=== chriadam|away is now known as chriadam
WebVisitor-0Hi all how do I enable multitouch on my Lenovo yoga pro 302:42
dufluHere's some fun:  (1) Upgrade mako to wily (devel-proposed channel) to get Mir 0.15 with its lower latency.  (2) Add further settings to reduce latency and increase smoothness:   restart unity8 QML_NO_TOUCH_COMPRESSION=1 MIR_SERVER_NBUFFERS=205:23
dufluThe results are encouraging. We should work to make all this default and automatic05:23
nhainesI suppose it would need further testing.05:27
dufluNeeds further related optimisations before it's default05:36
=== chihchun_afk is now known as chihchun
=== chihchun is now known as chihchun_afk
zzarrhello! I made a simple dns setting (created a new file) will it be removed when I upgrade to OTA-6?07:20
mandelogra_, morning! got a quick question for you, do you know how do we start pulseaudio in ubuntu touch??07:51
zzarrmandel: I'm not sure, but as I understand it it should be the same as Ubuntu07:54
mandelzzarr, hm. ok I wonder why I'm not getting the logs where I want them :-;07:55
zzarrmaybe "/" is read only?07:55
zzarr"sudo mount -o remount,rw /"07:56
zzarr(but be careful)07:56
zzarrmandel: this page explains the difference between desktop and touch (it's the same OS, still Ubuntu) http://mhall119.com/2014/02/there-is-no-touch-only-ubuntu/07:58
mandelzzarr, well, there are a number of changes, for example, I'm 100% sure that we are using upstart on the phone08:00
mandelzzarr, and my system img is rw and resized :)08:01
zzarrokey, how did you resize it?08:01
zzarrwhat device do you have?08:02
mandelzzarr, I have a meizu mx4 and resize it when flashing the devices08:05
mandelzzarr, I'm one on the engs dealing with the phone in canonical ;)08:06
zzarrmandel: it's a wonderful device, I have one too :)08:08
mandelzzarr, yes, trying to get a number of nice fixes for the next ota so that it is even better, but having to fight with pulseaudio is a PITA08:08
zzarrmandel: I read about problems with pulse, will it delay OTA-6 long?08:09
mandelzzarr, I hope to get a fix for today08:10
zzarrmandel: what is the problem?08:10
zzarrI'll try to get xmir up and running in a chroot :)08:12
=== _salem is now known as salem_
ogra_mandel, it's a user session job08:14
zzarrthat explains why I could not find it in /etc/init.d08:15
ogra_/etc/init.d isnt used, upstart jobs live in /etc/init/08:18
zzarrright, I thought I would see a service script there08:19
=== Guest37794 is now known as Zic
zzarrI have made some services on my server at home so I have written files in /etc/init/08:19
mandelogra_, ok, thx, got the bastard :)08:20
mandelogra_, and bug fixed, in vim word 2x08:21
mandelogra_, I felt stupid hehe08:21
zzarrsometimes apt-get is getting stuck when it downloads packages, it looks like this "31% [Connecting to ports.ubuntu.com (2001:67c:1360:8001:1::2)]" but after a while it starts again08:22
=== chriadam is now known as chriadam|away
dhbikerso i switched to RC proposed08:33
dhbikermy question is when you do it with phablet tools does it grab the latest version ?08:33
ogra_dhbiker, yes08:42
dhbikerogra_ and when the new release comes it can be updated via updates or again via phablet tools08:45
ogra_you usually only need pahblet tools to install08:45
dhbikeroh so it doesn't come as OTA thing08:46
ogra_you only need ubuntu-device-flash for installation usually, after that you can OTA or switch channels without re-flashing etc08:47
ogra_only if you mess up your system by i.e. making it writable you might need to re-flash, there is no reason to do it otherwise08:47
dhbikerand where can i see if there is some newer release ?08:48
ogra_rc-proposed normally gets daily builds, you get notifications08:48
dhbikeri got nothing :D08:48
ogra_(auto builds are currently stopped for OTA preparation though, close to OTA all builds are manual)08:48
dhbikermakes sense08:49
ogra_if sil2100 does an image rebuild you get an OTA notification08:49
ogra_and once OTA is released the daily builds get re-enabled08:49
dhbikeroh ok08:50
zzarrogra_: you were not here when I asked about if a change to the dns I made will be removed in the next update... I added the file /etc/resolvconf/resolv.conf.d/tail08:59
ogra_zzarr, unlikely ... only files that changed get touched during upgrade ... it is unlikely that file changes between two images (no guarantees indeed, it can always happen in case the package chanes or whatever)09:01
zzarrokey, since I put it there myself it shouldn't change then :)09:02
zzarrso a system update is basically a dist-upgrade?09:02
ogra_a system upgrade is a diff between two rootfs trees ... all changed files get copied into a tarball ... that tarball is unpacked on top if your rootfs09:04
ogra_(and removed files are deleted)09:04
oSoMoNmandel, https://bugs.launchpad.net/ubuntu/+source/ubuntu-download-manager/+bug/148842509:05
ubot5Ubuntu bug 1488425 in ubuntu-download-manager (Ubuntu) "[MIR] ubuntu-download-manager" [Undecided,New]09:05
zzarrthanks ogra_09:05
ogra_this is why the readonly rootfs is essential ... both, the server generating the diff and your phone need to have an identical base rootfs09:05
nhainesogra_: I have a Nexus 5 on basically OTA-5.  I'm trying to get a nice screenshot of the Today scope and of course there's no date/sunrise/sunset section.09:05
ogra_nhaines, i usually get it back after one pull-to-refresh09:06
ogra_or after two sometimes09:06
zzarrso if I alter a package it might break the system... I get it09:06
nhainesogra_: this hasn't been the case for me since the last Today update, and it certainly doesn't work on my Nexus 7 on err, whatever the recommended daily images are.  rc-proposed, isn't it?09:07
nhainesIsn't there a "day" scope I ought to have or something?09:07
zzarrogra_: will there be a way to set what dns servers to use without adding a file like I did?09:07
nhainesYes, on flo on rc-proposed r222, it only shows weather.09:09
ogra_weird, on both, my arale and my krillin i got the entry back since the scope update09:09
nhainesogra_: would you mind taking a screenshot of the Today scope with the day bit showing and send it to me for purpose of inclusion in my book?  :)09:10
nhainesSince I can't seem to find older screenshots I know I've taken of the same, I'll edit it in.09:10
ogra_nhaines, hmm, my install is german09:11
ogra_nhaines, probably popey can ... so you get english translations instead09:11
nhainesDas kann ein kleines Problem sein, denn mein Buch ist nur auf Englisch.  :)09:11
zzarrwhat happened? where did the English go?09:12
zzarr(looks more like German to me)09:12
