| === chriadam|away is now known as chriadam | ||
| WebVisitor-0 | Hi all how do I enable multitouch on my Lenovo yoga pro 3 | 02:42 |
|---|---|---|
| duflu | Here's some fun: (1) Upgrade mako to wily (devel-proposed channel) to get Mir 0.15 with its lower latency. (2) Add further settings to reduce latency and increase smoothness: restart unity8 QML_NO_TOUCH_COMPRESSION=1 MIR_SERVER_NBUFFERS=2 | 05:23 |
| duflu | The results are encouraging. We should work to make all this default and automatic | 05:23 |
| nhaines | I suppose it would need further testing. | 05:27 |
| duflu | Needs further related optimisations before it's default | 05:36 |
| === chihchun_afk is now known as chihchun | ||
| === chihchun is now known as chihchun_afk | ||
| zzarr | hello! I made a simple dns setting (created a new file) will it be removed when I upgrade to OTA-6? | 07:20 |
| mandel | ogra_, morning! got a quick question for you, do you know how do we start pulseaudio in ubuntu touch?? | 07:51 |
| zzarr | mandel: I'm not sure, but as I understand it it should be the same as Ubuntu | 07:54 |
| mandel | zzarr, hm. ok I wonder why I'm not getting the logs where I want them :-; | 07:55 |
| mandel | :-/ | 07:55 |
| zzarr | maybe "/" is read only? | 07:55 |
| zzarr | "sudo mount -o remount,rw /" | 07:56 |
| zzarr | (but be careful) | 07:56 |
| zzarr | mandel: this page explains the difference between desktop and touch (it's the same OS, still Ubuntu) http://mhall119.com/2014/02/there-is-no-touch-only-ubuntu/ | 07:58 |
| mandel | zzarr, well, there are a number of changes, for example, I'm 100% sure that we are using upstart on the phone | 08:00 |
| mandel | zzarr, and my system img is rw and resized :) | 08:01 |
| zzarr | okey, how did you resize it? | 08:01 |
| zzarr | what device do you have? | 08:02 |
| mandel | zzarr, I have a meizu mx4 and resize it when flashing the devices | 08:05 |
| mandel | zzarr, I'm one on the engs dealing with the phone in canonical ;) | 08:06 |
| zzarr | mandel: it's a wonderful device, I have one too :) | 08:08 |
| mandel | zzarr, yes, trying to get a number of nice fixes for the next ota so that it is even better, but having to fight with pulseaudio is a PITA | 08:08 |
| zzarr | mandel: I read about problems with pulse, will it delay OTA-6 long? | 08:09 |
| mandel | zzarr, I hope to get a fix for today | 08:10 |
| zzarr | mandel: what is the problem? | 08:10 |
| zzarr | I'll try to get xmir up and running in a chroot :) | 08:12 |
| === _salem is now known as salem_ | ||
| ogra_ | mandel, it's a user session job | 08:14 |
| zzarr | that explains why I could not find it in /etc/init.d | 08:15 |
| ogra_ | /etc/init.d isnt used, upstart jobs live in /etc/init/ | 08:18 |
| zzarr | right, I thought I would see a service script there | 08:19 |
| === Guest37794 is now known as Zic | ||
| zzarr | I have made some services on my server at home so I have written files in /etc/init/ | 08:19 |
| mandel | ogra_, ok, thx, got the bastard :) | 08:20 |
| ogra_ | :) | 08:21 |
| mandel | ogra_, and bug fixed, in vim word 2x | 08:21 |
| mandel | ogra_, I felt stupid hehe | 08:21 |
| zzarr | sometimes apt-get is getting stuck when it downloads packages, it looks like this "31% [Connecting to ports.ubuntu.com (2001:67c:1360:8001:1::2)]" but after a while it starts again | 08:22 |
| === chriadam is now known as chriadam|away | ||
| dhbiker | hi | 08:33 |
| dhbiker | so i switched to RC proposed | 08:33 |
| dhbiker | my question is when you do it with phablet tools does it grab the latest version ? | 08:33 |
| ogra_ | dhbiker, yes | 08:42 |
| dhbiker | ogra_ and when the new release comes it can be updated via updates or again via phablet tools | 08:45 |
| ogra_ | you usually only need pahblet tools to install | 08:45 |
| dhbiker | oh so it doesn't come as OTA thing | 08:46 |
| ogra_ | you only need ubuntu-device-flash for installation usually, after that you can OTA or switch channels without re-flashing etc | 08:47 |
| ogra_ | only if you mess up your system by i.e. making it writable you might need to re-flash, there is no reason to do it otherwise | 08:47 |
| dhbiker | heh | 08:48 |
| dhbiker | and where can i see if there is some newer release ? | 08:48 |
| ogra_ | rc-proposed normally gets daily builds, you get notifications | 08:48 |
| dhbiker | i got nothing :D | 08:48 |
| ogra_ | (auto builds are currently stopped for OTA preparation though, close to OTA all builds are manual) | 08:48 |
| dhbiker | ahh | 08:49 |
| dhbiker | makes sense | 08:49 |
| ogra_ | if sil2100 does an image rebuild you get an OTA notification | 08:49 |
| ogra_ | and once OTA is released the daily builds get re-enabled | 08:49 |
| dhbiker | oh ok | 08:50 |
| zzarr | ogra_: you were not here when I asked about if a change to the dns I made will be removed in the next update... I added the file /etc/resolvconf/resolv.conf.d/tail | 08:59 |
| ogra_ | zzarr, unlikely ... only files that changed get touched during upgrade ... it is unlikely that file changes between two images (no guarantees indeed, it can always happen in case the package chanes or whatever) | 09:01 |
| zzarr | okey, since I put it there myself it shouldn't change then :) | 09:02 |
| zzarr | so a system update is basically a dist-upgrade? | 09:02 |
| ogra_ | no | 09:04 |
| ogra_ | a system upgrade is a diff between two rootfs trees ... all changed files get copied into a tarball ... that tarball is unpacked on top if your rootfs | 09:04 |
| ogra_ | (and removed files are deleted) | 09:04 |
| oSoMoN | mandel, https://bugs.launchpad.net/ubuntu/+source/ubuntu-download-manager/+bug/1488425 | 09:05 |
| ubot5 | Ubuntu bug 1488425 in ubuntu-download-manager (Ubuntu) "[MIR] ubuntu-download-manager" [Undecided,New] | 09:05 |
| zzarr | okey | 09:05 |
| zzarr | thanks ogra_ | 09:05 |
| ogra_ | this is why the readonly rootfs is essential ... both, the server generating the diff and your phone need to have an identical base rootfs | 09:05 |
| nhaines | ogra_: I have a Nexus 5 on basically OTA-5. I'm trying to get a nice screenshot of the Today scope and of course there's no date/sunrise/sunset section. | 09:05 |
| ogra_ | nhaines, i usually get it back after one pull-to-refresh | 09:06 |
| ogra_ | or after two sometimes | 09:06 |
| zzarr | so if I alter a package it might break the system... I get it | 09:06 |
| nhaines | ogra_: this hasn't been the case for me since the last Today update, and it certainly doesn't work on my Nexus 7 on err, whatever the recommended daily images are. rc-proposed, isn't it? | 09:07 |
| nhaines | Isn't there a "day" scope I ought to have or something? | 09:07 |
| zzarr | ogra_: will there be a way to set what dns servers to use without adding a file like I did? | 09:07 |
| nhaines | Yes, on flo on rc-proposed r222, it only shows weather. | 09:09 |
| ogra_ | weird, on both, my arale and my krillin i got the entry back since the scope update | 09:09 |
| nhaines | ogra_: would you mind taking a screenshot of the Today scope with the day bit showing and send it to me for purpose of inclusion in my book? :) | 09:10 |
| nhaines | Since I can't seem to find older screenshots I know I've taken of the same, I'll edit it in. | 09:10 |
| ogra_ | nhaines, hmm, my install is german | 09:11 |
| ogra_ | nhaines, probably popey can ... so you get english translations instead | 09:11 |
| nhaines | Das kann ein kleines Problem sein, denn mein Buch ist nur auf Englisch. :) | 09:11 |
