=== chriadam|away is now known as chriadam [02:42] Hi all how do I enable multitouch on my Lenovo yoga pro 3 [05:23] Here's some fun: (1) Upgrade mako to wily (devel-proposed channel) to get Mir 0.15 with its lower latency. (2) Add further settings to reduce latency and increase smoothness: restart unity8 QML_NO_TOUCH_COMPRESSION=1 MIR_SERVER_NBUFFERS=2 [05:23] The results are encouraging. We should work to make all this default and automatic [05:27] I suppose it would need further testing. [05:36] Needs further related optimisations before it's default === chihchun_afk is now known as chihchun === chihchun is now known as chihchun_afk [07:20] hello! I made a simple dns setting (created a new file) will it be removed when I upgrade to OTA-6? [07:51] ogra_, morning! got a quick question for you, do you know how do we start pulseaudio in ubuntu touch?? [07:54] mandel: I'm not sure, but as I understand it it should be the same as Ubuntu [07:55] zzarr, hm. ok I wonder why I'm not getting the logs where I want them :-; [07:55] :-/ [07:55] maybe "/" is read only? [07:56] "sudo mount -o remount,rw /" [07:56] (but be careful) [07:58] mandel: this page explains the difference between desktop and touch (it's the same OS, still Ubuntu) http://mhall119.com/2014/02/there-is-no-touch-only-ubuntu/ [08:00] zzarr, well, there are a number of changes, for example, I'm 100% sure that we are using upstart on the phone [08:01] zzarr, and my system img is rw and resized :) [08:01] okey, how did you resize it? [08:02] what device do you have? [08:05] zzarr, I have a meizu mx4 and resize it when flashing the devices [08:06] zzarr, I'm one on the engs dealing with the phone in canonical ;) [08:08] mandel: it's a wonderful device, I have one too :) [08:08] zzarr, yes, trying to get a number of nice fixes for the next ota so that it is even better, but having to fight with pulseaudio is a PITA [08:09] mandel: I read about problems with pulse, will it delay OTA-6 long? [08:10] zzarr, I hope to get a fix for today [08:10] mandel: what is the problem? [08:12] I'll try to get xmir up and running in a chroot :) === _salem is now known as salem_ [08:14] mandel, it's a user session job [08:15] that explains why I could not find it in /etc/init.d [08:18] /etc/init.d isnt used, upstart jobs live in /etc/init/ [08:19] right, I thought I would see a service script there === Guest37794 is now known as Zic [08:19] I have made some services on my server at home so I have written files in /etc/init/ [08:20] ogra_, ok, thx, got the bastard :) [08:21] :) [08:21] ogra_, and bug fixed, in vim word 2x [08:21] ogra_, I felt stupid hehe [08:22] sometimes apt-get is getting stuck when it downloads packages, it looks like this "31% [Connecting to ports.ubuntu.com (2001:67c:1360:8001:1::2)]" but after a while it starts again === chriadam is now known as chriadam|away [08:33] hi [08:33] so i switched to RC proposed [08:33] my question is when you do it with phablet tools does it grab the latest version ? [08:42] dhbiker, yes [08:45] ogra_ and when the new release comes it can be updated via updates or again via phablet tools [08:45] you usually only need pahblet tools to install [08:46] oh so it doesn't come as OTA thing [08:47] you only need ubuntu-device-flash for installation usually, after that you can OTA or switch channels without re-flashing etc [08:47] only if you mess up your system by i.e. making it writable you might need to re-flash, there is no reason to do it otherwise [08:48] heh [08:48] and where can i see if there is some newer release ? [08:48] rc-proposed normally gets daily builds, you get notifications [08:48] i got nothing :D [08:48] (auto builds are currently stopped for OTA preparation though, close to OTA all builds are manual) [08:49] ahh [08:49] makes sense [08:49] if sil2100 does an image rebuild you get an OTA notification [08:49] and once OTA is released the daily builds get re-enabled [08:50] oh ok [08:59] ogra_: you were not here when I asked about if a change to the dns I made will be removed in the next update... I added the file /etc/resolvconf/resolv.conf.d/tail [09:01] zzarr, unlikely ... only files that