zzarrin any way.... lunch09:12
nhainesogra_: I looked on my external drive for some extra screenshots, but they aren't helpful: http://i.imgur.com/niXz5ok.png  :)09:14
nhainespopey did give me a screenshot but I lost it.  popey, could you take a quick screenshot of the Today scope?  I'd rather have a screenshot without a broken Day scope in it (that includes the moon phase bit).09:16
dhbikerooh GPS works on arale... waited for like 5 mins and nada :/09:16
davmor2dhbiker: if you turn off the here location service then an initial fix can take up to 15 minutes, and the mapping app would need to be in the foreground and the phone awake the whole time,  If you have the here agps on it should give you a location pretty much immediately09:21
dhbikerhm... strange09:22
nhainesWell, not so strange.  :)09:22
popeynhaines: http://people.canonical.com/~alan/screenshots/device-2015-08-17-101237.png09:22
nhainesAlthough TTF should be more like 2.5 minutes.  That might be strange.09:22
didrockspopey: hey, I'm looking at the reboot weather app, at some point, it used the osm plugin to find places, seems that it was then changed, any idea why? (also, do you remember it's provided by which package?)09:22
nhainespopey: brilliant, thanks so much!09:23
popeydidrocks: it did? I thought we always used the ubuntu geo lookup thing?09:23
nhainesOh, that's the same as last time.  And I didn't lose it, I saved it right where it should have gone.09:23
nhainesThat's very safe.  I'd never think to look for it there.  :)09:23
popeythat directory has lots of screenshots btw09:24
didrockspopey: yeah, you even commented on the MP: https://code.launchpad.net/~vthompson/ubuntu-weather-app/reboot-location-qml/+merge/259462 :)09:24
didrockspopey: I'm happy to use ubuntu geo lookup, do you know where there is a simple example?09:24
nhainesThanks.  I'm just going to grab a couple extra windowed mode ones on my N7 and call it good.  But I'll have a quick browse just in case!09:24
popeynhaines: feel free to shout if you need any specifics from me09:25
nhainespopey: much obliged!09:29
didrockspopey: no such example on our mind? It seems weather app is using a list of cities in a json file09:29
larsudidrocks, we should maybe look into sharing this with system settings, which also has a list of cities somewhere09:32
=== ghostcube_ is now known as ghostcube
didrockslarsu: yeah, it seems to be the way this was done here as well09:32
larsudidrocks, doesn't make sense two have 2, eh?09:34
didrocksyep :p09:34
seb128larsu, settings is using libtimezonemap09:36
larsuseb128, I know, but we need to get rid of that (or lose the gtk dependency) anyway09:43
larsuseb128, all I'm saying is let's think about sharing this information09:43
zzarrogra_: will there be a function so I can destroy telemarketing companies? (just kidding, but it would be useful)09:46
zzarrbeing able to blacklist phone numbers would be nice09:46
seb128larsu, yeah, +1 for that09:49
nhaineslarsu: I believe the weather app's implementation was tied to weather provider-specific data.09:49
larsunhaines, weird...09:53
nhainesNot that weird.  It'd be a pretty poor experience to list cities that the weather provider doesn't have data for.  Or to ignore the ten thousand extra cities that are in the weather provider but not the time zone info.09:54
zzarrsometimes it's hard to answer calls (the slider don't move)10:00
larsunhaines, it wold also be pretty weird to list a city in the weather app that is not in the timezone selector (or the other way around)10:06
nhaineslarsu: I strongly disagree.  My city is not in the time zone selector.  I'm 40 miles away from Los Angeles and the weather here is nowhere *close* to LA weather.10:07
larsunhaines, clearly. I'm saying it's weird if my device "knows" about my city in one place but doesn't in another10:08
larsuI'd be fine with only having major cities in the time zone selector, but that's not what we have right now10:08
nhainesIt's not that weird.  Weather and time are unrelated.10:09
larsuno they're not... and again, that's not my point10:10
nhainesHow are weather and time related?10:11
* larsu resists the urge to answering that one snarky :P10:13
=== pstolowski is now known as pstolowski|lunch
jgdxkenvandine, https://code.launchpad.net/~jonas-drange/ubuntu-system-settings/fix-notification-test/+merge/26903910:49
oSoMoNnerochiaro, would you mind confirming https://bugs.launchpad.net/ubuntu/+source/webbrowser-app/+bug/1488470 , and in case you do, can you take it?10:57
ubot5Ubuntu bug 1488470 in webbrowser-app (Ubuntu) "Ctrl+W shortcut non functional on blank tab after closing a blank tab" [Medium,New]10:57
nerochiarooSoMoN: confirmed and will look into it10:58
oSoMoNnerochiaro, thanks10:58
nerochiarooSoMoN: regarding the thumbnails, can you confirm with design that for now we want them only for top sites and not for bookmarks ?10:59
dhbikerogra_ here ?11:18
ProstheticSdid i read right, is there a release tomorow?11:18
ProstheticSan ota i mean11:18
davmor2ProstheticS: that is the general hope yes11:20
davmor2ProstheticS: at least for meizu and the nexus devices11:20
mcphailno bq goodness?11:21
davmor2mcphail: see sil2100 email11:21
* mcphail should join the mailing list11:22
nik90mcphail: you can follow the mailing list at https://lists.launchpad.net/ubuntu-phone/. Just bookmark the link11:32
robin-heronik90: When do you release the new clock app? I'm really looking forward to the new stopwatch feature :)11:33
nik90robin-hero: We're waiting on translations and also for the music-app since as of now, there are no apps that show up as music-sources.11:34
nik90so if we upload clock without music-app, the custom sound feature cannot be used since there would be no apps to import music from :)11:34
nik90robin-hero: another few days I suppose.11:34
robin-herookay, thanks for your answer and your hard work ;)11:35
=== salem_ is now known as _salem
mcphailnik90: cheers :)11:39
=== MacSlow is now known as MacSlow|lunch
maggotshow do i set a html5 app to be fullscreen and also lock the orientation12:14
=== pstolowski|lunch is now known as pstolowski
maggotshow do i set a html5 app to be fullscreen and also lock the orientation12:17
robin-heromaggots: Add this line to the desktop file: X-Ubuntu-Supported-Orientations=portrait      ( or landscape )12:18
maggotsrobin-hero: Thanks very much that worked, now how do i set it fullscreen?12:22
robin-heromaggots: You're welcome, sorry I can't help you with the other issue :(12:22
maggotsok, thanks a bunch12:24
maggotsrobin-hero: adding Exec=webapp-container --fullscreen  to the desktop file makes it full screen12:32