| zzarr | what happened? where did the English go? | 09:12 |
| zzarr | (looks more like German to me) | 09:12 |
| zzarr | in any way.... lunch | 09:12 |
| nhaines | ogra_: I looked on my external drive for some extra screenshots, but they aren't helpful: http://i.imgur.com/niXz5ok.png :) | 09:14 |
| nhaines | popey did give me a screenshot but I lost it. popey, could you take a quick screenshot of the Today scope? I'd rather have a screenshot without a broken Day scope in it (that includes the moon phase bit). | 09:16 |
| dhbiker | ooh GPS works on arale... waited for like 5 mins and nada :/ | 09:16 |
| davmor2 | dhbiker: if you turn off the here location service then an initial fix can take up to 15 minutes, and the mapping app would need to be in the foreground and the phone awake the whole time, If you have the here agps on it should give you a location pretty much immediately | 09:21 |
| dhbiker | hm... strange | 09:22 |
| nhaines | Well, not so strange. :) | 09:22 |
| popey | nhaines: http://people.canonical.com/~alan/screenshots/device-2015-08-17-101237.png | 09:22 |
| nhaines | Although TTF should be more like 2.5 minutes. That might be strange. | 09:22 |
| didrocks | popey: hey, I'm looking at the reboot weather app, at some point, it used the osm plugin to find places, seems that it was then changed, any idea why? (also, do you remember it's provided by which package?) | 09:22 |
| nhaines | popey: brilliant, thanks so much! | 09:23 |
| popey | didrocks: it did? I thought we always used the ubuntu geo lookup thing? | 09:23 |
| nhaines | Oh, that's the same as last time. And I didn't lose it, I saved it right where it should have gone. | 09:23 |
| popey | :)_ | 09:23 |
| nhaines | That's very safe. I'd never think to look for it there. :) | 09:23 |
| popey | that directory has lots of screenshots btw | 09:24 |
| didrocks | popey: yeah, you even commented on the MP: https://code.launchpad.net/~vthompson/ubuntu-weather-app/reboot-location-qml/+merge/259462 :) | 09:24 |
| didrocks | popey: I'm happy to use ubuntu geo lookup, do you know where there is a simple example? | 09:24 |
| nhaines | Thanks. I'm just going to grab a couple extra windowed mode ones on my N7 and call it good. But I'll have a quick browse just in case! | 09:24 |
| popey | nhaines: feel free to shout if you need any specifics from me | 09:25 |
| nhaines | popey: much obliged! | 09:29 |
| didrocks | popey: no such example on our mind? It seems weather app is using a list of cities in a json file | 09:29 |
| larsu | didrocks, we should maybe look into sharing this with system settings, which also has a list of cities somewhere | 09:32 |
| === ghostcube_ is now known as ghostcube | ||
| didrocks | larsu: yeah, it seems to be the way this was done here as well | 09:32 |
| larsu | didrocks, doesn't make sense two have 2, eh? | 09:34 |
| didrocks | yep :p | 09:34 |
| seb128 | larsu, settings is using libtimezonemap | 09:36 |
| larsu | seb128, I know, but we need to get rid of that (or lose the gtk dependency) anyway | 09:43 |
| larsu | seb128, all I'm saying is let's think about sharing this information | 09:43 |
| zzarr | ogra_: will there be a function so I can destroy telemarketing companies? (just kidding, but it would be useful) | 09:46 |
| zzarr | being able to blacklist phone numbers would be nice | 09:46 |
| seb128 | larsu, yeah, +1 for that | 09:49 |
| nhaines | larsu: I believe the weather app's implementation was tied to weather provider-specific data. | 09:49 |
| larsu | nhaines, weird... | 09:53 |
| nhaines | Not that weird. It'd be a pretty poor experience to list cities that the weather provider doesn't have data for. Or to ignore the ten thousand extra cities that are in the weather provider but not the time zone info. | 09:54 |
| zzarr | sometimes it's hard to answer calls (the slider don't move) | 10:00 |
| larsu | nhaines, it wold also be pretty weird to list a city in the weather app that is not in the timezone selector (or the other way around) | 10:06 |
| larsu | *would | 10:06 |
| nhaines | larsu: I strongly disagree. My city is not in the time zone selector. I'm 40 miles away from Los Angeles and the weather here is nowhere *close* to LA weather. | 10:07 |
| larsu | nhaines, clearly. I'm saying it's weird if my device "knows" about my city in one place but doesn't in another | 10:08 |
| larsu | I'd be fine with only having major cities in the time zone selector, but that's not what we have right now | 10:08 |
| nhaines | It's not that weird. Weather and time are unrelated. | 10:09 |
| larsu | no they're not... and again, that's not my point | 10:10 |
| nhaines | How are weather and time related? | 10:11 |
| * larsu resists the urge to answering that one snarky :P | 10:13 | |
| === pstolowski is now known as pstolowski|lunch | ||
| jgdx | kenvandine, https://code.launchpad.net/~jonas-drange/ubuntu-system-settings/fix-notification-test/+merge/269039 | 10:49 |
| oSoMoN | nerochiaro, would you mind confirming https://bugs.launchpad.net/ubuntu/+source/webbrowser-app/+bug/1488470 , and in case you do, can you take it? | 10:57 |
| ubot5 | Ubuntu bug 1488470 in webbrowser-app (Ubuntu) "Ctrl+W shortcut non functional on blank tab after closing a blank tab" [Medium,New] | 10:57 |
| nerochiaro | oSoMoN: confirmed and will look into it | 10:58 |
| oSoMoN | nerochiaro, thanks | 10:58 |
| nerochiaro | oSoMoN: regarding the thumbnails, can you confirm with design that for now we want them only for top sites and not for bookmarks ? | 10:59 |
| dhbiker | ogra_ here ? | 11:18 |
| ProstheticS | did i read right, is there a release tomorow? | 11:18 |
| ProstheticS | an ota i mean | 11:18 |
| davmor2 | ProstheticS: that is the general hope yes | 11:20 |
| davmor2 | ProstheticS: at least for meizu and the nexus devices | 11:20 |
| mcphail | no bq goodness? | 11:21 |
| davmor2 | mcphail: see sil2100 email | 11:21 |
| * mcphail should join the mailing list | 11:22 | |
| nik90 | mcphail: you can follow the mailing list at https://lists.launchpad.net/ubuntu-phone/. Just bookmark the link | 11:32 |
| robin-hero | nik90: When do you release the new clock app? I'm really looking forward to the new stopwatch feature :) | 11:33 |
| nik90 | robin-hero: We're waiting on translations and also for the music-app since as of now, there are no apps that show up as music-sources. | 11:34 |
| nik90 | so if we upload clock without music-app, the custom sound feature cannot be used since there would be no apps to import music from :) | 11:34 |
| nik90 | robin-hero: another few days I suppose. | 11:34 |
| robin-hero | okay, thanks for your answer and your hard work ;) | 11:35 |
| === salem_ is now known as _salem | ||
| nik90 | thnx. | 11:35 |
| mcphail | nik90: cheers :) | 11:39 |
| === MacSlow is now known as MacSlow|lunch | ||
| maggots | how do i set a html5 app to be fullscreen and also lock the orientation | 12:14 |
| === pstolowski|lunch is now known as pstolowski | ||
| maggots | how do i set a html5 app to be fullscreen and also lock the orientation | 12:17 |
| robin-hero | maggots: Add this line to the desktop file: X-Ubuntu-Supported-Orientations=portrait ( or landscape ) | 12:18 |
| maggots | robin-hero: Thanks very much that worked, now how do i set it fullscreen? | 12:22 |
| robin-hero | maggots: You're welcome, sorry I can't help you with the other issue :( | 12:22 |
| maggots | ok, thanks a bunch | 12:24 |