changed get touched during upgrade ... it is unlikely that file changes between two images (no guarantees indeed, it can always happen in case the package chanes or whatever) [09:02] okey, since I put it there myself it shouldn't change then :) [09:02] so a system update is basically a dist-upgrade? [09:04] no [09:04] a system upgrade is a diff between two rootfs trees ... all changed files get copied into a tarball ... that tarball is unpacked on top if your rootfs [09:04] (and removed files are deleted) [09:05] mandel, https://bugs.launchpad.net/ubuntu/+source/ubuntu-download-manager/+bug/1488425 [09:05] Ubuntu bug 1488425 in ubuntu-download-manager (Ubuntu) "[MIR] ubuntu-download-manager" [Undecided,New] [09:05] okey [09:05] thanks ogra_ [09:05] this is why the readonly rootfs is essential ... both, the server generating the diff and your phone need to have an identical base rootfs [09:05] ogra_: I have a Nexus 5 on basically OTA-5. I'm trying to get a nice screenshot of the Today scope and of course there's no date/sunrise/sunset section. [09:06] nhaines, i usually get it back after one pull-to-refresh [09:06] or after two sometimes [09:06] so if I alter a package it might break the system... I get it [09:07] ogra_: this hasn't been the case for me since the last Today update, and it certainly doesn't work on my Nexus 7 on err, whatever the recommended daily images are. rc-proposed, isn't it? [09:07] Isn't there a "day" scope I ought to have or something? [09:07] ogra_: will there be a way to set what dns servers to use without adding a file like I did? [09:09] Yes, on flo on rc-proposed r222, it only shows weather. [09:09] weird, on both, my arale and my krillin i got the entry back since the scope update [09:10] ogra_: would you mind taking a screenshot of the Today scope with the day bit showing and send it to me for purpose of inclusion in my book? :) [09:10] Since I can't seem to find older screenshots I know I've taken of the same, I'll edit it in. [09:11] nhaines, hmm, my install is german [09:11] nhaines, probably popey can ... so you get english translations instead [09:11] Das kann ein kleines Problem sein, denn mein Buch ist nur auf Englisch. :) [09:12] what happened? where did the English go? [09:12] (looks more like German to me) [09:12] in any way.... lunch [09:14] ogra_: I looked on my external drive for some extra screenshots, but they aren't helpful: http://i.imgur.com/niXz5ok.png :) [09:16] popey did give me a screenshot but I lost it. popey, could you take a quick screenshot of the Today scope? I'd rather have a screenshot without a broken Day scope in it (that includes the moon phase bit). [09:16] ooh GPS works on arale... waited for like 5 mins and nada :/ [09:21] dhbiker: if you turn off the here location service then an initial fix can take up to 15 minutes, and the mapping app would need to be in the foreground and the phone awake the whole time, If you have the here agps on it should give you a location pretty much immediately [09:22] hm... strange [09:22] Well, not so strange. :) [09:22] nhaines: http://people.canonical.com/~alan/screenshots/device-2015-08-17-101237.png [09:22] Although TTF should be more like 2.5 minutes. That might be strange. [09:22] popey: hey, I'm looking at the reboot weather app, at some point, it used the osm plugin to find places, seems that it was then changed, any idea why? (also, do you remember it's provided by which package?) [09:23] popey: brilliant, thanks so much! [09:23] didrocks: it did? I thought we always used the ubuntu geo lookup thing? [09:23] Oh, that's the same as last time. And I didn't lose it, I saved it right where it should have gone. [09:23] :)_ [09:23] That's very safe. I'd never think to look for it there. :) [09:24] that directory has lots of screenshots btw [09:24] popey: yeah, you even commented on the MP: https://code.launchpad.net/~vthompson/ubuntu-weather-app/reboot-location-qml/+merge/259462 :) [09:24] popey: I'm happy to use ubuntu geo lookup, do you know where there is a simple example? [09:24] Thanks. I'm just going to grab a couple extra windowed mode ones on my N7 and call it good. But I'll