dhbikeris there any way to unlock this thing without pushing the power button ? :D12:32
robin-heromaggots: I'm glad you figured it out :)12:32
dhbikeroOOOOo r9712:48
dhbikerjust like ogra_ said it would notify :312:48
zzarrmandel: how is pulseaudio comming along?12:49
maggots_how do i build version 0.2 it keeps thinking it's version 0.112:49
mandelzzarr, we have the fixes, we are trying to land them :)12:50
rbasak"sleep" lasts forever on my Aquaris 4.5 when run from sshd and the screen is off. Any ideas on how I can work around this? I want a background shell script to run all the time even when the screen is off to do some debugging. It will mostly just sleep, but right now it just sleeps forever.13:03
robin-heromaggots_: Change this in manifest.json:     "version":      "0.1" to 0.213:04
=== dandrader is now known as dandrader|afk
=== ghostcube__ is now known as ghostcube
=== _salem is now known as salem_
mptmterry, “Sleep locks immediately” means that putting the phone to sleep overrides the “Lock when idle” setting. Spec updated. <https://wiki.ubuntu.com/SecurityAndPrivacySettings?action=diff&rev2=63&rev1=62>14:10
=== dandrader|afk is now known as dandrader
mterrympt, cool, OK.  So this is talking about idle vs manual power presses14:13
kenvandinemandel, now that pulseaudio is fixed... can you give this a quick look?14:32
mandelkenvandine, looking14:33
kenvandinemandel, thx14:33
zumbitypo fixed too14:44
kenvandinemandel, oh yeah, and what about the question about finding updates without a valid token14:45
dobeykenvandine: you need to actually delete the credentials, not just fake the error condition14:50
dobeyoh, you changed it to do that, ok14:50
kenvandinedobey, indeed15:00
kenvandinedobey, i listened to you, as always15:01
kenvandinewink wink15:01
Giordanosono in linea15:17
Giordanosi parla italiano?15:18
dobeyenglish please15:21
dobeyfor italiano see #ubuntu-it15:21
=== attente is now known as willcooke
=== MacSlow|lunch is now known as MacSlow
=== chihchun_afk is now known as chihchun
=== chihchun is now known as chihchun_afk
=== willcooke is now known as attente
mterrycyphermox, poke about networkmanager + dbus16:08
cyphermoxmterry: hey16:09
mterrycyphermox, oh shoot, didn't see your reply  ;)16:22
mterrycyphermox, so I'm looking at bug 148084416:22
ubot5bug 1480844 in Canonical System Image "Slow/hanging performance" [Undecided,Confirmed] https://launchpad.net/bugs/148084416:22
mterrycyphermox, it *seems* to be an interaction between dbus-daemon and NetworkManager16:23
mterrycyphermox, dbus-daemon is going into 100% cpu mode, so it has some bug somehow.  But it seems to be triggered by NetworkManager16:23
mterrycyphermox, was just curious for your thoughts/ideas16:23
mandelkenvandine, https://code.launchpad.net/~mandel/ubuntu-system-settings/invalidate-credentials/+merge/26909216:31
dobey mandel not sure what you're trying to do there, but that surely doesn't do it :)16:51
dobeymandel: i don't think you need to do anything on top of ken's branch to handle the situation; the "you need to log in" bit should be shown at that point16:54
mandeldobey, being lazy :)16:54
mandeldobey, problem is, the request to get if there are updates works with invalid creds, we wanted to tell the user to get them before showing updates and failig in the upload16:54
* mandel is lazy by nature16:54
dobeymandel: you can't. the only way to know the credentials are not valid, is to validate them against the server. doing that separately from the request you're making anyway doesn't make any sense, and would just be a waste of resources, when the token is valid16:56
=== salem_ is now known as _salem
_IF_help! I set my meizu mx4 into flight mode and now it doesn't want to come out of it. reboot doesn't help. any ideas?18:21
aquariusjdstrand, ping?18:39
jdstrandaquarius: hey, what's up?18:44
jdstrand(sorry for the late response, been in meetings all day)18:45
aquariusheya, pal! No problem; wasn't sure if you were afk or whatever :)18:45
jdstrandno, just massively sidetracked :)18:45
aquariusbrief question: the idea has been bandied around that there's scope for phone click apps to undergo manual review if they ask for a break in confinement, and that that manual review actually can happen and apps can be approved. In my case, I have an app called WifiTransfer which is basically an FTP server; it if of course confined to only allow the uploading user access to ~/.local/share/wifitransfer.sil. Everyon18:47
aquariuse says "I wish it could see the whole home folder". If I submit a version with apparmor read/write path of $HOME, will it get reviewed and possibly accepted?18:47
aquariusif the answer is "we don't have the resources to manually review such apps" (much like for the desktop USC) then that's fine, and I'll pursue some other approach.18:48
dobeyaquarius: MTP doesn't even expose all of $HOME…18:49
jdstrandit is actually the later18:49
jdstrandbut it is actually a complicated topic18:49
jdstrandcause even if we did review the source, what is upload isn't necessarily built from that source (obviously, with an interpreted language, that is different)18:50
aquariusright. I have heard it suggested that there is the option to apply for manual review, but I was sceptical -- I don't think you have the time for that. I was right to be sceptical, correct? There is not an option for getting an app manually reviewed?18:50
aquariusI understand entirely, of course -- this isn't a complaint :)18:51
jdstrandand while I might personally trust you, it is unfair if I let yours in cause I know you but don't allow someone else's in18:51
aquarius*nod* agreed. No special treatment.18:51
jdstrandjust trying to explain the full situation18:51
jdstrandthe store supports the concept of a manual review and you can request one18:51
aquariusyup. Hence me being sceptical when I heard that there was an option for manual review :)18:51
jdstrandthen it becomes a process issue18:51
jdstrandso it is possible to request it, it just won't be accepted atm until we work out various things18:52
aquariusmakes sense.18:52
dobeyi think even then, we probably don't want to allow full access to $HOME; but maybe only to the same dirs that are exposed over MTP18:53
aquariusI'd be fine with that18:53
dobeyright. i don't think there is a way to specify that, at the moment though. which is part of the problem :)18:53
aquariusI'm pretty confident that people who ask for this are hoping to use wifitransfer to upload, say, loads of music to the phone18:53
jdstrandyeah, the real thing is probably !hidden18:54