| maggots | robin-hero: adding Exec=webapp-container --fullscreen to the desktop file makes it full screen | 12:32 |
| dhbiker | is there any way to unlock this thing without pushing the power button ? :D | 12:32 |
| robin-hero | maggots: I'm glad you figured it out :) | 12:32 |
| dhbiker | oOOOOo r97 | 12:48 |
| dhbiker | just like ogra_ said it would notify :3 | 12:48 |
| zzarr | mandel: how is pulseaudio comming along? | 12:49 |
| maggots_ | how do i build version 0.2 it keeps thinking it's version 0.1 | 12:49 |
| mandel | zzarr, we have the fixes, we are trying to land them :) | 12:50 |
| zzarr | :D | 12:50 |
| rbasak | "sleep" lasts forever on my Aquaris 4.5 when run from sshd and the screen is off. Any ideas on how I can work around this? I want a background shell script to run all the time even when the screen is off to do some debugging. It will mostly just sleep, but right now it just sleeps forever. | 13:03 |
| robin-hero | maggots_: Change this in manifest.json: "version": "0.1" to 0.2 | 13:04 |
| === dandrader is now known as dandrader|afk | ||
| === ghostcube__ is now known as ghostcube | ||
| === _salem is now known as salem_ | ||
| mpt | mterry, “Sleep locks immediately” means that putting the phone to sleep overrides the “Lock when idle” setting. Spec updated. <https://wiki.ubuntu.com/SecurityAndPrivacySettings?action=diff&rev2=63&rev1=62> | 14:10 |
| === dandrader|afk is now known as dandrader | ||
| mterry | mpt, cool, OK. So this is talking about idle vs manual power presses | 14:13 |
| kenvandine | mandel, now that pulseaudio is fixed... can you give this a quick look? | 14:32 |
| kenvandine | https://code.launchpad.net/~ken-vandine/ubuntu-system-settings/emit_credentials_deleted/+merge/268896 | 14:32 |
| mandel | kenvandine, looking | 14:33 |
| kenvandine | mandel, thx | 14:33 |
| zumbi | typo fixed too | 14:44 |
| kenvandine | mandel, oh yeah, and what about the question about finding updates without a valid token | 14:45 |
| dobey | kenvandine: you need to actually delete the credentials, not just fake the error condition | 14:50 |
| dobey | oh, you changed it to do that, ok | 14:50 |
| kenvandine | dobey, indeed | 15:00 |
| kenvandine | dobey, i listened to you, as always | 15:01 |
| kenvandine | wink wink | 15:01 |
| dobey | lol | 15:07 |
| Giordano | salve | 15:17 |
| Giordano | sono in linea | 15:17 |
| Giordano | si parla italiano? | 15:18 |
| dobey | english please | 15:21 |
| dobey | for italiano see #ubuntu-it | 15:21 |
| === attente is now known as willcooke | ||
| === MacSlow|lunch is now known as MacSlow | ||
| === chihchun_afk is now known as chihchun | ||
| === chihchun is now known as chihchun_afk | ||
| === willcooke is now known as attente | ||
| mterry | cyphermox, poke about networkmanager + dbus | 16:08 |
| cyphermox | mterry: hey | 16:09 |
| mterry | cyphermox, oh shoot, didn't see your reply ;) | 16:22 |
| mterry | cyphermox, so I'm looking at bug 1480844 | 16:22 |
| ubot5 | bug 1480844 in Canonical System Image "Slow/hanging performance" [Undecided,Confirmed] https://launchpad.net/bugs/1480844 | 16:22 |
| mterry | cyphermox, it *seems* to be an interaction between dbus-daemon and NetworkManager | 16:23 |
| mterry | cyphermox, dbus-daemon is going into 100% cpu mode, so it has some bug somehow. But it seems to be triggered by NetworkManager | 16:23 |
| mterry | cyphermox, was just curious for your thoughts/ideas | 16:23 |
| mandel | kenvandine, https://code.launchpad.net/~mandel/ubuntu-system-settings/invalidate-credentials/+merge/269092 | 16:31 |
| dobey | mandel not sure what you're trying to do there, but that surely doesn't do it :) | 16:51 |
| dobey | mandel: i don't think you need to do anything on top of ken's branch to handle the situation; the "you need to log in" bit should be shown at that point | 16:54 |
| mandel | dobey, being lazy :) | 16:54 |
| mandel | dobey, problem is, the request to get if there are updates works with invalid creds, we wanted to tell the user to get them before showing updates and failig in the upload | 16:54 |
| * mandel is lazy by nature | 16:54 | |
| dobey | mandel: you can't. the only way to know the credentials are not valid, is to validate them against the server. doing that separately from the request you're making anyway doesn't make any sense, and would just be a waste of resources, when the token is valid | 16:56 |
| === salem_ is now known as _salem | ||
| _IF_ | help! I set my meizu mx4 into flight mode and now it doesn't want to come out of it. reboot doesn't help. any ideas? | 18:21 |
| aquarius | jdstrand, ping? | 18:39 |
| jdstrand | aquarius: hey, what's up? | 18:44 |
| jdstrand | (sorry for the late response, been in meetings all day) | 18:45 |
| aquarius | heya, pal! No problem; wasn't sure if you were afk or whatever :) | 18:45 |
| jdstrand | no, just massively sidetracked :) | 18:45 |
| aquarius | brief question: the idea has been bandied around that there's scope for phone click apps to undergo manual review if they ask for a break in confinement, and that that manual review actually can happen and apps can be approved. In my case, I have an app called WifiTransfer which is basically an FTP server; it if of course confined to only allow the uploading user access to ~/.local/share/wifitransfer.sil. Everyon | 18:47 |
| aquarius | e says "I wish it could see the whole home folder". If I submit a version with apparmor read/write path of $HOME, will it get reviewed and possibly accepted? | 18:47 |
| aquarius | if the answer is "we don't have the resources to manually review such apps" (much like for the desktop USC) then that's fine, and I'll pursue some other approach. | 18:48 |
| dobey | aquarius: MTP doesn't even expose all of $HOME… | 18:49 |
| jdstrand | it is actually the later | 18:49 |
| jdstrand | latter | 18:49 |
| jdstrand | but it is actually a complicated topic | 18:49 |
| jdstrand | cause even if we did review the source, what is upload isn't necessarily built from that source (obviously, with an interpreted language, that is different) | 18:50 |
| aquarius | right. I have heard it suggested that there is the option to apply for manual review, but I was sceptical -- I don't think you have the time for that. I was right to be sceptical, correct? There is not an option for getting an app manually reviewed? | 18:50 |
| aquarius | I understand entirely, of course -- this isn't a complaint :) | 18:51 |
| jdstrand | and while I might personally trust you, it is unfair if I let yours in cause I know you but don't allow someone else's in | 18:51 |
| aquarius | *nod* agreed. No special treatment. | 18:51 |
| jdstrand | sure | 18:51 |
| jdstrand | just trying to explain the full situation | 18:51 |
| jdstrand | the store supports the concept of a manual review and you can request one | 18:51 |
| aquarius | yup. Hence me being sceptical when I heard that there was an option for manual review :) | 18:51 |
| jdstrand | then it becomes a process issue | 18:51 |
| jdstrand | so it is possible to request it, it just won't be accepted atm until we work out various things | 18:52 |
| aquarius | *nod* | 18:52 |
| aquarius | makes sense. | 18:52 |
| dobey | i think even then, we probably don't want to allow full access to $HOME; but maybe only to the same dirs that are exposed over MTP | 18:53 |
| aquarius | I'd be fine with that | 18:53 |
| dobey | right. i don't think there is a way to specify that, at the moment though. which is part of the problem :) | 18:53 |