have a quick browse just in case! [09:25] nhaines: feel free to shout if you need any specifics from me [09:29] popey: much obliged! [09:29] popey: no such example on our mind? It seems weather app is using a list of cities in a json file [09:32] didrocks, we should maybe look into sharing this with system settings, which also has a list of cities somewhere === ghostcube_ is now known as ghostcube [09:32] larsu: yeah, it seems to be the way this was done here as well [09:34] didrocks, doesn't make sense two have 2, eh? [09:34] yep :p [09:36] larsu, settings is using libtimezonemap [09:43] seb128, I know, but we need to get rid of that (or lose the gtk dependency) anyway [09:43] seb128, all I'm saying is let's think about sharing this information [09:46] ogra_: will there be a function so I can destroy telemarketing companies? (just kidding, but it would be useful) [09:46] being able to blacklist phone numbers would be nice [09:49] larsu, yeah, +1 for that [09:49] larsu: I believe the weather app's implementation was tied to weather provider-specific data. [09:53] nhaines, weird... [09:54] Not that weird. It'd be a pretty poor experience to list cities that the weather provider doesn't have data for. Or to ignore the ten thousand extra cities that are in the weather provider but not the time zone info. [10:00] sometimes it's hard to answer calls (the slider don't move) [10:06] nhaines, it wold also be pretty weird to list a city in the weather app that is not in the timezone selector (or the other way around) [10:06] *would [10:07] larsu: I strongly disagree. My city is not in the time zone selector. I'm 40 miles away from Los Angeles and the weather here is nowhere *close* to LA weather. [10:08] nhaines, clearly. I'm saying it's weird if my device "knows" about my city in one place but doesn't in another [10:08] I'd be fine with only having major cities in the time zone selector, but that's not what we have right now [10:09] It's not that weird. Weather and time are unrelated. [10:10] no they're not... and again, that's not my point [10:11] How are weather and time related? [10:13] * larsu resists the urge to answering that one snarky :P === pstolowski is now known as pstolowski|lunch [10:49] kenvandine, https://code.launchpad.net/~jonas-drange/ubuntu-system-settings/fix-notification-test/+merge/269039 [10:57] nerochiaro, would you mind confirming https://bugs.launchpad.net/ubuntu/+source/webbrowser-app/+bug/1488470 , and in case you do, can you take it? [10:57] Ubuntu bug 1488470 in webbrowser-app (Ubuntu) "Ctrl+W shortcut non functional on blank tab after closing a blank tab" [Medium,New] [10:58] oSoMoN: confirmed and will look into it [10:58] nerochiaro, thanks [10:59] oSoMoN: regarding the thumbnails, can you confirm with design that for now we want them only for top sites and not for bookmarks ? [11:18] ogra_ here ? [11:18] did i read right, is there a release tomorow? [11:18] an ota i mean [11:20] ProstheticS: that is the general hope yes [11:20] ProstheticS: at least for meizu and the nexus devices [11:21] no bq goodness? [11:21] mcphail: see sil2100 email [11:22] * mcphail should join the mailing list [11:32] mcphail: you can follow the mailing list at https://lists.launchpad.net/ubuntu-phone/. Just bookmark the link [11:33] nik90: When do you release the new clock app? I'm really looking forward to the new stopwatch feature :) [11:34] robin-hero: We're waiting on translations and also for the music-app since as of now, there are no apps that show up as music-sources. [11:34] so if we upload clock without music-app, the custom sound feature cannot be used since there would be no apps to import music from :) [11:34] robin-hero: another few days I suppose. [11:35] okay, thanks for your answer and your hard work ;) === salem_ is now known as _salem [11:35] thnx. [11:39] nik90: cheers :) === MacSlow is now known as MacSlow|lunch [12:14] how do i set a html5 app to be fullscreen and also lock the orientation === pstolowski|lunch is now known as pstolowski [12:17] how do i set a html5 app to be fullscreen and also lock the orientation [12:18] maggots: Add this line to the desktop file: