the passwords stuff now, once you are done, feel free to review if i'm getting the same message across
[22:35] <ochosi> CajunTechie: if you need help or anything, always feel free to ask. our testing lead is elfy (who's probably in dreamland now), but others will answer your questions too if they know
[22:36] <CajunTechie> Thank you ochosi. I actually already have a question: is testing for 15.04 or 15.10 still happening now? And, if so, where can I get the images?
[22:36] <knome> CajunTechie, we're testing 15.04 now
[22:36] <knome> CajunTechie, see the xubuntu product at http://iso.qa.ubuntu.com/qatracker/milestones/326/builds (end of the page)
[22:37] <CajunTechie> Cool. I'll go check it out now.
[22:37] <knome> that has links to downloads and the testcases, and is the place to report install tests
[22:37] <knome> if you plan to test often, it's recommended to rsync
[22:37] <knome> (the first time makes no difference, but subsequential times will be faster)
[22:37] <sidi> knome, i'm kinda done with laying down the general ideas
[22:38] <knome> great!
[22:38] <knome> :)
[22:38] <sidi> now we can work on formatting, englishing and scoping up/down
[22:38] <knome> well check 1/2
[22:38] <knome> i think they are pretty good as they are now
[22:38] <knome> let's do comments comments if needed
[22:38] <knome> eg. not change the text
[22:38] <knome> so it's easier to track changes
[22:39] <sidi> 1, 2.1, 3.1 and 3.2  are the most important things btw
[22:39] <knome> we can do an intro paragraph that mentions that
[22:39] <sidi> anyone wanting to read/contribute https://docs.google.com/document/d/18sEImteNJVZ7T6o0RR7erJbCpS8dXwHDC0pRpu1K3aI/edit?usp=sharing
[22:39] <sidi> sure
[22:39] <knome> is ochosi a turtle
[22:40] <ochosi> i am?
[22:40] <knome> don't know
[22:40] <knome> an anonymous turtle is watching the document
[22:41] <ochosi> right, that's not me then
[22:41] <ochosi> probably the nsa
[22:42] <sidi> knome, 1. doesnt make sense without the names of the vulns I referred to :p
[22:42] <sidi> hahaha that turtle is hilarious
[22:42] <sidi> does it say "anon turtle" in finnish for you knome ?
[22:43] <knome> nope
[22:43] <knome> i don't even use google in finnish
[22:43] <knome> sidi, maybe do the name dropping after the tip though...
[22:43] <sidi> knome, hm yeah you're right
[22:44] <sidi> knome, can you add a "Consider encryption" in the hygiene part? i'll fill it later :p
[22:45] <knome> k
[22:46] <sidi> hm my browser is freezing. Neat
[22:46] <knome> haha.
[22:46] <knome> security breach
[22:46] <knome> ochosi, are you the python or the anteater?
[22:47] <sidi> don't you guys have automated sec updates?
[22:49] <ali1234> knome: you can't see which animal you are, but i'm not the anteater so i guess i am the python?
[22:49] <knome> i/we should check if a clean install does
[22:49] <knome> ali1234, probably :)
[22:49] <ochosi> brainwash: good writeup on the recent bugreport-comment
[22:50] <brainwash> ochosi: the xfpm one?
[22:50] <knome> sidi, aren't you repeating?
[22:50] <knome> see under distrivute
[22:50] <knome> s/v/b/ too
[22:50] <ochosi> brainwash: yup
[22:51] <brainwash> ochosi: heh, I was about to assign the bug to bluesabre.. but then I realized that I cannot do that :D
[22:51] <sidi> knome, distribute?
[22:51] <ochosi> brainwash: and i'm not sure you followed the comments in #xfce-dev, but just as i thought we'll have to go with your patch for now. fixing the dbus inhibition is for "another day" and needs to happen upstream in xdg-utils. and i'm not even sure how easy it is to fix
[22:52] <knome> sidi, what you are typing exists in the subsection below
[22:52] <brainwash> ochosi: sounds ok, and it works fine. should it be SRU'd too?
[22:52] <ochosi> brainwash: i'll discuss whether that's possible this week
[22:53] <brainwash> ochosi: ok
[22:53] <ochosi> but first i need to get it merged for vivid anyway
[22:53] <AgAu> what are you thoughts about using something like keepass to store strong passwords?
[22:53] <knome> sidi, oh, not really
[22:55] <sidi> AgAu, mitigated
[22:55] <sidi> they're nice but:
[22:56] <sidi> 1. you need to use them across all devices, else you end up still having to change passwords
[22:56] <sidi> for instance connecting to skype from a friend's computer
[22:56] <sidi> and then you have to "re-sync" the password with the newly reset password in your password manager or repeat the cycle
[22:56] <sidi> 2. i dont store my passwords online on unknown servers via proprietary APIs, no thanks
[22:57] <sidi> so yeah, i think they're not an actual solution
[22:57] <AgAu> well it's not a problem for me
[22:57] <sidi> if i can have a password manager in my pocket (with a backup at home and maybe another in a digital safe of my choosing) then fine
[22:57] <AgAu> i carry my database on an encrypted drive
[22:57] <AgAu> and i don't use other peoples devices
[22:57] <ali1234> yeah, needing access to things from untrusted computers is the big reason why i don't use them
[22:58] <ali1234> if someone made a simple and cheap hardware password device i might use it
[22:58] <ali1234> and i don't mean like yubikey
[22:58] <sidi> ali1234, look up the Pico project
[22:58] <sidi> there's a group at cambridge working exactly on this
[22:58] <sidi> with strong security properties and a design-centric approach
[22:58] <ali1234> remember those casio personal organizers?