aquariusand at the moment that's a major pain because all the stuff goes into the wifitransfer private directory and then you have to shuffle them around (I think one-by-one!) with the file manager, which is (a) difficult (b) not installed by default (c) a pro-level tool18:54
aquariusbut, well... that's the way the cookie crumbles, I suppose :)18:55
dobey(d) terminal would be faster18:55
dobeybut yeah18:55
aquariusit would, although that's all of a, b, and c but multiplied by five :P18:55
aquariusI could put a version in the Open Store, but I'm in two minds about that.18:55
dobeywell, at that point, you have to side-load an app anyway18:56
dobeyso you might as well just put the .click on launchpad.net and say "sideload this thing that has more permissions"18:56
aquariusminor benefit of the open store: it handles updates, which a random click on LP does not18:57
aquariusobvious downside: not sure I want to encourage people to open up their lives to many less confined apps just to get wifitransfer to see the music folder :)18:57
dobeyah, i guess so18:57
dobeyyeah, there is that18:58
jdstrandactually, the storage framework use cases has something that might help:18:58
jdstrandmeh, why is it so hard to copy and paste from google docs18:59
jdstrandbasically it has something for shuffling files around and granting trust relationships between apps18:59
aquariusooh, really? that sounds interesting.19:00
jdstrandand copying from one application to another19:00
jdstrandit came out of the sd card discussions from a couple months ago from the list19:00
aquariusif there's information I can provide to the people having those discussions, I'm happy to do so :)19:01
jdstrandI don't think it is resourced yet (I could be wrong-- I'm not managing this), but I can say design looked at it19:01
aquariusbasically what I actually *want* is the ability to "unlock" the app, like you can with the file manager, and then it exposes $HOME instead of the private folder :) But that's a manual review thing for some point in the future.19:02
jdstrandon the device it is possible for the admin to adjust the security. it would be cool if that could be made easier if people wanted it (eg, provide a way to grant the app access to home via some tool19:04
jdstrandsnappy actually has something like that for hardware access19:05
jdstrandbut you still need to be admin on the cli19:05
aquarius"Want WifiTransfer to show all your storage? Go to System Settings > App Access > WifiTransfer > File permissions and turn on 'all storage'"19:05
aquariusthat'd be great. I'd happily write a tool to do it but that tool would also need review etc ;)19:05
jdstrandit would and it would need to run privileged, so we need a service for that19:06
aquariusat which point it's all hard work again19:06
mcphailaquarius: missed the start of this conversation, but presumably you are having the same frsutrations I am having with my syncthing client: default write directory buried in a .dot directory. The .dot directory has to die19:07
aquariusmcphail, it's not that it's a dot directory, per se (I personally would like it if XDG_DATA_HOME was ~/AppData, not ~/.local/share, but that's not relevant here), it's that apps are confined to *a* folder, and that's not gonna change.19:08
aquariusmcphail, how will a syncthing client work, anyway? It can't run in the background.19:08
mcphailaquarius: yes, it can. It doesn't spawn a GUI so doesn't get killed19:08
aquariusmcphail, how do people get it on the phone?19:09
mcphailaquarius: from the store19:09
mcphailaquarius: it isn't user friendly but it still exposes the syncthing web interface19:09
aquariusmcphail, really? you can put non-gui apps in the store and they work and they don't get killed?19:09
mcphailaquarius: for the time being :)19:09
aquariusthat seems like a gargantuan loophole ;)19:09
mcphailaquarius: you can play music with screen off via openAL as well19:10
dobeyaquarius: yes, at the moment. he's exploiting the fact that unity8 is what manages apps being paused or not, if they are in the background or not19:10
aquariusmcphail, a click can ship multiple apps in it, so you could ship a gui app for controlling syncthing (rather than the web ui), which would get killed as normal but that doesn't matter.19:11
ogra_jdstrand, ^^ sounds like quite a security hole19:11
aquariusthat allows anyone to do background processes, doesn't it?19:11
aquariusthis seems unexcellent :)19:11
mcphailaquarius: not sure about that one. I think you'd need a separate app for that, from my experiments19:12
mcphailaquarius: I'm working on an IRC client which will run in the background, exposing a webn interface for the browser or a separate frontend app19:12
dobeyaquarius: yes, you can fork a process right now19:12
jdstrandthat's awesome19:13
aquariusdobey, that'd stay in the same process group, though, wouldn't it? or does forking escape the unity8 app lifecycle? (obviously you're still confined, of course)19:13
dobeyaquarius: well, until you break out of the pgroup :)19:13
jdstrandso, no I don't consider this a security hole. I consider this an application lifecycle bug19:13
aquariusdobey, oh, I didn't know you could do that :)19:14
mcphailaquarius: I've found if you fork a couple of things from a shell script, they all get killed if there is a GUI19:14
dobeyaquarius: confinement sticks, so it's not a security hole i don't think; but yeah, an issue in the lifecycle management19:14
* jdstrand nods19:14
aquariusmcphail, ah, not quite what I meant: ship two disconnected apps in the same click package so they both install. You'd have to start them separately, of course19:14
ogra_jdstrand, so the working example uses OpenAL to play back music when backgrounded ... are you sure i cant use OpenAL the same way for recording ?19:14
aquariusmcphail, although as you can see this whole technique is on extremely thin ice ;-)19:15
ogra_with working around all blockings ...19:15
mcphailaquarius: how can you do that? Don't you only get one .desktop file?19:15
jdstrandif pulseaudio allowed it, then that would be a security bug in the pulse trust store implementation19:15
aquariusmcphail, I think you can have multiple. I haven't tried this, only heard rumours, so I might be wrong!19:15
dobeymcphail: a click package can have any number of apps19:15
jdstrandbut I would hope it would fail closed19:15
jdstrandyou can have multiple19:16
ogra_hmm, is OpenAL going through pulse at all ?19:16
mcphailjdstrand: so they all get access to the same write folder?19:16
jdstrandI'm curious how the non-gui app is abled to be started19:16