X-Ubuntu-Supported-Orientations=portrait ( or landscape ) [12:22] robin-hero: Thanks very much that worked, now how do i set it fullscreen? [12:22] maggots: You're welcome, sorry I can't help you with the other issue :( [12:24] ok, thanks a bunch [12:32] robin-hero: adding Exec=webapp-container --fullscreen to the desktop file makes it full screen [12:32] is there any way to unlock this thing without pushing the power button ? :D [12:32] maggots: I'm glad you figured it out :) [12:48] oOOOOo r97 [12:48] just like ogra_ said it would notify :3 [12:49] mandel: how is pulseaudio comming along? [12:49] how do i build version 0.2 it keeps thinking it's version 0.1 [12:50] zzarr, we have the fixes, we are trying to land them :) [12:50] :D [13:03] "sleep" lasts forever on my Aquaris 4.5 when run from sshd and the screen is off. Any ideas on how I can work around this? I want a background shell script to run all the time even when the screen is off to do some debugging. It will mostly just sleep, but right now it just sleeps forever. [13:04] maggots_: Change this in manifest.json: "version": "0.1" to 0.2 === dandrader is now known as dandrader|afk === ghostcube__ is now known as ghostcube === _salem is now known as salem_ [14:10] mterry, “Sleep locks immediately” means that putting the phone to sleep overrides the “Lock when idle” setting. Spec updated. === dandrader|afk is now known as dandrader [14:13] mpt, cool, OK. So this is talking about idle vs manual power presses [14:32] mandel, now that pulseaudio is fixed... can you give this a quick look? [14:32] https://code.launchpad.net/~ken-vandine/ubuntu-system-settings/emit_credentials_deleted/+merge/268896 [14:33] kenvandine, looking [14:33] mandel, thx [14:44] typo fixed too [14:45] mandel, oh yeah, and what about the question about finding updates without a valid token [14:50] kenvandine: you need to actually delete the credentials, not just fake the error condition [14:50] oh, you changed it to do that, ok [15:00] dobey, indeed [15:01] dobey, i listened to you, as always [15:01] wink wink [15:07] lol [15:17] salve [15:17] sono in linea [15:18] si parla italiano? [15:21] english please [15:21] for italiano see #ubuntu-it === attente is now known as willcooke === MacSlow|lunch is now known as MacSlow === chihchun_afk is now known as chihchun === chihchun is now known as chihchun_afk === willcooke is now known as attente [16:08] cyphermox, poke about networkmanager + dbus [16:09] mterry: hey [16:22] cyphermox, oh shoot, didn't see your reply ;) [16:22] cyphermox, so I'm looking at bug 1480844 [16:22] bug 1480844 in Canonical System Image "Slow/hanging performance" [Undecided,Confirmed] https://launchpad.net/bugs/1480844 [16:23] cyphermox, it *seems* to be an interaction between dbus-daemon and NetworkManager [16:23] cyphermox, dbus-daemon is going into 100% cpu mode, so it has some bug somehow. But it seems to be triggered by NetworkManager [16:23] cyphermox, was just curious for your thoughts/ideas [16:31] kenvandine, https://code.launchpad.net/~mandel/ubuntu-system-settings/invalidate-credentials/+merge/269092 [16:51] mandel not sure what you're trying to do there, but that surely doesn't do it :) [16:54] mandel: i don't think you need to do anything on top of ken's branch to handle the situation; the "you need to log in" bit should be shown at that point [16:54] dobey, being lazy :) [16:54] dobey, problem is, the request to get if there are updates works with invalid creds, we wanted to tell the user to get them before showing updates and failig in the upload [16:54] * mandel is lazy by nature [16:56] mandel: you can't. the only way to know the credentials are not valid, is to validate them against the server. doing that separately from the request you're making anyway doesn't make any sense, and would just be a waste of resources, when the token is valid === salem_ is now known as _salem [18:21] <_IF_> help! I set my meizu mx4 into flight mode and now it doesn't want to come out of it. reboot doesn't help. any ideas? [18:39] jdstrand, ping? [18:44] aquarius: hey, what's up? [18:45] (sorry for the late response, been in meetings all