[00:02] well [00:02] now would be good [00:02] gf has arrived though [00:02] heh [00:07] well, ping me once you've done that [00:08] knome, i templated encryption, i'll let you fill the blanks with the *buntu specifics [00:08] also added a Dropbox mention in the backup, advising encryption prior to uploading [00:10] mhm [00:10] this document is very welcome [00:10] i will add your name to the doc contributors list [00:10] hooray [00:14] knome, done. [00:14] knome, feel free to mention UCL Information Security ;p [00:15] sidi, let's see [00:15] what else do i owe you? :P [00:15] nothing mate :p [00:16] you come here and i'll buy you a beer or two [00:17] haha sure [07:08] < darkxst> apw, what is the status of bug 1410480? this completely breaks installing via ubiquity on Ubuntu GNOME and probably most other flavours || < ~pitti> yes, it's not flavor specific, happens for ubuntu as well [07:09] bug 1410480 in linux (Ubuntu) "overlayfs v1: renaming existing file uses chardev whiteout (should be symlink)" [High,In progress] https://launchpad.net/bugs/1410480 [07:09] Heads up. [07:22] mm, good to know [08:11] brainwash: your patch should be moved along shortly, then we can prep the SRU paperwork. seb128 said it's SRU-worthy [10:18] sidi, knome, thanks for https://docs.google.com/document/d/18sEImteNJVZ7T6o0RR7erJbCpS8dXwHDC0pRpu1K3aI/edit#heading=h.zafoylvno00b [10:18] it's a fabulous work [10:18] slickymaster, erm you're welcome :p [10:19] not sure also about the xkcd comic [10:20] I don't think it would land particularly well in the all -docs layout [10:21] but other than than it's really a fabulous piece of work [10:21] s/than than/than that [10:25] like knome, I also owe you a couple of beers, so if you ever come down south I'll be more than glad to do it ;) [10:28] ochosi: that's good news [10:29] yup [10:29] not totally unexpected, but still good :) [10:29] btw, we shouldn't select a reviewer directly when filing a MR [10:30] cause then ubuntu-branches gets removed and nobody else sees it, i.e. it drops off the radar [10:30] ah ok [10:30] had to figure that out when passing along the MR today [10:30] so just for the future, to keep that in mind, always add reviewers after filing the MR on top of the default [10:47] knome, are you working on a MP based on sidi's paper or do you want me to do it? [10:57] slickymaster, south of US? too far for beer :P [10:58] slickymaster, it's up to you two now to decide how to turn this into a Xub doc. [11:05] sidi, south like in Iberian peninsula ;) [11:05] specifically the western country in europe [11:07] slickymaster, spanish or portuguese or catalan? ;P [11:07] portuguese :) [11:07] we're western than them [11:27] ochosi: https://www.debian.org/security/2015/dsa-3131 [11:32] so there will be another patch before the -screensaver one [11:33] or both patches will be shipped at the same time [12:30] slickymasterWork, yep, i guess so ;) [12:30] lol knome, and that means .... [12:31] that i'll do it and ask for your help if needed :P [12:31] the thing is, there are still things that aren't ready [12:31] ok, I'm here to help you know [12:31] for example, do we have unattended upgrades enabled on a new install? [12:31] if not, how to turn them on? [12:32] I'd say that in two out of three times people will face unattended upgrades, afeter a new install [12:33] * after [12:33] why 2/3 ? [12:33] unless they're installing in the immediate hour after the releases [12:33] heh [12:33] well can somebody double-check that? [12:34] I can perform a few tests on that, but either Unit193 or bluesabre could cast some technical light on that issue [12:35] https://help.ubuntu.com/community/AutomaticSecurityUpdates [12:35] i guess we only need to see if we have a file in apt.conf.d [12:36] I'll boot a VM after lunch to see if I can check that [12:36] sure [12:54] bluesabre: thanks for the xubu default settings upload [12:55] has anybody used any of the password managers in the repository? [12:59] bluesabre: do you feel like SRU'ing the updated keyboard shortcuts file to utopic and trusty? utopic only needs the 1 line fix, trusty needs http://bazaar.launchpad.net/~xubuntu-dev/xubuntu-default-settings/trunk/revision/482 on top of that [13:00] it would be great if you could fix this for 14.04.2, so new users who download this release won't be affected by the bug [13:01] knome slickymasterWork - http://pastebin.ubuntu.com/9784842/ our /etc/apt/apt.conf.d/50unattended-upgrades [13:01] mhm [13:01] so we have that enabled [13:02] thanks [13:02] not having it enabled would be kinda strange [13:13] elfy, are you still on a new