aquariusmcphail, better, the "background" app can open a url with urldispatcher which would be received by the front-end app :)19:16
jdstrandmcphail: yes19:16
mcphailjdstrand: you've no idea how happy that makes me :)19:16
jdstrandmcphail: the folders are based on pkgname, not appname/version so things can share19:17
dobeyjdstrand: the .desktop file can Exec anything that can be run. it doesn't have to open a gui19:17
mcphailjdstrand: non-GUI apps just show a constant splash screen19:17
aquariuswhich, interestingly, is configurable in the desktop file, so you can make the splash screen look like whatever you wan t:)19:18
jdstrandnow, there is a restriction on what the things are-- for example, a scope and an app in the the same click can't share for various reasons19:18
jdstrandmcphail: oh so you ship a desktop file, you click on it, then you swipe it to the side and start something else?19:18
mcphailaquarius: I hope they don't kill this. It makes app building much more useful19:18
mcphailjdstrand: yes19:18
jdstranddobey: right, I hadn't put together that a desktop file was being used19:19
aquariusmcphail, I think it's a neat way around the lifecycle rules. Voß is gonna have kittens, though ;)19:19
aquariusmcphail, and you aren't allowed to run background processes for a reason, not just to be annoying :)19:19
mcphailaquarius: I think everyone knows about this by now. I kepp getting told my app is going to be killed "soon" :)19:19
dobeyted: ^^ fix this bug19:20
mcphailaquarius: It doesn't seem to drain the battery much. Shame to prevent any background apps at all19:21
jdstrandogra_: I'm going to ask tvoss what the trust-store will do in the face of a non-gui app to make sure it fails properly19:21
aquariusmcphail, well, since this neat trick is gonna get killed, you'll have to have people sideload your app... at which point you can set a more pleasant confinement policy and it can write to whatever it likes...19:22
aquariusor put it in the Open Store, for which ditto19:22
mcphailaquarius: every cloud (sync) has a silver lining19:22
jdstrandwith what is described, it sounds like the trust prompt would display over the splash and be fine19:22
ogra_jdstrand, also what happens if a lib actually tries to circumvent pulse would be interesting ... i'm not sure at all that OpenAL actuall ytalks to pulse and not to some alsa layer19:22
aquariuserm. if talking to pulse is optional and you're allowed to talk right to alsa then the "confinement" is nothing of the sort :)19:23
mcphailogra_: I posted a test OpenAL app a while ago which didn't respond to volume control etc19:23
ogra_mcphail, right, that would indicate it doesnt talk to pulse19:23
dobeyogra_: won't it fail in apparmor when it tries to open /dev/snd/blah19:23
ogra_it should19:23
jdstrandogra_: we have explicit deny rules to prevent access to the stand audio devices that one would use with pulse19:24
mcphailI may have the test app somewhere...19:24
jdstrand# Force the use of pulseaudio and silence any denials for ALSA19:24
jdstranddeny /usr/share/alsa/alsa.conf r,19:24
jdstranddeny /dev/snd/ r,19:24
jdstranddeny /dev/snd/* r,19:24
ogra_jdstrand, even if it takes a detour via ... say talking to libasound ...19:25
jdstranddoesn't matter19:25
jdstrandit is the process, not how it gets there19:25
mcphailI still have the app if anyone wants to look. I had a bug report open but think it got closed19:25
ogra_i guess the bg playback will be fixed as soon as we use process groups19:26
jdstrandI'm surprised we still aren't. I thought we were...19:26
jdstrandbut yeah, I guess that is part of the 'fixed soon' stuff19:26
ogra_well, see webapps :)19:26
ogra_renderer still dies independently ...19:27
jdstrandI thought that was resolved ages ago19:27
jdstrandmaybe we just made the situation better...19:27
jdstrandthat was some time ago :)19:27
mcphailhttp://themcphails.uk/altest.njmcphail_0.1_armhf.click if anyone is interested19:27
jdstrandsnappy has swapped all that out :P19:27
jdstrandmcphail: so the very bottom most layers support multiple apps. you see this with a click shipping a scope, an app, a push helper, etc19:29
mcphailjdstrand: I knew snappy could do this but didn't realise you could do it with a .click. That is very useful19:29
jdstrandmcphail: I'm not 100% sure what the upper layers will do with two desktop files. I *think* it will work. it is certainly worth playing with19:29
mcphailjdstrand: having confined apps sharing write space is a major win19:30
jdstrandyes, wanted to have that in place in the security policy. I think it'll all just work fine at the upper layers, just haven't personally tried it19:31
mcphailjdstrand: presumably both apps would need to share an apparmor profile? Otherwise, that would be a security risk19:31
jdstrand(at the very beginning there was a limitation at the upper layers and only shipping one app in the hooks db-- however that was long ago expanded for scopes, push helpers, etc-- not allowing extra desktop apps in the hooks db would be artificially limiting imo, but I didn't write those bits)19:33
jdstrandmcphail: they don't share a profile. everything in the hooks database that specifies the apparmor hook gets an apparmor profile that is pkgname_appname_version19:34
jdstrandthat corresponds to its APP_ID19:34
dobeyif you have two .desktop files, both will show up in the click scope, but only one will match as "installed" with regards to the package itself19:34
jdstrandthe ubuntu-sdk policy template doesn't consider appname and version though19:34
dobeyoh, i don't know if the click hooks actually support multiple19:34
jdstrandeg, foo_bar_0.1 and foo_baz_0.1 will have different pofiles, but can both access ~/.local/share/foo/19:35
mcphailjdstrand: that is a security bug, then19:35
dobeyhow is shipping two things in the same package and allowing them to access the same directory, a security bug?19:35
jdstrandmcphail: how so? it is from the same developer19:36
jdstrandthey use the same template19:36
mcphailjdstrand: the model is not supposed to allow one app to have, say, full access to a content-hub source plus network access. This circumvents that19:36
mcphailjdstrand: (or have I misunderstood?)19:37
jdstrandthere are limitations on combinations, yes19:37
jdstrandbut content-hub isn't one of them19:37
dobeycontent-hub requires the user to explicitly allow your app to access something19:38
mcphailjdstrand: but 2 apps could pass data via the shared write directory, circumventing whatever restrictions on combinations are enforced19:38