day) [18:45] heya, pal! No problem; wasn't sure if you were afk or whatever :) [18:45] no, just massively sidetracked :) [18:47] brief question: the idea has been bandied around that there's scope for phone click apps to undergo manual review if they ask for a break in confinement, and that that manual review actually can happen and apps can be approved. In my case, I have an app called WifiTransfer which is basically an FTP server; it if of course confined to only allow the uploading user access to ~/.local/share/wifitransfer.sil. Everyon [18:47] e says "I wish it could see the whole home folder". If I submit a version with apparmor read/write path of $HOME, will it get reviewed and possibly accepted? [18:48] if the answer is "we don't have the resources to manually review such apps" (much like for the desktop USC) then that's fine, and I'll pursue some other approach. [18:49] aquarius: MTP doesn't even expose all of $HOME… [18:49] it is actually the later [18:49] latter [18:49] but it is actually a complicated topic [18:50] cause even if we did review the source, what is upload isn't necessarily built from that source (obviously, with an interpreted language, that is different) [18:50] right. I have heard it suggested that there is the option to apply for manual review, but I was sceptical -- I don't think you have the time for that. I was right to be sceptical, correct? There is not an option for getting an app manually reviewed? [18:51] I understand entirely, of course -- this isn't a complaint :) [18:51] and while I might personally trust you, it is unfair if I let yours in cause I know you but don't allow someone else's in [18:51] *nod* agreed. No special treatment. [18:51] sure [18:51] just trying to explain the full situation [18:51] the store supports the concept of a manual review and you can request one [18:51] yup. Hence me being sceptical when I heard that there was an option for manual review :) [18:51] then it becomes a process issue [18:52] so it is possible to request it, it just won't be accepted atm until we work out various things [18:52] *nod* [18:52] makes sense. [18:53] i think even then, we probably don't want to allow full access to $HOME; but maybe only to the same dirs that are exposed over MTP [18:53] I'd be fine with that [18:53] right. i don't think there is a way to specify that, at the moment though. which is part of the problem :) [18:53] I'm pretty confident that people who ask for this are hoping to use wifitransfer to upload, say, loads of music to the phone [18:54] sure [18:54] yeah, the real thing is probably !hidden [18:54] and at the moment that's a major pain because all the stuff goes into the wifitransfer private directory and then you have to shuffle them around (I think one-by-one!) with the file manager, which is (a) difficult (b) not installed by default (c) a pro-level tool [18:55] but, well... that's the way the cookie crumbles, I suppose :) [18:55] (d) terminal would be faster [18:55] but yeah [18:55] it would, although that's all of a, b, and c but multiplied by five :P [18:55] I could put a version in the Open Store, but I'm in two minds about that. [18:56] well, at that point, you have to side-load an app anyway [18:56] 'zactly [18:56] so you might as well just put the .click on launchpad.net and say "sideload this thing that has more permissions" [18:57] minor benefit of the open store: it handles updates, which a random click on LP does not [18:57] obvious downside: not sure I want to encourage people to open up their lives to many less confined apps just to get wifitransfer to see the music folder :) [18:57] ah, i guess so [18:58] yeah, there is that [18:58] actually, the storage framework use cases has something that might help: [18:59] meh, why is it so hard to copy and paste from google docs [18:59] basically it has something for shuffling files around and granting trust relationships between apps [19:00] ooh, really? that sounds interesting. [19:00] and copying from one application to another [19:00] it came out of the sd card discussions from a couple months ago from the list [19:01] if there's information I can provide to the people