installation? [13:14] newish knome [13:14] ok [13:14] can you check what the "updates" tab in software & upgrades say [13:14] I can - but ... [13:14] mostly interested in the three first dropdowns [13:14] but what? :D [13:14] I'll boot vm [13:15] the updates tab might be all over the place here :D [13:15] huhu [13:15] probably not though;) [13:15] and this is for the V docs anyway [13:15] so should be the situation in V [13:15] but - nvm - a clean install in that tab has all EXCEPT proposed enabled [13:15] so what about the dropdowns? [13:15] what are the values? [13:16] oh - hang on [13:16] half asleep [13:17] hehe [13:17] me too [13:17] always a good mood to write security documentation in! [13:18] http://www.zimagez.com/zimage/screenshot-190115-131753.php [13:18] ok, i think i've mostly converted sidi's stuff to digestable text [13:18] any others while the vm's running? [13:18] hmm, display immediately [13:18] not download and install automatically [13:18] ochosi, bluesabre, Unit193: want to investigate that? [13:19] elfy, not at this time, thanks :) [13:19] ok :) [13:19] or is that like so only because it's beta stage [13:19] i'll run a trusty install or sth later today [13:19] hang on - I'll boot the trusty one [13:19] oh, ok ;) [13:20] knome, let me know when it's online ;P [13:21] knome: display immediately in the one with pink highlights [13:21] which I think was the last one ... [13:21] sidi, probably takes time, it'll need to go to the branch first, then zyl needs to push it online [13:21] and we'll probably not do that until release [13:21] sidi, do you need it for something? [13:22] i mean i can push a copy of that somewhere if you want to show it around [13:22] i dont need it now nope [13:22] ok [13:23] then expect it around april [13:23] okay ;p [13:23] i can also poke you when it's on the branch [13:23] so you can get it yourself! [13:24] elfy: xnox did a recent update to that part, but afaik he only dropped the extra repo [13:24] no idea what's supposed to be ticked exactly and what not [13:24] (i presume the first two) [13:24] ochosi, i was thinking that whether the unattended security updates should be on... [13:24] not which repositories are ticked [13:25] I saw talk on extras - but that's in Other Software - not Updates [13:34] knome: right, misinterpreted that maybe in the backlog [13:34] didnt read too closely i guess [13:34] elfy: btw, what you could check in the next update to xubuntu-artwork that bluesabre pushed/s today is whether that bluetooth icon is monochrome again [13:34] it's one of the things i fixed [13:52] ochosi: well it is monochrome here after update and restarting panel and turning bluetooth on [13:52] but if it changes color during use - no way of checking that [13:53] it was only !monochrome in the "normal" state [13:53] inactive and paired state worked [13:54] http://en.zimagez.com/full/6e676846acce0827817defaa1cf6b75464fa83b2bc94d3596924c0fb25bf0a9db891b39655ffc10a8a913820beaf444de21558616cb0271a.php [13:54] good lord - that's a long url [13:55] in the shortish ;) [13:55] what's that banana bumerang [13:55] or is it an orange slice [13:55] bananamoon [13:55] clemetine [13:55] clementine [13:56] oh that - yea clementine [13:56] elfy: yeah that's the inactive state [13:56] ochosi: so - no way for me to check the other states [13:57] you can't activate bluetooth? [13:57] you just need to click the item and then > "turn bluetooth on" [13:58] ochosi: what does it mean if there's a bug report with "Theme parsing error: gtk.css:81" but gtk.css doesn't even have 81 lines? [13:59] it shouldn't, but maybe it's continuing with the line-count in one of the included files [14:00] hmm [14:01] i think this might just be user error [14:01] possible, what app throws it with what theme in what version of gtk3? [14:02] all of them with orion in utopic, apparently [14:02] an lots of other errors that don't seem to match up with anything in the css [14:02] i think user might have an old version installed in their home directory [14:02] yeah, that's quite possible [14:02] many of the bugreports i got for gtk3 had wrong theme versions installed [14:02] i get that all the time [14:03] going to install utopic in a vm to test [14:03] thanks for the hints [14:03] ochosi: clicking it - it changes to 'white' but I don't have any access to any bluetooth other than that [14:03] ali1234: either way, fixing this level of bug in utopic is likely not a priority [14:04] elfy: that's perfect, and all i wanted to hear. in your previous screenshot from the VM (if you remember) it was on a blue bg, and that should now be gone [14:04] nope - not remembering