| aquarius | I'm pretty confident that people who ask for this are hoping to use wifitransfer to upload, say, loads of music to the phone | 18:53 |
| dobey | sure | 18:54 |
| jdstrand | yeah, the real thing is probably !hidden | 18:54 |
| aquarius | and at the moment that's a major pain because all the stuff goes into the wifitransfer private directory and then you have to shuffle them around (I think one-by-one!) with the file manager, which is (a) difficult (b) not installed by default (c) a pro-level tool | 18:54 |
| aquarius | but, well... that's the way the cookie crumbles, I suppose :) | 18:55 |
| dobey | (d) terminal would be faster | 18:55 |
| dobey | but yeah | 18:55 |
| aquarius | it would, although that's all of a, b, and c but multiplied by five :P | 18:55 |
| aquarius | I could put a version in the Open Store, but I'm in two minds about that. | 18:55 |
| dobey | well, at that point, you have to side-load an app anyway | 18:56 |
| aquarius | 'zactly | 18:56 |
| dobey | so you might as well just put the .click on launchpad.net and say "sideload this thing that has more permissions" | 18:56 |
| aquarius | minor benefit of the open store: it handles updates, which a random click on LP does not | 18:57 |
| aquarius | obvious downside: not sure I want to encourage people to open up their lives to many less confined apps just to get wifitransfer to see the music folder :) | 18:57 |
| dobey | ah, i guess so | 18:57 |
| dobey | yeah, there is that | 18:58 |
| jdstrand | actually, the storage framework use cases has something that might help: | 18:58 |
| jdstrand | meh, why is it so hard to copy and paste from google docs | 18:59 |
| jdstrand | basically it has something for shuffling files around and granting trust relationships between apps | 18:59 |
| aquarius | ooh, really? that sounds interesting. | 19:00 |
| jdstrand | and copying from one application to another | 19:00 |
| jdstrand | it came out of the sd card discussions from a couple months ago from the list | 19:00 |
| aquarius | if there's information I can provide to the people having those discussions, I'm happy to do so :) | 19:01 |
| jdstrand | I don't think it is resourced yet (I could be wrong-- I'm not managing this), but I can say design looked at it | 19:01 |
| aquarius | basically what I actually *want* is the ability to "unlock" the app, like you can with the file manager, and then it exposes $HOME instead of the private folder :) But that's a manual review thing for some point in the future. | 19:02 |
| jdstrand | on the device it is possible for the admin to adjust the security. it would be cool if that could be made easier if people wanted it (eg, provide a way to grant the app access to home via some tool | 19:04 |
| jdstrand | ) | 19:04 |
| aquarius | absolutely | 19:04 |
| jdstrand | snappy actually has something like that for hardware access | 19:05 |
| jdstrand | but you still need to be admin on the cli | 19:05 |
| aquarius | "Want WifiTransfer to show all your storage? Go to System Settings > App Access > WifiTransfer > File permissions and turn on 'all storage'" | 19:05 |
| aquarius | that'd be great. I'd happily write a tool to do it but that tool would also need review etc ;) | 19:05 |
| jdstrand | it would and it would need to run privileged, so we need a service for that | 19:06 |
| aquarius | at which point it's all hard work again | 19:06 |
| mcphail | aquarius: missed the start of this conversation, but presumably you are having the same frsutrations I am having with my syncthing client: default write directory buried in a .dot directory. The .dot directory has to die | 19:07 |
| aquarius | mcphail, it's not that it's a dot directory, per se (I personally would like it if XDG_DATA_HOME was ~/AppData, not ~/.local/share, but that's not relevant here), it's that apps are confined to *a* folder, and that's not gonna change. | 19:08 |
| aquarius | mcphail, how will a syncthing client work, anyway? It can't run in the background. | 19:08 |
| mcphail | aquarius: yes, it can. It doesn't spawn a GUI so doesn't get killed | 19:08 |
| aquarius | mcphail, how do people get it on the phone? | 19:09 |
| mcphail | aquarius: from the store | 19:09 |
| mcphail | aquarius: it isn't user friendly but it still exposes the syncthing web interface | 19:09 |
| aquarius | mcphail, really? you can put non-gui apps in the store and they work and they don't get killed? | 19:09 |
| mcphail | aquarius: for the time being :) | 19:09 |
| aquarius | that seems like a gargantuan loophole ;) | 19:09 |
| mcphail | yes | 19:10 |
| mcphail | aquarius: you can play music with screen off via openAL as well | 19:10 |
| aquarius | heh. | 19:10 |
| dobey | aquarius: yes, at the moment. he's exploiting the fact that unity8 is what manages apps being paused or not, if they are in the background or not | 19:10 |
| aquarius | mcphail, a click can ship multiple apps in it, so you could ship a gui app for controlling syncthing (rather than the web ui), which would get killed as normal but that doesn't matter. | 19:11 |
| aquarius | actually... | 19:11 |
| ogra_ | jdstrand, ^^ sounds like quite a security hole | 19:11 |
| aquarius | that allows anyone to do background processes, doesn't it? | 19:11 |
| ogra_ | :) | 19:11 |
| aquarius | this seems unexcellent :) | 19:11 |
| mcphail | aquarius: not sure about that one. I think you'd need a separate app for that, from my experiments | 19:12 |
| mcphail | aquarius: I'm working on an IRC client which will run in the background, exposing a webn interface for the browser or a separate frontend app | 19:12 |
| dobey | aquarius: yes, you can fork a process right now | 19:12 |
| jdstrand | heheh | 19:13 |
| jdstrand | that's awesome | 19:13 |
| aquarius | dobey, that'd stay in the same process group, though, wouldn't it? or does forking escape the unity8 app lifecycle? (obviously you're still confined, of course) | 19:13 |
| dobey | aquarius: well, until you break out of the pgroup :) | 19:13 |
| jdstrand | so, no I don't consider this a security hole. I consider this an application lifecycle bug | 19:13 |
| aquarius | dobey, oh, I didn't know you could do that :) | 19:14 |
| mcphail | aquarius: I've found if you fork a couple of things from a shell script, they all get killed if there is a GUI | 19:14 |
| dobey | aquarius: confinement sticks, so it's not a security hole i don't think; but yeah, an issue in the lifecycle management | 19:14 |
| * jdstrand nods | 19:14 | |
| aquarius | mcphail, ah, not quite what I meant: ship two disconnected apps in the same click package so they both install. You'd have to start them separately, of course | 19:14 |
| ogra_ | jdstrand, so the working example uses OpenAL to play back music when backgrounded ... are you sure i cant use OpenAL the same way for recording ? | 19:14 |
| aquarius | mcphail, although as you can see this whole technique is on extremely thin ice ;-) | 19:15 |
| ogra_ | with working around all blockings ... | 19:15 |
| mcphail | aquarius: how can you do that? Don't you only get one .desktop file? | 19:15 |
| jdstrand | if pulseaudio allowed it, then that would be a security bug in the pulse trust store implementation | 19:15 |
| aquarius | mcphail, I think you can have multiple. I haven't tried this, only heard rumours, so I might be wrong! | 19:15 |
| dobey | mcphail: a click package can have any number of apps | 19:15 |
| mcphail | ooh! | 19:15 |