having those discussions, I'm happy to do so :) [19:01] I don't think it is resourced yet (I could be wrong-- I'm not managing this), but I can say design looked at it [19:02] basically what I actually *want* is the ability to "unlock" the app, like you can with the file manager, and then it exposes $HOME instead of the private folder :) But that's a manual review thing for some point in the future. [19:04] on the device it is possible for the admin to adjust the security. it would be cool if that could be made easier if people wanted it (eg, provide a way to grant the app access to home via some tool [19:04] ) [19:04] absolutely [19:05] snappy actually has something like that for hardware access [19:05] but you still need to be admin on the cli [19:05] "Want WifiTransfer to show all your storage? Go to System Settings > App Access > WifiTransfer > File permissions and turn on 'all storage'" [19:05] that'd be great. I'd happily write a tool to do it but that tool would also need review etc ;) [19:06] it would and it would need to run privileged, so we need a service for that [19:06] at which point it's all hard work again [19:07] aquarius: missed the start of this conversation, but presumably you are having the same frsutrations I am having with my syncthing client: default write directory buried in a .dot directory. The .dot directory has to die [19:08] mcphail, it's not that it's a dot directory, per se (I personally would like it if XDG_DATA_HOME was ~/AppData, not ~/.local/share, but that's not relevant here), it's that apps are confined to *a* folder, and that's not gonna change. [19:08] mcphail, how will a syncthing client work, anyway? It can't run in the background. [19:08] aquarius: yes, it can. It doesn't spawn a GUI so doesn't get killed [19:09] mcphail, how do people get it on the phone? [19:09] aquarius: from the store [19:09] aquarius: it isn't user friendly but it still exposes the syncthing web interface [19:09] mcphail, really? you can put non-gui apps in the store and they work and they don't get killed? [19:09] aquarius: for the time being :) [19:09] that seems like a gargantuan loophole ;) [19:10] yes [19:10] aquarius: you can play music with screen off via openAL as well [19:10] heh. [19:10] aquarius: yes, at the moment. he's exploiting the fact that unity8 is what manages apps being paused or not, if they are in the background or not [19:11] mcphail, a click can ship multiple apps in it, so you could ship a gui app for controlling syncthing (rather than the web ui), which would get killed as normal but that doesn't matter. [19:11] actually... [19:11] jdstrand, ^^ sounds like quite a security hole [19:11] that allows anyone to do background processes, doesn't it? [19:11] :) [19:11] this seems unexcellent :) [19:12] aquarius: not sure about that one. I think you'd need a separate app for that, from my experiments [19:12] aquarius: I'm working on an IRC client which will run in the background, exposing a webn interface for the browser or a separate frontend app [19:12] aquarius: yes, you can fork a process right now [19:13] heheh [19:13] that's awesome [19:13] dobey, that'd stay in the same process group, though, wouldn't it? or does forking escape the unity8 app lifecycle? (obviously you're still confined, of course) [19:13] aquarius: well, until you break out of the pgroup :) [19:13] so, no I don't consider this a security hole. I consider this an application lifecycle bug [19:14] dobey, oh, I didn't know you could do that :) [19:14] aquarius: I've found if you fork a couple of things from a shell script, they all get killed if there is a GUI [19:14] aquarius: confinement sticks, so it's not a security hole i don't think; but yeah, an issue in the lifecycle management [19:14] * jdstrand nods [19:14] mcphail, ah, not quite what I meant: ship two disconnected apps in the same click package so they both install. You'd have to start them separately, of course [19:14] jdstrand, so the working example uses OpenAL to play back music when backgrounded ... are you sure i cant use OpenAL the same way for recording ? [19:15] mcphail, although as you can see this whole technique