that :) [14:04] but - glad your happy :) [14:04] let me remind you then: http://www.zimagez.com/zimage/screenshot-190115-131753.php [14:05] see how blue that is? [14:05] oh right - yea [14:05] didn't even look at that vm - was just seeing what knome wanted :D [14:05] and 'this' machine has bluetooth off [14:06] ;) [14:10] ochosi: it seems like xfpm + light-locker triggers suspend out of nowhere (according to the latest comment in bug 1307545) [14:10] bug 1307545 in xfce4-power-manager (Ubuntu) "Power Manager settings are ignored when closing laptop lid" [Medium,Confirmed] https://launchpad.net/bugs/1307545 [14:11] i read that, but i'm pretty sure that signal isn't coming from light-locker [14:12] it doesn't send suspend signals, it only listens to those [14:12] and about the power manager i'm not sure either, might be something else [14:15] ochosi: so, xfpm -> light-locker > vt switch > logind takes control in vt8 > suspend is triggered > screen is locked twice in vt7 > blank screen bug? [14:16] not sure about the "screen is locked twice" part though [14:19] ochosi: I hope you understand this reaction chain :) [14:21] the solution seems to be to always late lock the screen [14:22] even when screen lock is triggered via light-locker-command [14:22] was that the thing that always worked? [14:22] not sure that locking twice is really happening or really the source of the problem [14:23] that thing? [14:23] the setting (late locking) [14:25] I don't know, the dbus activation uses 2 steps, first lock the screen in vt7 and on resume switch to vt8 [14:25] similar to late locking [14:25] and it never caused trouble I think [14:26] but xflock4 -> light-locker-command will instantly switch to vt8 [14:27] so yeah, we could try to patch xflock to send a dbus command :} [14:27] err, dbus signal [14:28] is there one? currently light-locker listens to the suspend and resume signal from logind [14:29] i was actually kidding [14:29] i guess xfpm would have to be more intelligent about light-locker [14:30] yes, but light-locker is limited too, you cannot enable late locking on the fly [14:31] late locking aka "lock screen in vt7" > "suspend" > "resume" > "switch to vt8" [14:32] without loignd [14:32] maybe ask cavalier about this [14:33] also, the elementary os team might encounter something similar [14:38] http://bazaar.launchpad.net/~ubuntu-core-doc/xubuntu-docs/vivid/revision/281 [14:38] sidi, slickymasterWork, ochosi, elfy ^ [14:39] lol - scared him away then === qwebirc511327 is now known as slickymasterWork [14:39] yep [14:39] already pushed knome? [14:39] yes [14:39] why firewall? [14:40] elfy, read teh section :D [14:40] Use common sense when working in the web - should that no be on rather than in [14:40] or are we spiders from mars ? [14:40] elfy, that's the removed chapter ;) [14:40] green are additions [14:40] oh yea [14:40] I hate these things :| [14:40] heh [14:41] just get the latest branch version then and run make [14:41] ;) [14:41] or see https://docs.google.com/document/d/18sEImteNJVZ7T6o0RR7erJbCpS8dXwHDC0pRpu1K3aI/edit?usp=sharing [14:41] that's betterer [14:41] elfy, you're a platypus [14:42] yep [14:42] poisonous [14:42] heh [14:42] no, just anonymous, regarding google [14:42] oic [14:43] mmm [14:43] so missing words? [14:46] where? [14:46] exactly !!! [14:46] what [14:46] how did you guess :p [14:46] . [14:46] :P [14:46] Use common sense when working in the web [14:46] wha? [14:47] oh bah [14:47] silly [14:47] :) [14:47] attackers can damage your reputation and websites nobody [14:47] where between websites and nobody :) [14:48] that whole sentence [14:48] i had to read it about five times to even understand it [14:49] ok knome, I'll have a read to your rev later on at home [14:50] i think in that section it's worth mentioning that the website owner might be able to see your password, not just attackers. and the website may even have been set up to steal passwords [14:54] you can refer to the security expert sidi [14:55] i added a comment on the doc [14:55] if you do changes in the doc, mark them with comments so i'll catch the changes [15:08] read it - makes sense to me [15:17] Is there a buggy bug in the doc? [15:17] blame it on knome. [15:17] ali1234, we could talk about phishing indeed [15:17] it's good to know though that the odds are against us [15:17] essentially phishing is uncommon/unexpensive enough at a global scale [15:18] that even having users spend 2 minutes a year on avoiding phishing attacks is economically counter-productive [15:18] i'm not talking bout phishing [15:29] also updated the translation template so people