| jdstrand | but I would hope it would fail closed | 19:15 |
| jdstrand | you can have multiple | 19:16 |
| ogra_ | hmm, is OpenAL going through pulse at all ? | 19:16 |
| mcphail | jdstrand: so they all get access to the same write folder? | 19:16 |
| jdstrand | I'm curious how the non-gui app is abled to be started | 19:16 |
| aquarius | mcphail, better, the "background" app can open a url with urldispatcher which would be received by the front-end app :) | 19:16 |
| jdstrand | mcphail: yes | 19:16 |
| mcphail | jdstrand: you've no idea how happy that makes me :) | 19:16 |
| jdstrand | mcphail: the folders are based on pkgname, not appname/version so things can share | 19:17 |
| dobey | jdstrand: the .desktop file can Exec anything that can be run. it doesn't have to open a gui | 19:17 |
| mcphail | jdstrand: non-GUI apps just show a constant splash screen | 19:17 |
| aquarius | which, interestingly, is configurable in the desktop file, so you can make the splash screen look like whatever you wan t:) | 19:18 |
| jdstrand | now, there is a restriction on what the things are-- for example, a scope and an app in the the same click can't share for various reasons | 19:18 |
| jdstrand | mcphail: oh so you ship a desktop file, you click on it, then you swipe it to the side and start something else? | 19:18 |
| mcphail | aquarius: I hope they don't kill this. It makes app building much more useful | 19:18 |
| mcphail | jdstrand: yes | 19:18 |
| jdstrand | dobey: right, I hadn't put together that a desktop file was being used | 19:19 |
| aquarius | mcphail, I think it's a neat way around the lifecycle rules. Voß is gonna have kittens, though ;) | 19:19 |
| aquarius | mcphail, and you aren't allowed to run background processes for a reason, not just to be annoying :) | 19:19 |
| mcphail | aquarius: I think everyone knows about this by now. I kepp getting told my app is going to be killed "soon" :) | 19:19 |
| dobey | ted: ^^ fix this bug | 19:20 |
| mcphail | noooooo | 19:20 |
| mcphail | aquarius: It doesn't seem to drain the battery much. Shame to prevent any background apps at all | 19:21 |
| jdstrand | ogra_: I'm going to ask tvoss what the trust-store will do in the face of a non-gui app to make sure it fails properly | 19:21 |
| aquarius | mcphail, well, since this neat trick is gonna get killed, you'll have to have people sideload your app... at which point you can set a more pleasant confinement policy and it can write to whatever it likes... | 19:22 |
| aquarius | or put it in the Open Store, for which ditto | 19:22 |
| mcphail | aquarius: every cloud (sync) has a silver lining | 19:22 |
| jdstrand | with what is described, it sounds like the trust prompt would display over the splash and be fine | 19:22 |
| ogra_ | jdstrand, also what happens if a lib actually tries to circumvent pulse would be interesting ... i'm not sure at all that OpenAL actuall ytalks to pulse and not to some alsa layer | 19:22 |
| aquarius | erm. if talking to pulse is optional and you're allowed to talk right to alsa then the "confinement" is nothing of the sort :) | 19:23 |
| ogra_ | yes | 19:23 |
| mcphail | ogra_: I posted a test OpenAL app a while ago which didn't respond to volume control etc | 19:23 |
| ogra_ | mcphail, right, that would indicate it doesnt talk to pulse | 19:23 |
| dobey | ogra_: won't it fail in apparmor when it tries to open /dev/snd/blah | 19:23 |
| dobey | ? | 19:23 |
| ogra_ | it should | 19:23 |
| jdstrand | ogra_: we have explicit deny rules to prevent access to the stand audio devices that one would use with pulse | 19:24 |
| mcphail | I may have the test app somewhere... | 19:24 |
| jdstrand | # Force the use of pulseaudio and silence any denials for ALSA | 19:24 |
| jdstrand | deny /usr/share/alsa/alsa.conf r, | 19:24 |
| jdstrand | deny /dev/snd/ r, | 19:24 |
| jdstrand | deny /dev/snd/* r, | 19:24 |
| ogra_ | jdstrand, even if it takes a detour via ... say talking to libasound ... | 19:25 |
| jdstrand | doesn't matter | 19:25 |
| ogra_ | k | 19:25 |
| ogra_ | phew | 19:25 |
| jdstrand | it is the process, not how it gets there | 19:25 |
| mcphail | I still have the app if anyone wants to look. I had a bug report open but think it got closed | 19:25 |
| ogra_ | i guess the bg playback will be fixed as soon as we use process groups | 19:26 |
| jdstrand | I'm surprised we still aren't. I thought we were... | 19:26 |
| jdstrand | but yeah, I guess that is part of the 'fixed soon' stuff | 19:26 |
| ogra_ | well, see webapps :) | 19:26 |
| ogra_ | renderer still dies independently ... | 19:27 |
| jdstrand | still? | 19:27 |
| jdstrand | I thought that was resolved ages ago | 19:27 |
| jdstrand | maybe we just made the situation better... | 19:27 |
| jdstrand | that was some time ago :) | 19:27 |
| mcphail | http://themcphails.uk/altest.njmcphail_0.1_armhf.click if anyone is interested | 19:27 |
| jdstrand | snappy has swapped all that out :P | 19:27 |
| jdstrand | mcphail: so the very bottom most layers support multiple apps. you see this with a click shipping a scope, an app, a push helper, etc | 19:29 |
| mcphail | jdstrand: I knew snappy could do this but didn't realise you could do it with a .click. That is very useful | 19:29 |
| jdstrand | mcphail: I'm not 100% sure what the upper layers will do with two desktop files. I *think* it will work. it is certainly worth playing with | 19:29 |
| mcphail | jdstrand: having confined apps sharing write space is a major win | 19:30 |
| jdstrand | yes, wanted to have that in place in the security policy. I think it'll all just work fine at the upper layers, just haven't personally tried it | 19:31 |
| mcphail | jdstrand: presumably both apps would need to share an apparmor profile? Otherwise, that would be a security risk | 19:31 |
| jdstrand | (at the very beginning there was a limitation at the upper layers and only shipping one app in the hooks db-- however that was long ago expanded for scopes, push helpers, etc-- not allowing extra desktop apps in the hooks db would be artificially limiting imo, but I didn't write those bits) | 19:33 |
| jdstrand | mcphail: they don't share a profile. everything in the hooks database that specifies the apparmor hook gets an apparmor profile that is pkgname_appname_version | 19:34 |
| jdstrand | that corresponds to its APP_ID | 19:34 |
| dobey | if you have two .desktop files, both will show up in the click scope, but only one will match as "installed" with regards to the package itself | 19:34 |
| jdstrand | the ubuntu-sdk policy template doesn't consider appname and version though | 19:34 |
| dobey | oh, i don't know if the click hooks actually support multiple | 19:34 |
| jdstrand | eg, foo_bar_0.1 and foo_baz_0.1 will have different pofiles, but can both access ~/.local/share/foo/ | 19:35 |
| mcphail | jdstrand: that is a security bug, then | 19:35 |
| dobey | how is shipping two things in the same package and allowing them to access the same directory, a security bug? | 19:35 |
| jdstrand | mcphail: how so? it is from the same developer | 19:36 |
| jdstrand | they use the same template | 19:36 |
| mcphail | jdstrand: the model is not supposed to allow one app to have, say, full access to a content-hub source plus network access. This circumvents that | 19:36 |
| mcphail | jdstrand: (or have I misunderstood?) | 19:37 |
| jdstrand | there are limitations on combinations, yes | 19:37 |
| jdstrand | but content-hub isn't one of them | 19:37 |