is on extremely thin ice ;-) [19:15] with working around all blockings ... [19:15] aquarius: how can you do that? Don't you only get one .desktop file? [19:15] if pulseaudio allowed it, then that would be a security bug in the pulse trust store implementation [19:15] mcphail, I think you can have multiple. I haven't tried this, only heard rumours, so I might be wrong! [19:15] mcphail: a click package can have any number of apps [19:15] ooh! [19:15] but I would hope it would fail closed [19:16] you can have multiple [19:16] hmm, is OpenAL going through pulse at all ? [19:16] jdstrand: so they all get access to the same write folder? [19:16] I'm curious how the non-gui app is abled to be started [19:16] mcphail, better, the "background" app can open a url with urldispatcher which would be received by the front-end app :) [19:16] mcphail: yes [19:16] jdstrand: you've no idea how happy that makes me :) [19:17] mcphail: the folders are based on pkgname, not appname/version so things can share [19:17] jdstrand: the .desktop file can Exec anything that can be run. it doesn't have to open a gui [19:17] jdstrand: non-GUI apps just show a constant splash screen [19:18] which, interestingly, is configurable in the desktop file, so you can make the splash screen look like whatever you wan t:) [19:18] now, there is a restriction on what the things are-- for example, a scope and an app in the the same click can't share for various reasons [19:18] mcphail: oh so you ship a desktop file, you click on it, then you swipe it to the side and start something else? [19:18] aquarius: I hope they don't kill this. It makes app building much more useful [19:18] jdstrand: yes [19:19] dobey: right, I hadn't put together that a desktop file was being used [19:19] mcphail, I think it's a neat way around the lifecycle rules. Voß is gonna have kittens, though ;) [19:19] mcphail, and you aren't allowed to run background processes for a reason, not just to be annoying :) [19:19] aquarius: I think everyone knows about this by now. I kepp getting told my app is going to be killed "soon" :) [19:20] ted: ^^ fix this bug [19:20] noooooo [19:21] aquarius: It doesn't seem to drain the battery much. Shame to prevent any background apps at all [19:21] ogra_: I'm going to ask tvoss what the trust-store will do in the face of a non-gui app to make sure it fails properly [19:22] mcphail, well, since this neat trick is gonna get killed, you'll have to have people sideload your app... at which point you can set a more pleasant confinement policy and it can write to whatever it likes... [19:22] or put it in the Open Store, for which ditto [19:22] aquarius: every cloud (sync) has a silver lining [19:22] with what is described, it sounds like the trust prompt would display over the splash and be fine [19:22] jdstrand, also what happens if a lib actually tries to circumvent pulse would be interesting ... i'm not sure at all that OpenAL actuall ytalks to pulse and not to some alsa layer [19:23] erm. if talking to pulse is optional and you're allowed to talk right to alsa then the "confinement" is nothing of the sort :) [19:23] yes [19:23] ogra_: I posted a test OpenAL app a while ago which didn't respond to volume control etc [19:23] mcphail, right, that would indicate it doesnt talk to pulse [19:23] ogra_: won't it fail in apparmor when it tries to open /dev/snd/blah [19:23] ? [19:23] it should [19:24] ogra_: we have explicit deny rules to prevent access to the stand audio devices that one would use with pulse [19:24] I may have the test app somewhere... [19:24] # Force the use of pulseaudio and silence any denials for ALSA [19:24] deny /usr/share/alsa/alsa.conf r, [19:24] deny /dev/snd/ r, [19:24] deny /dev/snd/* r, [19:25] jdstrand, even if it takes a detour via ... say talking to libasound ... [19:25] doesn't matter [19:25] k [19:25] phew [19:25] it is the process, not how it gets there [19:25] I still have the app if anyone wants to look. I had a bug report open but think it got closed [19:26] i guess the bg playback will be fixed as soon as we use process groups [19:26] I'm surprised we still aren't. I thought we were... [19:26] but