can get translating soonish [15:30] great knome, thanks [15:31] np [15:33] slickymasterWork, we should start thinking the installer slideshow content and looks some day [15:34] yes, you're right knome [15:34] do you already have something in mind, regarding the artwork? [15:35] or you want to do that after we finish the text part [15:35] nothing apart that i want it updated, maybe in the direction of the website [15:36] aesthetically? [15:36] yes [15:36] one aspect we might want to rethnk is the paths that we show in the slideshow [15:36] are they needed? [15:36] and should we try to point more to the documentation? [15:36] i mean, more than in one place? [15:37] since we do have it up-to-date and relatively broad now [15:37] well, in terms of text/info on the slides we're not shipping any major new things, apart from a few changes in some apps [15:37] sure, but maybe we want to flesh out the text anyway [15:37] yeah, the paths could be something to be review [15:38] anyway, when we start working on that, i'd figure out what kind of content we want there first [15:38] won't to schedule a sprint for us? [15:38] lol [15:38] hmpf [15:38] why hmpf? [15:38] let's schedule the scheduling for later [15:39] but something this month [15:39] do you have any preferences/days that simply won't work? [15:39] preferably at night [15:39] wfm [15:40] after 22:00 UTC everything works for during week days [15:40] weekday or weekend? [15:40] on weekends it would be better the ones my kid isn't with me [15:41] which are those? [15:41] so I think it would be preferable week days after 22:00 [15:41] ok [15:41] hmm [15:41] i'll consult my wife today on her shifts [15:41] ok [16:12] ochosi, ping me when you're back [16:15] knome: pon [16:15] g [16:15] oh :) [16:15] will PM you [17:07] bluesabre: https://code.launchpad.net/~thad-fisch/xubuntu-default-settings/use-gsettings-for-ll ? [17:09] bluesabre: ok or not ok? [22:33] knome, it doesn't have to be now, but tomorrow we could discuss your rev of the docs [22:34] slickymaster, i can do that in some time [22:34] so if you have comments, just pour them in [22:34] well, I not to sure about the opening of the chapter [22:35] it's better than before [22:35] though that doesn't say much [22:35] it was basically listing the ToC before [22:36] we're talking about a about a major subject, one that ought to be read carefully by our users, but at the same time we're almost telling them to at least read just a few subsection of it [22:37] on one hand we tell them "This is a brief guide on keeping your computer and personal information safe from security threats. " [22:37] but on the other we go about " If you only have a short while, you should read at least the following subsections: [22:37] I don't no, it seems a bit of a paradox to me [22:38] not sure if I made myself clear to you k [22:38] knome: [22:39] sure [22:39] how else would you highlight the most important parts of the chapter? [22:39] that's the thing, I wouldn't, we start it by saying that it's a breif guide [22:41] I don't think you should make it briefer by inviting people to short circuit its read [22:41] well tbh [22:41] even because its a really important subject [22:41] it's not very brief... [22:42] i would have hard time reading that if i didn't know most of it already [22:42] no it isn't, but I'm ok with its extension [22:42] so maybe we shouldn't tell it's brief ;) [22:42] that would be a solution [22:42] I can drop that setence [22:43] as I found a typo in the chapter I can do both things [22:43] maybe we should just face it and say it's written by a security student and that "if you had seen the original version, *then* you'd consider this brief" [22:43] is there a original version? [22:43] not any more [22:43] it was a rant by sidi [22:44] i made it digestible [22:44] why not just drop the adjective 'brief' from that initial sentence? [22:44] that works for me [22:46] ok, I'll do it then and push it [22:46] thanks [22:46] slickymaster, remember this: users are EXTREMELY unmotivated by security [22:46] so, never ever waste their time [22:46] lol, the other way around knome, it's me you have to thank you [22:46] that's why silly advice like "firewalls" must die [22:46] it pollutes their "compliance budget" [22:47] it's better, if they cant be bothered to go through the whole thing, to point them out to the absolute critical points [22:47] though that's true for every subjet [22:47] +c [22:48] * knome punches the C key [22:48] I can see that point sidi, that's just one more argument for me to force them to read it, and to avoid in any possible their lack of