jdstrand(right, content hub is always a user driven interaction)19:38
jdstrandmcphail: but it can only steal from itself19:38
jdstrandnote, this is the same click19:39
jdstrandyes, you are right in saying that if the developer says that one has networking and one doesn't, the app could shuffle stuff back and forth19:39
jdstrandbut networking is a common policy group19:40
mcphailjdstrand: but networking is not allowed in combination with some groups, is it?19:40
jdstrandso the developer doesn't have to try to make it hard on herself-- she would just give networking :)19:40
dobeythat'd also be a lot of work to upload something to the network19:40
jdstrandmcphail: that is where things get interesting19:40
dobeynetwork is not allowed with what?19:41
InokiHey everyone, need help deciding...19:41
jdstrandmcphail: there are no limitations on networking with the ubuntu-sdk template for common policy groups19:41
InokiI need to hear your thoughts on the E5. Does it make good pictures? I saw reviews on the 4.5 and photograph quality is bad.19:41
jdstrandso you can use all or none of the common policy groups with networking with the default (ubuntu-sdk) template19:41
mcphailjdstrand: I thought I had read somewhere it wasn't allowed. Will have a quick google...19:42
jdstrandwhich is why it is ok for ubuntu-sdk template apps to share data19:42
jdstrandmcphail: other templates have restrictions19:42
dobeymcphail: there was going to be a case where scopes could either be network scopes, or local scopes; and ne'er should the two meet. but that didn't happen19:42
jdstrandmcphail: fyi, don't need to google-- I wrote the policy and the review tools :)19:43
jdstrandyes, you may be thinking about what dobey mentioned19:43
jdstranda push helper template has extremely limited access and no overlap with ubuntu-sdk rules19:44
dobeyand apps are not scopes, so that wouldn't have applied to the case where there are two apps in the same package, anyway19:44
mcphailjdstrand: maybe I was thinking of the snappy model. Is that different?19:44
dobeyi don't recall any significant differences in confinement, wrt snaps instead of clicks19:44
jdstrandin general, if things use different templates, there will be limitations on interactions, but if they use the same template, then there is the possibility for sharing if it is safe19:45
jdstrandmcphail: snappy for ubuntu core has the same APP_ID and templated policy concept19:46
jdstrands/for ubuntu core/19:46
mcphailjdstrand: OK, must be misremembering something19:46
jdstrandso that didn't change19:46
jdstrandsnappy for ubuntu core has very different templates and policy groups than click19:46
jdstrandbut snappy for ubuntu personal will actually just have all the templates and policy groups you are used to on click19:47
dobeyjdstrand: but i expect they'll be pretty similar for personal, once those images exist?19:47
jdstrandyeah, I uploaded ubuntu-personal-security a little while ago19:47
jdstrandsnappy needs to get smart though-- ubuntu-core is harrdcoded in a few places19:47
* jdstrand mentioned this in a bug just today19:48
=== ahayzen_ is now known as ahayzen
TenLeftFingersI've watched Ted Gould's presentation on the app lifecycle. Is it understood that apps can't or don't currently resume fully intact? Half-written notes and tasks are not saved, web pages get lost and podbird forgets which show I was in. I don't know what to report against if it's not currently a known issue.20:02
TenLeftFingersBut I don't mind creating a report and uploading logs etc.20:02
nik90TenLeftFingers: It is up to the app developer to use the SDK statesaver to ensure that apps remember stuff like which page you were on, what show, etc etc..this way when the app is killed due to OOM, when it is brought back, it restores those variable.20:03
nik90TenLeftFingers: For Podbird, I remember landing initial support for this. It will remember which tab you were on. But we need to do more work on that, I guess20:04
TenLeftFingersnik90: okay, so it sounds like these 'offenders' could avail of something in the API they are currently ignoring? In which case I can go and chase those packages.20:04
mcphailjdstrand: I still worry this is a security bug. At the very least, it could be used to obfuscate security policies to the users20:04
dobeymcphail: you don't really need to 'obfuscate security policy' when you are providing a proprietary app20:05
nik90TenLeftFingers: Indeed. Well the apps are not so much "offenders" since they get kicked out by the system due to something else eating up memory. But apps can definitely do something to improve the UX.20:05
mcphaildobey: let me give you an example...20:05
mcphaildobey: say I install a .click which contains a document viewer and a network music streaming app (this is an extreme example, of course)20:06
TenLeftFingersnik90: okay, so they can't control when they get kicked but can recover more gracefully than they currently do?20:07
mcphaildobey: The document viewer could have only content_exchange enabled and visible in Permy. So I think it is safe to use it to view a PDF of my credit card statement20:07
mcphaildobey: the document viewer could save that PDF, then the media streamer app could transmit that to a malicious website20:08
mcphaildobey: it totally breaks the trust model20:08
nik90TenLeftFingers: indeed20:09
dobeymcphail: how do you know that the document viwere didn't do the same thing though?20:09
nik90TenLeftFingers: and I believe the SDK StateSaver API was developed for this very purpose.20:09
mcphaildobey: it didn't have network permissions20:09
dobeymcphail: it only breaks the trust model once you know it happened20:09
dobeymcphail: it did, as jdstrand already explained20:09
TenLeftFingersnik90: I'll go and file against the apps then. Thanks for your assistance!20:10
nik90TenLeftFingers: Thanks for your bug reports :-)20:10
mcphaildobey: I don't think he did. The document viewer app _wouldn't_ have network permissions, but the streaming app would. If I viewed the document viewer app in Permy, "network" wouldn't be listed20:11
dobeymcphail: creating a working example and show me how a majority of people would even know whether their trust was being violated or not.20:12
jdstrandmcphail: note, permy is not installed by default and we don't want most users to care about app permissions. we want them to trust the app via user driven interactions20:13
mcphailjdstrand: don't you think permissions become opaque in this case, though? I always check permy before running anything20:14