| dobey | content-hub requires the user to explicitly allow your app to access something | 19:38 |
| mcphail | jdstrand: but 2 apps could pass data via the shared write directory, circumventing whatever restrictions on combinations are enforced | 19:38 |
| jdstrand | (right, content hub is always a user driven interaction) | 19:38 |
| jdstrand | mcphail: but it can only steal from itself | 19:38 |
| jdstrand | note, this is the same click | 19:39 |
| dobey | right | 19:39 |
| jdstrand | yes, you are right in saying that if the developer says that one has networking and one doesn't, the app could shuffle stuff back and forth | 19:39 |
| jdstrand | but networking is a common policy group | 19:40 |
| mcphail | jdstrand: but networking is not allowed in combination with some groups, is it? | 19:40 |
| jdstrand | so the developer doesn't have to try to make it hard on herself-- she would just give networking :) | 19:40 |
| dobey | that'd also be a lot of work to upload something to the network | 19:40 |
| jdstrand | mcphail: that is where things get interesting | 19:40 |
| dobey | network is not allowed with what? | 19:41 |
| Inoki | Hey everyone, need help deciding... | 19:41 |
| jdstrand | mcphail: there are no limitations on networking with the ubuntu-sdk template for common policy groups | 19:41 |
| Inoki | I need to hear your thoughts on the E5. Does it make good pictures? I saw reviews on the 4.5 and photograph quality is bad. | 19:41 |
| jdstrand | so you can use all or none of the common policy groups with networking with the default (ubuntu-sdk) template | 19:41 |
| mcphail | jdstrand: I thought I had read somewhere it wasn't allowed. Will have a quick google... | 19:42 |
| jdstrand | which is why it is ok for ubuntu-sdk template apps to share data | 19:42 |
| jdstrand | mcphail: other templates have restrictions | 19:42 |
| dobey | mcphail: there was going to be a case where scopes could either be network scopes, or local scopes; and ne'er should the two meet. but that didn't happen | 19:42 |
| jdstrand | mcphail: fyi, don't need to google-- I wrote the policy and the review tools :) | 19:43 |
| jdstrand | yes, you may be thinking about what dobey mentioned | 19:43 |
| jdstrand | a push helper template has extremely limited access and no overlap with ubuntu-sdk rules | 19:44 |
| dobey | and apps are not scopes, so that wouldn't have applied to the case where there are two apps in the same package, anyway | 19:44 |
| mcphail | jdstrand: maybe I was thinking of the snappy model. Is that different? | 19:44 |
| dobey | i don't recall any significant differences in confinement, wrt snaps instead of clicks | 19:44 |
| jdstrand | in general, if things use different templates, there will be limitations on interactions, but if they use the same template, then there is the possibility for sharing if it is safe | 19:45 |
| jdstrand | mcphail: snappy for ubuntu core has the same APP_ID and templated policy concept | 19:46 |
| jdstrand | s/for ubuntu core/ | 19:46 |
| mcphail | jdstrand: OK, must be misremembering something | 19:46 |
| jdstrand | so that didn't change | 19:46 |
| jdstrand | snappy for ubuntu core has very different templates and policy groups than click | 19:46 |
| jdstrand | but snappy for ubuntu personal will actually just have all the templates and policy groups you are used to on click | 19:47 |
| dobey | jdstrand: but i expect they'll be pretty similar for personal, once those images exist? | 19:47 |
| dobey | yep | 19:47 |
| dobey | :) | 19:47 |
| jdstrand | yeah, I uploaded ubuntu-personal-security a little while ago | 19:47 |
| jdstrand | snappy needs to get smart though-- ubuntu-core is harrdcoded in a few places | 19:47 |
| * jdstrand mentioned this in a bug just today | 19:48 | |
| === ahayzen_ is now known as ahayzen | ||
| TenLeftFingers | I've watched Ted Gould's presentation on the app lifecycle. Is it understood that apps can't or don't currently resume fully intact? Half-written notes and tasks are not saved, web pages get lost and podbird forgets which show I was in. I don't know what to report against if it's not currently a known issue. | 20:02 |
| TenLeftFingers | But I don't mind creating a report and uploading logs etc. | 20:02 |
| nik90 | TenLeftFingers: It is up to the app developer to use the SDK statesaver to ensure that apps remember stuff like which page you were on, what show, etc etc..this way when the app is killed due to OOM, when it is brought back, it restores those variable. | 20:03 |
| nik90 | TenLeftFingers: For Podbird, I remember landing initial support for this. It will remember which tab you were on. But we need to do more work on that, I guess | 20:04 |
| TenLeftFingers | nik90: okay, so it sounds like these 'offenders' could avail of something in the API they are currently ignoring? In which case I can go and chase those packages. | 20:04 |
| mcphail | jdstrand: I still worry this is a security bug. At the very least, it could be used to obfuscate security policies to the users | 20:04 |
| dobey | mcphail: you don't really need to 'obfuscate security policy' when you are providing a proprietary app | 20:05 |
| nik90 | TenLeftFingers: Indeed. Well the apps are not so much "offenders" since they get kicked out by the system due to something else eating up memory. But apps can definitely do something to improve the UX. | 20:05 |
| mcphail | dobey: let me give you an example... | 20:05 |
| mcphail | dobey: say I install a .click which contains a document viewer and a network music streaming app (this is an extreme example, of course) | 20:06 |
| TenLeftFingers | nik90: okay, so they can't control when they get kicked but can recover more gracefully than they currently do? | 20:07 |
| mcphail | dobey: The document viewer could have only content_exchange enabled and visible in Permy. So I think it is safe to use it to view a PDF of my credit card statement | 20:07 |
| mcphail | dobey: the document viewer could save that PDF, then the media streamer app could transmit that to a malicious website | 20:08 |
| mcphail | dobey: it totally breaks the trust model | 20:08 |
| nik90 | TenLeftFingers: indeed | 20:09 |
| dobey | mcphail: how do you know that the document viwere didn't do the same thing though? | 20:09 |
| nik90 | TenLeftFingers: and I believe the SDK StateSaver API was developed for this very purpose. | 20:09 |
| mcphail | dobey: it didn't have network permissions | 20:09 |
| dobey | mcphail: it only breaks the trust model once you know it happened | 20:09 |
| dobey | mcphail: it did, as jdstrand already explained | 20:09 |
| TenLeftFingers | nik90: I'll go and file against the apps then. Thanks for your assistance! | 20:10 |
| nik90 | TenLeftFingers: Thanks for your bug reports :-) | 20:10 |
| TenLeftFingers | :) | 20:10 |
| mcphail | dobey: I don't think he did. The document viewer app _wouldn't_ have network permissions, but the streaming app would. If I viewed the document viewer app in Permy, "network" wouldn't be listed | 20:11 |
| dobey | mcphail: creating a working example and show me how a majority of people would even know whether their trust was being violated or not. | 20:12 |
| jdstrand | mcphail: note, permy is not installed by default and we don't want most users to care about app permissions. we want them to trust the app via user driven interactions | 20:13 |
| mcphail | jdstrand: don't you think permissions become opaque in this case, though? I always check permy before running anything | 20:14 |