attention on such a big issue [22:48] it's like building up habits, you dont become a gym master in 24 hours if you were a couch potato. And since you barely see the positive externalities of security even after so many months/years, it's hard to motivate yourself into learning more security [22:48] slickymaster, they'll tell you to **** *** if you *force* them :p that'd be a terrible UX move [22:48] sidi, tut tut [22:49] knome, sorry i dont mean to say that myself [22:49] i mean that the reaction will be extreme [22:49] the knome train is rolling in..? [22:49] choo choo [22:49] nope [22:49] and, you dont suspect how people behave about technology that gets in the way when you're not watching [22:49] ochosi, reversed the max-width ;) [22:49] the intention here isn't to force sidi, it's just not to help them being so casual about it all [22:50] nor eight, nor eighty [22:50] it's funny how people turn into computer geniuses when they want to read reddit at work [22:50] slickymaster, i'm not casual about security. it's just very important to accept that we can achieve very little by asking users to invest in security [22:50] but can't figure out how to restart a print job [22:50] they shouldnt have to [22:50] ali1234, exactly [22:50] just as funny as when everybody is an advanced user when a tutorial says "advanced users only:" [22:51] maybe we should word it in a way that the important parts are the ones they should START with [22:51] you can only except a few minutes a day from a person to do all sorts of security-related tasks. whenever they need to login on a service, decide whether to open an email/file/app, register on a service, share files with others... they make tons of security decisions and they lose motivation quickly [22:52] slickymaster, ^ see, this is near the original version rant :) [22:52] even when you dont follow advice, you dont necessarily get into trouble, and when you do follow it you can still have issues, and you see none of the attacks being blocked [22:52] slickymaster, ^ and that [22:52] yet they can follow any arbitrary amount of instruction 100% perfectly when they think they are going to get a free iphone [22:52] wait, free iphones, where? [22:52] yeah, high perceived benefit ali1234 [22:52] security = low perceived benefit, high perceived cost [22:52] yeah [22:53] I'm not trying to imply that all sidi, I know you're not casual about it, what I'm saying is that we shouldn't let the users be lazy about it just because they're used to and we shouldn't chnage those habits [22:53] slickymaster, what about my latest proposal for wording? ;) [22:53] slickymaster, let's make a parallel [22:53] you'ver pushed another rev knome ? [22:54] slickymaster, no, i said that in the channel, but you probably missed it from the discussion [22:54] slickymaster, --> maybe we should word it in a way that the important parts are the ones they should START with [22:54] I did :P [22:54] that would fix our issue [22:54] say, your parents are obese and are starting to show signs of heart disease. you want to convince them to change their diet and exercise. they personally have a fatalist attitude and think nothing they can do will pay off. how do you go about it? [22:54] sidi, wow, are we going deep :P [22:55] (economics of security for end users: http://discovery.ucl.ac.uk/1301853/1/compliance_budgetfinal.pdf // http://www.is.uni-muenster.de/security/publications/BG2011_Security_Cost_of_Cheap_User_Interaction_NSPW.pdf) [22:55] sidi, we're trying to fix the wording on the documentation, not save anybody's life [22:55] i guess nobody is immune to this, people just have different priorities [22:55] (everyday security practice http://users.ece.cmu.edu/~adrian/630-f05/readings/dourish-grinter-delgado-joseph.pdf) [22:55] I woulf fight that fatalism sidi [22:55] slickymaster, how? [22:55] that's the £100000 question [22:55] if you know how, i'll tip my boss into hiring you [22:56] but no £1000000 ? :( [22:56] nah, that one is "how to get people to encrypt their emails?"# [22:56] mind me, we, as in Portugal', are famous for suffering from fatalism since the 18th century [22:56] ihpones only cost about $600 right? [22:56] how? [22:57] make them, one way or the other, face the serious implications that that fatalism will, for sure, bring to their health [22:57] fatalism is an outcome of people making efforts and not observing any difference. it's the whole expectations that people have that are broken [22:57] they think they "should/deserve to" be safe if they make efforts [22:57] but risk prevention never works that way. accidents still happen [22:57]