jdstrandmcphail: ultimately if user installs an app to view sensitive information, that user must trust the app. if the user is savvy and looks at permissions, there is more information yes20:14
jdstrandpermissions are meant to be opaque to ther regular user20:14
jdstrandyou are right that looking at it in this level of detail there are areas where a line is crossed20:15
mcphailjdstrand: seriously??? Even Android users rant about permissions...20:15
jdstrandbut both are coming from the same developer20:15
dobeymcphail: android's permissions model is pretty awful though20:15
jdstrandmcphail: I think we are talking about different things20:15
jdstrandwe don't want an android permissions model20:15
jdstrandthe is essentially click through security for the majority of users20:16
dobeymcphail: but at the same time, just knowing that of two apps in a package, only one having network, how would you even know whether or not your trust is being violated, by knowing those permissions?20:16
mcphailjdstrand: no, but what I'm saying is users _are_ concerned about permissions20:16
mcphaildobey: that's why I think one policy should apply to both apps20:16
jdstrandwe want safe permissions that a developer can declare, then the user uses them. unsafe actions like recording, contacts, location, etc are user driven20:16
dobeymcphail: but it does, no?20:17
jdstrandmcphail: there is a choice to be made here-- we chose to let different apps within the same package (with the same template) to share data. this fosters development20:18
jdstrandwe had the choice to completely isolate each app, but chose not to20:18
jdstrandbecause ultimately, if you are putting data into an app, you are trusting it20:18
jdstranda bad guy is never going to put networking in one and not in another and try to trick the user into doing something in one just to steal it from the other20:19
mcphailjdstrand: that's a big assumption20:19
jdstrandthat is way to convuluted. the attack is give the apps networking and get the userr to put something sensitive into it20:19
jdstrandI acknowledge what you are saying20:20
dobeymcphail: you're basically assuming that attackers are going to do way more work than is necessary20:20
dobeyyet people still pay dropbox for storage20:21
jdstrandI am saying that there was a choice-- onerous permissions that may help savvy users who look at the perms or ones that foster development (and incidentally, the savvy user can still choose not to use said app by looking at the perms)20:21
mcphaildobey: but it could be easily ameliorated by only allowing one apparmor profile for every app in a click20:21
jdstrandthat stifles development20:21
dobeymcphail: if you believe this is a valid security concern, then you should create a .click package which exploits it20:22
dobeymcphail: otherwise, you are just arguing academia20:22
mcphailjdstrand: why? It just makes things transparent. it doesn't restruct the app developer in any way whatsoever20:22
jdstrandsure it does20:22
jdstrandhow is the dev supposed to share a cache, game data, a database, etc20:22
jdstrandyou get the very strict isolation between clicks20:23
mcphailjdstrand: but they would all be shared anyway. The only difference (in my above example) would be the user would see both "content_exchange" and "network" when he checked the document viewer in permy, and was aware confidentiual data may go to the net20:24
jdstrandthe user doesn't see that20:24
jdstrandyou see that20:24
jdstrandI see that20:24
mcphailjdstrand: i am a user...20:24
jdstrandI don't put confidential data in anything that I don't trust20:24
dobeya) permy would have to be installed b) user would have to check permy c) user would have to assume bad things and not trust the app anyway20:24
jdstrandthe typical user20:24
dobeymcphail: you are a user. you are not all users.20:25
jdstrandultimately we want usable security20:26
dobeysecurity that isn't usable, isn't security20:26
mcphaildobey: have a look at the user reviews on the android store. A lot of users check and care about permissions20:26
jdstrandif we make it untasteful (prompt for everything), we lose. if we make it onerous for users, we lose if we make it onerous for developers, we lose20:26
dobeymcphail: you are ignoring the point20:26
mcphaildobey: not intentionally...20:27
mcphaildobey: Just about the first thing you hit if you google for "ubuntu touch permissions" is a page on Permy20:28
jdstrandwe actively chose to improve the developer experience by letting certain things be shared within the same click. this is reiterated with snappy20:28
dobeymcphail: you're equating people who care about permissions and commenting on the android store, as to having all android users caring about permissions or wishing to go through the trouble to decipher what every permission really means20:28
jdstrandbut once we have more than enthusiast users, most users won't google for that :)20:28
mcphailOK. I think we'll have to agree to differ on this one20:29
jdstrandie, google has gagillions of users and a very small percentage look at the perms20:29
dobeyjdstrand: well, no offense, but i'm sure once we have a hundred million users, a page on permy will probably be way down the list of search results for "ubuntu permissions" :)20:29
dobeymcphail: again. pleae create a click which exploits the problem you claim exists20:30
mcphailjdstrand: Google had to obfuscate their permissions to _stop_ users complaining about them20:30
dobeymcphail: arguing academia with invalid points isn't helpful :)20:30
dobeymcphail: no, what google is doing is slowly moving to a model more like ios and ubuntu are20:30
dobeythey certainly haven't "obfuscated" them20:30
dobeyif anything, i think they've probably made them more apparent20:31
mcphailby hiding them???20:31
dobeyhiding them where?20:31
dobeythey are plainly visible on the page in the app store, for every single application20:31
mcphaildobey: all permissions are no longer shown by default on the app store20:31
dobeysince when?20:32
mcphailsince about 1 year ago20:32
dobeywell, then you are wrong20:32
dobeyas soon as you click install, the list of permissions is shown20:32
jdstrandvia the phone ui?20:33
mcphaildobey: http://www.androidcentral.com/new-google-play-store-4820-greatly-simplifies-permissions20:33
jdstrandwe didn't want that20:33
jdstrandwe didn't want a weird click through/confusing situation20:33
jdstrandwe wanted people to be able to find them if they wanted20:34
dobeyjdstrand: yeah, in the phone it does too, as well as the web site; but yes, we don't want that20:34
jdstrandbut ultimately the trust relationship is between the user and the app. and the system prompts for sensitive stuff20:34