yeah, I guess that is part of the 'fixed soon' stuff [19:26] well, see webapps :) [19:27] renderer still dies independently ... [19:27] still? [19:27] I thought that was resolved ages ago [19:27] maybe we just made the situation better... [19:27] that was some time ago :) [19:27] http://themcphails.uk/altest.njmcphail_0.1_armhf.click if anyone is interested [19:27] snappy has swapped all that out :P [19:29] mcphail: so the very bottom most layers support multiple apps. you see this with a click shipping a scope, an app, a push helper, etc [19:29] jdstrand: I knew snappy could do this but didn't realise you could do it with a .click. That is very useful [19:29] mcphail: I'm not 100% sure what the upper layers will do with two desktop files. I *think* it will work. it is certainly worth playing with [19:30] jdstrand: having confined apps sharing write space is a major win [19:31] yes, wanted to have that in place in the security policy. I think it'll all just work fine at the upper layers, just haven't personally tried it [19:31] jdstrand: presumably both apps would need to share an apparmor profile? Otherwise, that would be a security risk [19:33] (at the very beginning there was a limitation at the upper layers and only shipping one app in the hooks db-- however that was long ago expanded for scopes, push helpers, etc-- not allowing extra desktop apps in the hooks db would be artificially limiting imo, but I didn't write those bits) [19:34] mcphail: they don't share a profile. everything in the hooks database that specifies the apparmor hook gets an apparmor profile that is pkgname_appname_version [19:34] that corresponds to its APP_ID [19:34] if you have two .desktop files, both will show up in the click scope, but only one will match as "installed" with regards to the package itself [19:34] the ubuntu-sdk policy template doesn't consider appname and version though [19:34] oh, i don't know if the click hooks actually support multiple [19:35] eg, foo_bar_0.1 and foo_baz_0.1 will have different pofiles, but can both access ~/.local/share/foo/ [19:35] jdstrand: that is a security bug, then [19:35] how is shipping two things in the same package and allowing them to access the same directory, a security bug? [19:36] mcphail: how so? it is from the same developer [19:36] they use the same template [19:36] jdstrand: the model is not supposed to allow one app to have, say, full access to a content-hub source plus network access. This circumvents that [19:37] jdstrand: (or have I misunderstood?) [19:37] there are limitations on combinations, yes [19:37] but content-hub isn't one of them [19:38] content-hub requires the user to explicitly allow your app to access something [19:38] jdstrand: but 2 apps could pass data via the shared write directory, circumventing whatever restrictions on combinations are enforced [19:38] (right, content hub is always a user driven interaction) [19:38] mcphail: but it can only steal from itself [19:39] note, this is the same click [19:39] right [19:39] yes, you are right in saying that if the developer says that one has networking and one doesn't, the app could shuffle stuff back and forth [19:40] but networking is a common policy group [19:40] jdstrand: but networking is not allowed in combination with some groups, is it? [19:40] so the developer doesn't have to try to make it hard on herself-- she would just give networking :) [19:40] that'd also be a lot of work to upload something to the network [19:40] mcphail: that is where things get interesting [19:41] network is not allowed with what? [19:41] Hey everyone, need help deciding... [19:41] mcphail: there are no limitations on networking with the ubuntu-sdk template for common policy groups [19:41] I need to hear your thoughts on the E5. Does it make good pictures? I saw reviews on the 4.5 and photograph quality is bad. [19:41] so you can use all or none of the common policy groups with networking with the default (ubuntu-sdk) template [19:42] jdstrand: I thought I had read somewhere it wasn't allowed. Will have a quick google... [19:42] which is why it is ok for ubuntu-sdk template apps to share data [19:42]