[22:58] <sidi> our boss does consulting for them :p
[22:58] <AgAu> keepass portable works on windows, linux and mac
[22:58] <ali1234> http://images.geeksimages.com/imageshare/S/300x300/SF2000-unit.jpg
[22:59] <AgAu> and you can easily use the same database file for all 3
[22:59] <ali1234> i want something like that, with built in crypto and NO way to connect it to a computer without destroying it
[22:59] <sidi> AgAu, the problem is, who the hell is KeePass and what government do they respond to?
[23:00] <AgAu> its opensource
[23:00] <ali1234> pico looks like exactly what idon't want... it interfaces with the computer, like yubikey
[23:01] <sidi> ali1234, it has a concept of sibling tokens
[23:01] <sidi> using RFC
[23:01] <sidi> it can tell whether it's close to you or not
[23:01] <ali1234> yeah, no
[23:02] <sidi> you have embedded siblings in your clothes/belt/shoes, etc. and if they're absent, it's locked
[23:02] <ali1234> i want a thing that stores encrypted passwords in flash, decrypts them when i enter the passphrase, and displays the password on a small screen for me to transcribe
[23:03] <ali1234> it shouldn't be hard to do, those casio things were £20 20 years ago
[23:03] <AgAu> what happens if your yubi key beraks
[23:03] <AgAu> breaks*
[23:04] <AgAu> or you lose it 
[23:04] <sidi> ali1234, transcribe, uuugh
[23:04] <sidi> those devices exist
[23:04] <sidi> people hate them
[23:04] <ali1234> i'm not people
[23:04] <sidi> cant reliably type a password above 6 characters
[23:04] <sidi> ali1234, careful we get asked to evaluate really bad technology on a regular basis, i could add you to our participant pool :p
[23:04] <ali1234> i'm not saying everyone should use it
[23:10] <CajunTechie> One more question: I'm going through the steps on the team page and they say to add yourself to the WhoWeAre and the Hardware pages. But the pages won't let me edit them. Do I need to submit my info somewhere?
[23:10] <knome> CajunTechie, do you have a launchpad account?
[23:11] <CajunTechie> knome: I do and it says I am logged in
[23:11] <knome> CajunTechie, try hard refreshing the page
[23:11] <brainwash> ochosi: ah great, now I've reread the xfpm comment with the different test cases and it feels like I've missed something. with logind=false and action=lock, why does the system suspend? logind should be inhibited and xfpm should only lock, not suspend.. now this is getting way too confusing
[23:12] <CajunTechie> knome: Nope. It shows me as logged in but no edit button
[23:12] <ochosi> brainwash: too many options in too many places, it's really difficult to keep an overview of everything in place
[23:13] <ochosi> brainwash: but sounds like the inhibition wasn't successful or the logic of xfpm wasn't inverted yet hence logind was actually taking over
[23:13] <brainwash> ochosi: once you think that you know what's going on.. you discover something new :)
[23:13] <brainwash> ochosi: right, I will have to check the code again
[23:14] <knome> CajunTechie, you can skip that for now
[23:14] <CajunTechie> knome: Great! So I can just get started testing and submitting bugs?
[23:15] <knome> CajunTechie, absolutely
[23:15] <CajunTechie> Very cool
[23:15] <sidi> knome, i think we could upstream this document to Xfce docs btw
[23:15] <knome> sidi, i guess so, if they had a sensible place to put it to
[23:15] <knome> sidi, or if you are interested enough, register a domain and create a one-place-for-all site
[23:17] <sidi> knome, for security advice or for xfce docs? ;P
[23:17] <knome> security advice
[23:17] <sidi> knome im running student projects every year on how to quantify and prioritise the known good security practice
[23:17] <sidi> to produce concise and "impactful" documents to share with the general public
[23:17] <knome> heh
[23:18] <sidi> last year's batch was disappointing
[23:18] <knome> then for that
[23:18] <knome> awwh
[23:18] <sidi> but yeah
[23:18] <sidi> when we have the evidence to back up claims
[23:18] <sidi> we'll release documents
[23:18] <knome> ;)
[23:18] <sidi> that's one of my secret phd goals :p
[23:18] <knome> heh
[23:20] <sidi> knome, hmmm we should mention password managers
[23:20] <knome> go ahead
[23:21] <knome> sidi, i'm not sure of the xkcd comic, but thanks for the thought.
[23:22] <sidi> (FTR we use the word "security hygiene" to build a mental model of security practice as a repeated habit, that doesn't have to be blindly followed but that should be trained as a set of best-effort reflexes which have a generally desirable outcome)
[23:22] <knome> aha
[23:22] <sidi> (security should be treated as hygiene rather than dogma or impossible tasks, the choice of word is very conscientious :p)
[23:23] <knome> password managers and firewall could go into a separate section near the end
[23:25] <knome> fwiw, we can't do docbook interlinks that have the different link name than the actual section name
[23:25] <knome> at least easily
[23:25] <sidi> knome, i didnt get that :p
[23:25] <sidi> managers should go with passwords though, methinks
[23:26] <knome> fine
[23:37] <sidi> knome, you removed a part at the end of "When to change your password", didnt you?
[23:37] <sidi> i had posted something about not ignoring password alerts.
[23:37] <sidi> oh its below
[23:37] <knome> :P
[23:51] <sidi> ok, save for the Encryption and Password Manager bits, this is written!
[23:53] <knome> great
[23:53] <knome> when do you plan on doing that?
[23:53] <knome> i'd rather convert the whole stuff to docbook at once
=== brainwash_ is now known as brainwash