[02:08] <sarnold> Bashing-om: I'm not sure he's in a graphics environment
[02:10] <Bashing-om> sarnold: I am only sure he is not all there :P running the Wayland protocol - maybe :D
[02:10] <sarnold> Bashing-om: hehehe
[02:10] <Bashing-om> daftykins: Be aware I have so much I could learn :D
[05:55] <lordievader> Good morning
[09:24] <tomreyn> !crosspost
[12:02] <BluesKaj> Hey folks
[12:53] <pragmaticenigma> !bodhi
[14:01] <EoflaOE> Hello BluesKaj
[14:01] <lotuspsychje> hey EoflaOE
[14:01] <EoflaOE> Hello lotuspsychje. How are you?
[14:01] <lotuspsychje> all good here
[14:01] <BluesKaj> hi EoflaOE
[14:02] <EoflaOE> All fine too, lotuspsychje
[14:02] <EoflaOE> BluesKaj, How are you
[14:02] <BluesKaj> fine here too EoflaOE
[14:03] <EoflaOE> Yes. All is fine.
[14:04] <EoflaOE> Have you seen the new changes about design and GNOME that Ubuntu made?
[14:04] <lotuspsychje> url EoflaOE ?
[14:05] <EoflaOE> lotuspsychje: I will get links. In my blog.
[14:06] <EoflaOE> https://eofla.wordpress.com/2019/08/28/ubuntu-19-10-eoan-ermine-gets-new-beta-version-of-gnome-with-bug-fixes/
[14:07] <EoflaOE> https://eofla.wordpress.com/2019/08/26/ubuntu-19-10-eoan-ermine-is-updated-with-the-new-yaru-design-changes/
[14:18] <EoflaOE> How is it lotuspsychje?
[14:18] <lotuspsychje> looking nice EoflaOE
[14:19] <EoflaOE> Thanks lotuspychje
[14:21] <lordcirth_> EoflaOE, the purple lines are on top of the text for me
[14:21] <lordcirth_> Or at least, they make it quite hard to read
[14:22] <EoflaOE> lordcirth_: I will fix it soon.
[14:23] <lordcirth_> EoflaOE, ok. Also, "some users might not appeal it" is incorrect
[14:23] <lordcirth_> "might not find it appealing", perhaps?
[14:23] <EoflaOE> lordcirth_: Sounds better.
[14:25] <EoflaOE> lordcirth_: Fixed it. The incorrect "might not appeal it"
[15:00] <lordcirth_> cool
[15:04] <EoflaOE> Thanks lordcirth_, and hello marcoagpinto
[15:04] <marcoagpinto> hello EoflaOE!
[15:04] <marcoagpinto> :)
[15:05] <marcoagpinto> I had a date this morning and I updated the GB speller before heading for it
[15:05] <EoflaOE> Nice, so how are you? And how is the date?
[15:06] <marcoagpinto> well, my girlfriend arrived 30 minutes late but it's okay
[15:06] <marcoagpinto> :)
[15:06] <marcoagpinto> any news?
[15:06] <EoflaOE> marcoagpinto: There has been recent design changes about Ubuntu, and I am finishing KS 0.0.7.
[15:06] <marcoagpinto> EoflaOE: what? For 19.10?
[15:06] <marcoagpinto> :)
[15:07] <marcoagpinto> are there any screenshots?
[15:07] <EoflaOE> marcoagpinto: I had screenshots in my blog.
[15:07] <marcoagpinto> :)
[15:07] <marcoagpinto> I forgot the link
[15:08] <EoflaOE> marcoagpinto: The first two blog posts should explain. It's https://eofla.wordpress.com
[15:08] <marcoagpinto> let me check
[15:12] <marcoagpinto> EoflaOE: It looks good. I am glad it went back to the old trash-bin image on the desktop :)
[15:13] <marcoagpinto> and why does the "key" image on authentication keeps changing in every version?
[15:13] <EoflaOE> ? In my screenshots I have modified the icons in Tweaks, marcoagpinto. Unsure of why would they change the key icon
[15:14] <marcoagpinto> well, in the last few years the key image has changed
[15:14] <marcoagpinto> but always ugly
[15:14] <marcoagpinto> :)
[15:14] <marcoagpinto> sorry for telling my opinion
[15:15] <marcoagpinto> https://eofla.files.wordpress.com/2019/08/ubuntu1910_alpha_newlook9.png
[15:15] <EoflaOE> marcoagpinto: OK. By the way, in my screenshots, I have changed the icon theme to the old one.
[15:15] <marcoagpinto> at least in 19.10 it will look nicer
[15:15] <marcoagpinto> ohhhhhhhh
[15:16] <EoflaOE> Yes, and have you seen the newest GDM style?
[15:16] <marcoagpinto> I don't know what a GMD is?
[15:16] <marcoagpinto> :)
[15:17] <EoflaOE> GMD? No, it's GDM3.
[15:17] <marcoagpinto> :)
[15:17] <marcoagpinto> I still don't know what it is
[15:17] <marcoagpinto> :p
[15:18] <marcoagpinto> is it "Gnu something"?