jdstrandmcphail: so there is a point you perhaps didn't consider20:34
jdstrandmcphail: lets take you app with one without networking and one with20:35
dobeymcphail: so they changed the permissions and made the simpler to try to make them easier to understand. but they are clearly visible when installing an app20:35
dobeyand we don't want that20:35
jdstrandmcphail: as a developer I could trick you by using text strings that might make you think one is running when it is the other. I could also let that app sit in the store for a month, then update it adding networking to the app and on launch, send off everything you put in there before when the networking wasn't there20:36
jdstrandat some point, if you are putting data into an app, you are trusting it20:37
mcphailjdstrand: you are even more devious than me... :)20:37
jdstranddobey: oh, on the perms prompt I thought you were saying we did that20:37
mcphailjdstrand: changing permissions doesn't trigger an dialog on update??? It should...20:37
jdstrandthis isn't the android model20:38
dobeyjdstrand: oh, no way. i don't even want to think about adding more insanity into installing things from within a scope. it's bad enough already :)20:38
dobeyjdstrand: while not being the android model, it might be nice to have some warning when apps add new permissions requirements20:39
mcphaildobey: +120:39
jdstrandI don't know, we are presenting information that the user has no context to make a decision on20:39
dobeyjdstrand: there's the "i trusted this app, and now it's adding network access, do i still trust it?" aspect, and without the info, it's hard to make that choice20:39
jdstrandno doubt20:40
jdstrandok I have to run20:41
mcphaildobey: I can try to hack together an example .click, but would probably need to learn a bit about content-hub for it to be a good example. I heard there was a tutorial due this week. Do you know if it has been posted?20:42
dobeymcphail: you don't need content-hub. just make a .click with two applications in it, where one has network profile and the other does not, where the one that does not writes a file into the shared data dir, and the one that has it, pastes it onto a pastebin and gives you the URL20:43
mcphaildobey: will do20:44
dobeymcphail: unfortunately, writing data to disk from QML is hard enough on its own, so you might need to use ubuntu-download-manager from one to download a file from a server into the shared dir20:46
dobeyat least, without writing c++20:46
mcphaildobey: it's OK, I'll write it in C or shell. I'm sure anyone who is interested will be able to see the results in the log files20:47
jdstrandfyi, I've taken a todo to think about no networking to networking on upgrade. most of our perms have trust store integration and so the users know. that isn't true of networking20:47
jdstrandok, really leaving20:47
dobeymcphail: no, don't exploit the "thing that runs in the background and violates the lifecycle policy" as well20:47
mcphaildobey: ha! Not relevant in this case20:48
dobeycheers jdstrand. we can chat more about that later20:48
mcphaildobey: jdstrand: looks as if a .click fails automatic review if you bundle more than one app21:20
dobeymcphail: well, then i guess you can't do that :)21:21
mcphaildobey: problem solved :)21:21
beunoright, it's too prone to abuse21:31
mcphailThe exploit _does_ work, though21:34
mcphailOne to keep in mind if packages are going to get manual review21:35
mcphailhttp://themcphails.uk/leakytrust.njmcphail_0.1_armhf.click if anyone wants to try it, btw. Run "leaky" then "malicious" and see output in log files21:49
mcphail(and, as an aside, busybox-static is a perfect fit for a .click package!)21:51
dobeypackages aren't going to get manual review21:55
mcphaildobey: would be a good idea to remove the button from myapps, then21:56
popeywell, some do22:00
popeymanual review != code review22:01
dobeysome == "owned by canonical"22:01
popeynot always22:01
popeythere are circumstances where people can request manual review and we do that22:02
popeybut that doesn't mean a full code review22:02
mcphailpopey: probably best bearing the above in mind, then. Data can be leaked intentionally or by accident if there are >1 app in a package22:03
dobeypopey: but if we were going to allow > 1 app in a single package to go through manual code review, why would we disallow it with click-reviewer-tools22:04
popeyI wasn't speaking to the more than one app per package issue.22:17
popeyJust genealising that "packages aren't going to get manual review" isn't accurate22:17
stakewinner00where I can download ubuntu-phone iso?23:16
mcphailstakewinner00: there isn't really an iso, as such. Do you have a supported device?23:18
ubot5You can find the full list of devices, official images, community images, and works in progress at https://wiki.ubuntu.com/Touch/Devices23:18
stakewinner00mcphail, yes.23:20
mcphailstakewinner00: then see the instructions at  https://wiki.ubuntu.com/Touch/Install23:20
stakewinner00Thanks jgdx, i was searching the source code, I don't find it and I was searching and iso .23:20
stakewinner00One another question, there are some virtual machine foe PC (like virtualbox) that supports ubuntu-touch?23:22
stakewinner00*for PC23:22
mcphailstakewinner00: there is an emulator which comes as part of the Ubuntu SDK. You can try that23:22
jgdxstakewinner00, buying a phone is a superb experience though23:23
stakewinner00jgdx, For christmas maybe I will buy one. jaja.23:25
stakewinner00mcphail, My computer is a debian, and I got troubles for adding the ppa repository (for install ubuntu-sdk), do you know how this emultaor is called? for downloading it standalone23:27
jgdxstakewinner00, good stuff :)23:27
mcphailstakewinner00: no idea if you can download a standalone, I'm afraid. I think it is possible to set up an Ubuntu dev environment in a docker container, though. That might do the trick23:28
stakewinner00mmm. Thanks mcphail,23:30
mcphailstakewinner00: or install Ubuntu :)23:30
stakewinner00There are some things that I don't like too much from ubuntu (for a desktop). But ubuntu-touch is much better than debian for phones. That's the dilemma.23:33
mcphailstakewinner00: I think PPA support is coming to debian, but doubt you will be able to use Ubuntu PPAs on a debian box. I think it will be a little while before the Ubuntu SDK will be installable on a different distro23:37
stakewinner00I will have to sleep a little bit. Thanks for the help.23:40

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!