| jdstrand | mcphail: ultimately if user installs an app to view sensitive information, that user must trust the app. if the user is savvy and looks at permissions, there is more information yes | 20:14 |
| jdstrand | permissions are meant to be opaque to ther regular user | 20:14 |
| jdstrand | you are right that looking at it in this level of detail there are areas where a line is crossed | 20:15 |
| mcphail | jdstrand: seriously??? Even Android users rant about permissions... | 20:15 |
| jdstrand | but both are coming from the same developer | 20:15 |
| dobey | mcphail: android's permissions model is pretty awful though | 20:15 |
| jdstrand | mcphail: I think we are talking about different things | 20:15 |
| jdstrand | we don't want an android permissions model | 20:15 |
| jdstrand | the is essentially click through security for the majority of users | 20:16 |
| dobey | mcphail: but at the same time, just knowing that of two apps in a package, only one having network, how would you even know whether or not your trust is being violated, by knowing those permissions? | 20:16 |
| mcphail | jdstrand: no, but what I'm saying is users _are_ concerned about permissions | 20:16 |
| mcphail | dobey: that's why I think one policy should apply to both apps | 20:16 |
| jdstrand | we want safe permissions that a developer can declare, then the user uses them. unsafe actions like recording, contacts, location, etc are user driven | 20:16 |
| dobey | mcphail: but it does, no? | 20:17 |
| jdstrand | mcphail: there is a choice to be made here-- we chose to let different apps within the same package (with the same template) to share data. this fosters development | 20:18 |
| jdstrand | we had the choice to completely isolate each app, but chose not to | 20:18 |
| jdstrand | because ultimately, if you are putting data into an app, you are trusting it | 20:18 |
| jdstrand | a bad guy is never going to put networking in one and not in another and try to trick the user into doing something in one just to steal it from the other | 20:19 |
| mcphail | jdstrand: that's a big assumption | 20:19 |
| jdstrand | that is way to convuluted. the attack is give the apps networking and get the userr to put something sensitive into it | 20:19 |
| jdstrand | I acknowledge what you are saying | 20:20 |
| dobey | mcphail: you're basically assuming that attackers are going to do way more work than is necessary | 20:20 |
| dobey | yet people still pay dropbox for storage | 20:21 |
| jdstrand | I am saying that there was a choice-- onerous permissions that may help savvy users who look at the perms or ones that foster development (and incidentally, the savvy user can still choose not to use said app by looking at the perms) | 20:21 |
| mcphail | dobey: but it could be easily ameliorated by only allowing one apparmor profile for every app in a click | 20:21 |
| jdstrand | that stifles development | 20:21 |
| dobey | mcphail: if you believe this is a valid security concern, then you should create a .click package which exploits it | 20:22 |
| dobey | mcphail: otherwise, you are just arguing academia | 20:22 |
| mcphail | jdstrand: why? It just makes things transparent. it doesn't restruct the app developer in any way whatsoever | 20:22 |
| jdstrand | sure it does | 20:22 |
| jdstrand | how is the dev supposed to share a cache, game data, a database, etc | 20:22 |
| jdstrand | you get the very strict isolation between clicks | 20:23 |
| mcphail | jdstrand: but they would all be shared anyway. The only difference (in my above example) would be the user would see both "content_exchange" and "network" when he checked the document viewer in permy, and was aware confidentiual data may go to the net | 20:24 |
| jdstrand | the user doesn't see that | 20:24 |
| jdstrand | you see that | 20:24 |
| jdstrand | I see that | 20:24 |
| mcphail | jdstrand: i am a user... | 20:24 |
| jdstrand | I don't put confidential data in anything that I don't trust | 20:24 |
| dobey | a) permy would have to be installed b) user would have to check permy c) user would have to assume bad things and not trust the app anyway | 20:24 |
| jdstrand | the typical user | 20:24 |
| dobey | mcphail: you are a user. you are not all users. | 20:25 |
| jdstrand | ultimately we want usable security | 20:26 |
| dobey | security that isn't usable, isn't security | 20:26 |
| mcphail | dobey: have a look at the user reviews on the android store. A lot of users check and care about permissions | 20:26 |
| jdstrand | if we make it untasteful (prompt for everything), we lose. if we make it onerous for users, we lose if we make it onerous for developers, we lose | 20:26 |
| dobey | mcphail: you are ignoring the point | 20:26 |
| mcphail | dobey: not intentionally... | 20:27 |
| mcphail | dobey: Just about the first thing you hit if you google for "ubuntu touch permissions" is a page on Permy | 20:28 |
| jdstrand | we actively chose to improve the developer experience by letting certain things be shared within the same click. this is reiterated with snappy | 20:28 |
| dobey | mcphail: you're equating people who care about permissions and commenting on the android store, as to having all android users caring about permissions or wishing to go through the trouble to decipher what every permission really means | 20:28 |
| jdstrand | but once we have more than enthusiast users, most users won't google for that :) | 20:28 |
| mcphail | OK. I think we'll have to agree to differ on this one | 20:29 |
| jdstrand | ie, google has gagillions of users and a very small percentage look at the perms | 20:29 |
| dobey | jdstrand: well, no offense, but i'm sure once we have a hundred million users, a page on permy will probably be way down the list of search results for "ubuntu permissions" :) | 20:29 |
| jdstrand | hehe | 20:29 |
| jdstrand | yes | 20:29 |
| dobey | mcphail: again. pleae create a click which exploits the problem you claim exists | 20:30 |
| mcphail | jdstrand: Google had to obfuscate their permissions to _stop_ users complaining about them | 20:30 |
| dobey | mcphail: arguing academia with invalid points isn't helpful :) | 20:30 |
| dobey | mcphail: no, what google is doing is slowly moving to a model more like ios and ubuntu are | 20:30 |
| dobey | they certainly haven't "obfuscated" them | 20:30 |
| dobey | if anything, i think they've probably made them more apparent | 20:31 |
| mcphail | by hiding them??? | 20:31 |
| dobey | hiding them where? | 20:31 |
| dobey | they are plainly visible on the page in the app store, for every single application | 20:31 |
| mcphail | dobey: all permissions are no longer shown by default on the app store | 20:31 |
| dobey | since when? | 20:32 |
| mcphail | since about 1 year ago | 20:32 |
| dobey | well, then you are wrong | 20:32 |
| dobey | as soon as you click install, the list of permissions is shown | 20:32 |
| jdstrand | via the phone ui? | 20:33 |
| mcphail | dobey: http://www.androidcentral.com/new-google-play-store-4820-greatly-simplifies-permissions | 20:33 |
| jdstrand | we didn't want that | 20:33 |
| jdstrand | we didn't want a weird click through/confusing situation | 20:33 |
| jdstrand | we wanted people to be able to find them if they wanted | 20:34 |
| dobey | jdstrand: yeah, in the phone it does too, as well as the web site; but yes, we don't want that | 20:34 |