[15:18] <EoflaOE> GDM3 is the GNOME display manager. It's a login screen. Ubuntu used it by default since the transition to GNOME 3.
[15:18] <marcoagpinto> ahhhhhhhh
[15:18] <marcoagpinto> :)
[15:19] <marcoagpinto> basically I only use Ubuntu to compile my dictionary tool :)
[15:19] <marcoagpinto> I don't have deep knowledge of it
[15:20] <EoflaOE> OK.
[15:21] <marcoagpinto> talking about it, I was very stressed and copied to the shared folder the Windows version of PureBasic instead of the Linux version...
[15:21] <marcoagpinto> when I ran Ubuntu to try it, it was an .exe file in the shared forlder
[15:21] <marcoagpinto> folder*
[15:21] <marcoagpinto> :(((((((((((
[15:21] <marcoagpinto> I have been so stressed
[15:22] <marcoagpinto> a new version of PureBasic was released last week
[15:22] <marcoagpinto> or was it two weeks ago? I can't really remember right now
[15:22] <EoflaOE> Nice. Can you copy the Linux version?
[15:23] <marcoagpinto> EoflaOE: copy? It is in my PureBasic account for Windows, Linux and Mac
[15:23] <marcoagpinto> :)
[15:24] <marcoagpinto> so, I copied to a pen drive, turned on the other machine, installed the Windows version and copied the Linux version to the shared folder
[15:24] <marcoagpinto> then, ran VirtualBox and when I tried to access the file, it was an .exe :(
[15:24] <marcoagpinto> (Windows)
[15:25] <EoflaOE> How did you install the Windows version?
[15:26] <marcoagpinto> EoflaOE: with a double-click in the .exe file
[15:26] <marcoagpinto> :)
[15:26] <marcoagpinto> I copied both 32- and 64-bit to the desktop and clicked on them
[15:26] <marcoagpinto> :)
[15:27] <marcoagpinto> but I was so stressed that I didn't notice the pen drive had the "windows" folder open instead of "linux"
[15:27] <marcoagpinto> :)
[15:27] <marcoagpinto> so, I copied the wrong file to the shared folder :)
[15:28] <EoflaOE> Try again but copy the correct file to the shared folder. Double check the Windows and Linux versions to ensure that you are copying the correct version.
[15:28] <marcoagpinto> I know :)
[15:29] <marcoagpinto> the Linux is a gzip
[15:29] <marcoagpinto> :)
[15:29] <marcoagpinto> I was stressed and didn't notice the file extension
[15:29] <marcoagpinto> :)
[15:30] <marcoagpinto> I mean: "tgz"
[15:30] <marcoagpinto> :)
[15:30] <marcoagpinto> I was just checking
[15:30] <EoflaOE> OK. Is it copying?
[15:30] <marcoagpinto> I have the 14'' laptop turned off
[15:30] <marcoagpinto> :)
[15:31] <marcoagpinto> so, right now it is not doing anything
[15:31] <marcoagpinto> :p
[15:31] <marcoagpinto> I will try it tomorrow or so
[15:31] <marcoagpinto> I only wanted to test the latest PureBasic to see if they fixed two Linux bugs:
[15:31] <marcoagpinto> 1) using "&" in pop-up menus get a "_"
[15:32] <marcoagpinto> 2) the emoji text are always displayed in black
[15:32] <EoflaOE> OK.
[15:33] <marcoagpinto> the damn emoji colour used to work in Ubuntu 16.04
[15:33] <marcoagpinto> now the emoji are always black
[15:34] <EoflaOE> And you can't change the color?
[15:34] <marcoagpinto> SetGadgetColour(#TEXT,#Red)
[15:34] <marcoagpinto> it changes the text colour but not the emojis that are in the text
[15:35] <marcoagpinto> the emojis are displayed in black
[15:36] <EoflaOE> OK. If you can, test the latest version, and if the problem is not fixed, tell me.
[15:41] <marcoagpinto> EoflaOE: thanks
[15:41] <marcoagpinto> :)
[15:41] <EoflaOE> marcoagpinto: You are welcome
[15:41] <marcoagpinto> I am not sure if it is a GTK3 issue since I used GTK2 in the past
[15:41] <marcoagpinto> :)
[15:44] <EoflaOE> OK
[15:44] <marcoagpinto> EoflaOE: https://www.purebasic.fr/english/viewtopic.php?f=23&t=72512
[15:44] <marcoagpinto> here is my bug report
[15:44] <marcoagpinto> :)
[15:46] <EoflaOE> I saw it.
[16:10] <marcoagpinto> bbl
[16:10] <marcoagpinto> :)
[20:48] <OerHeks> yay, https://cloudblogs.microsoft.com/opensource/2019/08/28/exfat-linux-kernel/
[20:49] <OerHeks> now ext3/4 standard in ms windows ,,,
[21:00] <tomreyn> https://docs.microsoft.com/en-us/windows/win32/fileio/exfat-specification#11-documentation-change-history 2010 -> 2019
[21:03] <tomreyn> so that's CC-BY-SA 4.0 Intl. apparently. now "just" someone needs to write the code and submit patches to linux.
[21:03] <tomreyn> + maintain it.
[21:06] <tomreyn> or maybe we can now use samsungs'
[21:10] <OerHeks> If i could code, i would.
[21:13] <leftyfb> OerHeks: your 2nd comment above was meant to be "now we just need ext3/4 standard in ms windows" right? Because that's not what the article says
[21:25] <tomreyn> hmm it doesn't even support hard or symbolic links, no block journalling. no FS encryption, no data checksumming
[21:28] <tomreyn> also no offline or online resizing, no sparse files
[21:31] <OerHeks> leftyfb, yes, that would make it coplete
[21:31] <OerHeks> c/complete
[21:34] <tomreyn> basically, exfat seems to lack any form of journalling (other than through the texfat extension, which is hardware specific, and was apparently only used in windows CE)
[21:36] <tomreyn> so unless they drive the spec and code further i don't see how it helps much other than maybe for a scary data exchange platform with linux.
[21:36] <OerHeks> azure, kubernetes, lots in my mind for this
[21:40] <tomreyn> in its current state it's useless for that.
[22:54] <tomreyn> OerHeks: i guess it'd indeed be good to have ubuntu declare the signing key fingerprints for the default apt sources in sources.list.
[22:54] <OerHeks> for each one a key?
[22:56] <tomreyn> i.e.   deb [signed-by=F6ECB3762474EDA9D21B7022871920D1991BC93C] http://archive.ubuntu.com/ubuntu bionic main restricted
[22:57] <tomreyn> this would prevent any mirror servers from injecting packages
[22:58] <tomreyn> (which could be signed by keys your system also happens to trust)
[22:58] <sarnold> but they have complete root on your system
[22:59] <sarnold> with whatever package they *do* have
[23:00] <tomreyn> sarnold: you mean a diffierent package you already have installed?
[23:00] <OerHeks> hoi KOLANICH
[23:01] <KOLANICH> >the problem the script solves is the following. Let's assumme there are several repos added into sources.lists and several keys. Let's assume that some repos are accessed via an insecure channel and/or hosted on a rogue hosting (but signing InRelease is beyond adversary access because he doesn't know private key). Let's assume that adversary has managed to get access to private key of some other repo installed into system. If all the repâ
[23:01] <OerHeks> i was looking at debsums too
[23:01] <sarnold> tomreyn: yeah; eg you install a repo for google to let you install hangouts.. the hangouts pre/post inst/rm scripts have full root. they can do anything. whoever controls that private key has complete control over your computer. you have to trust them. completely.
[23:01] <KOLANICH> >…os are not bound to public keys he can combine compromised key with compromised connection and get RCE. If they are bound, he cannot.
[23:01] <KOLANICH> >So I wonder why doesn't Ubuntu bind keys to sources by default. It is a trivial to do, I don't see any good reason not to do that.
[23:02] <tomreyn> sarnold: yes, that's a systemic problem. and not one we can easily solve, i think.
[23:02] <sarnold> tomreyn: definitely. :) I've thuoght for many years that it'd be nice to have something like apparmor confined apt/dpkg/rpm/zypper etc but .. it's just not the way those tools are written.
[23:03] <sarnold> tomreyn: snap is close, it was designed with this problem in mind, so it doesn't have full unconfined root pre/post inst/rm scripts. (or at least it didn't, I hope it hasn't gained them since the last time I looked)
[23:05] <tomreyn> i couldn't tell about snaps, i only know there is a concept of different 'trust' levels there, defaulting to confed, but unconfined is possible if allowed by snap shop operaters.
[23:05] <tomreyn> s/confed/confined/
[23:06] <tomreyn> snaps and other similar concepts may be a solution to *this* problem (while introducing others) for 3rd party software repositories.
[23:08] <tomreyn> KOLANICH: discussion here before you joined the channel https://paste.ubuntu.com/p/Mv84RfGPs2/
[23:08] <sarnold> yes, unconfined snaps are available; I don't know much about the criteria we use when deciding to allow/forbid those
[23:08] <OerHeks> unconfined, for offline install?
[23:08] <KOLANICH> the problem of all self-sufficient packages is overhead. I feel like we need something better, like fine-grained permissions to overwrite certain files. And we definitely should get rid of bash in apt packages and replace them with a declarative manifest.
[23:09] <KOLANICH> tomreyn: thank you
[23:10] <tomreyn> https://snapcraft.io/docs/snap-confinement https://snapcraft.io/blog/demystifying-snap-confinement
[23:11] <tomreyn> KOLANICH: if you're happy to help debian design apt v2, by all means, please do!
[23:11] <KOLANICH> BTW, Debian manual says to prefer key files over fingerprint. Probably as a mitigation against insecure hash functions.
[23:15] <tomreyn> sarnold: indeed, documenting criteria for such pretty relevant decision making processes are not the snap ecosystems' strong part.
[23:16] <tomreyn> this specific part is described here, though: https://forum.snapcraft.io/t/process-for-reviewing-classic-confinement-snaps/1460