| jdstrand | but ultimately the trust relationship is between the user and the app. and the system prompts for sensitive stuff | 20:34 |
| jdstrand | mcphail: so there is a point you perhaps didn't consider | 20:34 |
| jdstrand | mcphail: lets take you app with one without networking and one with | 20:35 |
| mcphail | ok | 20:35 |
| dobey | mcphail: so they changed the permissions and made the simpler to try to make them easier to understand. but they are clearly visible when installing an app | 20:35 |
| dobey | and we don't want that | 20:35 |
| jdstrand | mcphail: as a developer I could trick you by using text strings that might make you think one is running when it is the other. I could also let that app sit in the store for a month, then update it adding networking to the app and on launch, send off everything you put in there before when the networking wasn't there | 20:36 |
| jdstrand | at some point, if you are putting data into an app, you are trusting it | 20:37 |
| mcphail | jdstrand: you are even more devious than me... :) | 20:37 |
| jdstrand | dobey: oh, on the perms prompt I thought you were saying we did that | 20:37 |
| mcphail | jdstrand: changing permissions doesn't trigger an dialog on update??? It should... | 20:37 |
| jdstrand | this isn't the android model | 20:38 |
| dobey | jdstrand: oh, no way. i don't even want to think about adding more insanity into installing things from within a scope. it's bad enough already :) | 20:38 |
| dobey | jdstrand: while not being the android model, it might be nice to have some warning when apps add new permissions requirements | 20:39 |
| mcphail | dobey: +1 | 20:39 |
| jdstrand | I don't know, we are presenting information that the user has no context to make a decision on | 20:39 |
| dobey | jdstrand: there's the "i trusted this app, and now it's adding network access, do i still trust it?" aspect, and without the info, it's hard to make that choice | 20:39 |
| jdstrand | no doubt | 20:40 |
| jdstrand | ok I have to run | 20:41 |
| mcphail | dobey: I can try to hack together an example .click, but would probably need to learn a bit about content-hub for it to be a good example. I heard there was a tutorial due this week. Do you know if it has been posted? | 20:42 |
| dobey | mcphail: you don't need content-hub. just make a .click with two applications in it, where one has network profile and the other does not, where the one that does not writes a file into the shared data dir, and the one that has it, pastes it onto a pastebin and gives you the URL | 20:43 |
| mcphail | dobey: will do | 20:44 |
| dobey | mcphail: unfortunately, writing data to disk from QML is hard enough on its own, so you might need to use ubuntu-download-manager from one to download a file from a server into the shared dir | 20:46 |
| dobey | at least, without writing c++ | 20:46 |
| mcphail | dobey: it's OK, I'll write it in C or shell. I'm sure anyone who is interested will be able to see the results in the log files | 20:47 |
| jdstrand | fyi, I've taken a todo to think about no networking to networking on upgrade. most of our perms have trust store integration and so the users know. that isn't true of networking | 20:47 |
| jdstrand | ok, really leaving | 20:47 |
| dobey | mcphail: no, don't exploit the "thing that runs in the background and violates the lifecycle policy" as well | 20:47 |
| mcphail | dobey: ha! Not relevant in this case | 20:48 |
| dobey | cheers jdstrand. we can chat more about that later | 20:48 |
| mcphail | dobey: jdstrand: looks as if a .click fails automatic review if you bundle more than one app | 21:20 |
| dobey | mcphail: well, then i guess you can't do that :) | 21:21 |
| mcphail | dobey: problem solved :) | 21:21 |
| beuno | right, it's too prone to abuse | 21:31 |
| mcphail | The exploit _does_ work, though | 21:34 |
| mcphail | One to keep in mind if packages are going to get manual review | 21:35 |
| mcphail | http://themcphails.uk/leakytrust.njmcphail_0.1_armhf.click if anyone wants to try it, btw. Run "leaky" then "malicious" and see output in log files | 21:49 |
| mcphail | (and, as an aside, busybox-static is a perfect fit for a .click package!) | 21:51 |
| dobey | packages aren't going to get manual review | 21:55 |
| mcphail | dobey: would be a good idea to remove the button from myapps, then | 21:56 |
| popey | well, some do | 22:00 |
| popey | manual review != code review | 22:01 |
| dobey | some == "owned by canonical" | 22:01 |
| popey | not always | 22:01 |
| popey | there are circumstances where people can request manual review and we do that | 22:02 |
| popey | but that doesn't mean a full code review | 22:02 |
| mcphail | popey: probably best bearing the above in mind, then. Data can be leaked intentionally or by accident if there are >1 app in a package | 22:03 |
| mcphail | *is | 22:03 |
| dobey | popey: but if we were going to allow > 1 app in a single package to go through manual code review, why would we disallow it with click-reviewer-tools | 22:04 |
| dobey | ? | 22:04 |
| popey | I wasn't speaking to the more than one app per package issue. | 22:17 |
| popey | Just genealising that "packages aren't going to get manual review" isn't accurate | 22:17 |
| stakewinner00 | where I can download ubuntu-phone iso? | 23:16 |
| mcphail | stakewinner00: there isn't really an iso, as such. Do you have a supported device? | 23:18 |
| jgdx | !devices | 23:18 |
| ubot5 | You can find the full list of devices, official images, community images, and works in progress at https://wiki.ubuntu.com/Touch/Devices | 23:18 |
| stakewinner00 | mcphail, yes. | 23:20 |
| mcphail | stakewinner00: then see the instructions at https://wiki.ubuntu.com/Touch/Install | 23:20 |
| stakewinner00 | Thanks jgdx, i was searching the source code, I don't find it and I was searching and iso . | 23:20 |
| stakewinner00 | One another question, there are some virtual machine foe PC (like virtualbox) that supports ubuntu-touch? | 23:22 |
| stakewinner00 | *for PC | 23:22 |
| mcphail | stakewinner00: there is an emulator which comes as part of the Ubuntu SDK. You can try that | 23:22 |
| jgdx | stakewinner00, buying a phone is a superb experience though | 23:23 |
| stakewinner00 | jgdx, For christmas maybe I will buy one. jaja. | 23:25 |
| stakewinner00 | mcphail, My computer is a debian, and I got troubles for adding the ppa repository (for install ubuntu-sdk), do you know how this emultaor is called? for downloading it standalone | 23:27 |
| jgdx | stakewinner00, good stuff :) | 23:27 |
| mcphail | stakewinner00: no idea if you can download a standalone, I'm afraid. I think it is possible to set up an Ubuntu dev environment in a docker container, though. That might do the trick | 23:28 |
| stakewinner00 | mmm. Thanks mcphail, | 23:30 |
| mcphail | stakewinner00: or install Ubuntu :) | 23:30 |
| stakewinner00 | There are some things that I don't like too much from ubuntu (for a desktop). But ubuntu-touch is much better than debian for phones. That's the dilemma. | 23:33 |
| mcphail | stakewinner00: I think PPA support is coming to debian, but doubt you will be able to use Ubuntu PPAs on a debian box. I think it will be a little while before the Ubuntu SDK will be installable on a different distro | 23:37 |
| stakewinner00 | ok. | 23:39 |
| stakewinner00 | I will have to sleep a little bit. Thanks for the help. | 23:40 |
| mcphail | goodnight | 23:40 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!
