Re: [arch-general] Package signing for the umpteenth time (was Re: unrealircd 3.2.8.1-2 contains backdoor)
On 17 June 2010 01:34, Allan McRae al...@archlinux.org wrote: On 17/06/10 00:48, Guillaume ALAUX wrote: Are the python scripts in the pacbuild package (apple, strawberry, queuepackage, waka and uploadpackage) used any more as described in this pagehttp://wiki.archlinux.org/index.php/Pacbuild ? Because some of these scripts point to the old current repository we used years ago. And if I understand it right, they don't really fit with what you just said. I have no idea if they were ever actually used... I have been around for a while now, and I never heard of them. I guess the current way of building packages involves the devtools package right? yes. mkarchroot and makechrootpkg. Allan OK Thanks I am going to give devtools a try.
Re: [arch-general] [arch-dev-public] Out-of-date packages in [extra]/[community]
2010/6/17 Angel Velásquez an...@archlinux.com.ve - biopython - pylint - python-cheetah - python-formencode - python-sqlobject (needed by pacbuild, but does pacbuild still work?!) - python-gdata (needed by pytube in [community]) - python-vpython Let me have the python ones (mainly for pylint python-cheetah python-sqlobject python-vpython) or let's wait to see what's happens with the jr dev positions as Eric said. -- Angel Velásquez angvp @ irc.freenode.net Arch Linux Trusted User Linux Counter: #359909 http://www.angvp.com - python-sqlobject (needed by pacbuild, but does pacbuild still work?!) Just to answer your question Andrea: the pacbuild scripts need some fixing in order to work. For instance they still refer to the old current which makes me think they are outdatted. As stated by Allan today in the discussion about package signing : I have no idea if they were ever actually used... I have been around for a while now, and I never heard of them.
Re: [arch-general] [arch-dev-public] dropping flashplugin x86_64
On Wed, Jun 16, 2010 at 19:16, Caleb Cushing xenoterrac...@gmail.com wrote: as of right now I don't think video is ready. however I'm all for many of the other improvements coming in html5 and I wish people would focus on rolling those out. [...] I tried html5 again on youtube, my video took several minutes to load compared to flash which works nearly instantly.Given since I'm on chromium 5 I don't think it was a webm video... so that may matter... but if this is what html5 is going to be like... not sure I want it. Personally, if it wasn't for HTML5 I wouldn't be able to use YouTube. My laptop is ancient and decrepit, and cannot handle Flash on Linux, but the video element works just fine, and loads as fast as I'm used to Flash video loading. Maybe there's a bit of a slowdown versus Flash if you have a cutting-edge system, but not everyone is in that situation. ~celti
Re: [arch-general] [arch-dev-public] dropping flashplugin x86_64
Excerpts from Caleb Cushing's message of 2010-06-17 04:16:04 +0200: On Wed, Jun 16, 2010 at 7:18 PM, Ray Rashif schivmeis...@gmail.com wrote: I simply couldn't get the same elements with the same ease in time, and thus failed to offer a presentation. They decided to stick with Flash, but I kept the multimedia tools within the open-source domain for post-production (simply because they couldn't care less and just needed the end-result). Well, the project is on hold for now so I'll see what kind of progress WebM/HTML5 has made up to this point. yeah that sounds about right. as of right now I don't think video is ready. however I'm all for many of the other improvements coming in html5 and I wish people would focus on rolling those out. Why is the tag not ready? Again, I don't care if something is open source if it doesn't work at the same level. You can claim security all you want... but plenty of bugs security and not to be had in all software. I tried html5 again on youtube, my video took several minutes to load compared to flash which works nearly instantly.Given since I'm on chromium 5 I don't think it was a webm video... so that may matter... but if this is what html5 is going to be like... not sure I want it. as far as mplayer-plugin settings... if I have to spend time configuring it to make it work decently then it's too much work, I don't have to do that with flash. In any sense I think flash works well when you use it in the right scenario's, html5 etc work well when used in their right scenarios. Don't use flash for a slideshow. Don't try to use js/canvas for a game it's just not their yet. WebM isn't ready to replace flash for video though it may be some day. Flash or some players seem to still be buggy. I recently booted a live CD to watch a long video, and at some point, out of the blue, it was simply impossible to seek forward or backward. The Volume controls did nothing at all. Hurray for flash video? Have you tried that asteroids game linked in an earlier post in this thread? IMHO it works surprisingly well. If you want to blame the problems of the internet somewhere blame them on IE... and maybe soon firefox, who's standards adoption is slowing down to where IE is catching up. What we need is standards support, and maybe some additions to the standards. I'd love to use all the http methods when sending forms, I'd love to be able to use ESI's in browsers too (Imagine if you could cache more of a page). I'd love for js not to be obnoxiously abused like flash is (if your site doesn't work without js it better have a good reason, I hate enabling js to read a blog or coment on it). flash will die when it's no longer needed or no longer provides advantages. That time hasn't come yet. I agree that js shouldn't be used when it's not necessary, and there are plenty of problems with js, but the same is true for flash. I rather have js than flash problems. These work reasonably well for me with FF: http://videos.videoonwikipedia.org/ It's not perfect yet, nor are the browsers or codecs, but I don't think it's worse than flash. -- Regards, Philipp -- Wir stehen selbst enttäuscht und sehn betroffen / Den Vorhang zu und alle Fragen offen. Bertolt Brecht, Der gute Mensch von Sezuan
Re: [arch-general] Package fwbuilder flagged out-of-date
On 16 June 2010 22:49, Ionuț Bîru biru.io...@gmail.com wrote: On 06/16/2010 11:47 PM, Gaurish Sharma wrote: Hi, The fwbuilder package which is very usefull for writing firewall rules is flagged out of date since weeks. there is a major 4 which has lots of new features[1] Any reason its not being updated to latest version? maybe the maintainer is busy and he didn't had time to update it. what about helping him and send the up to date PKGBUILDs to him? -- Ionuț Hi, Here are new versions for fwbuilder and libfwbuilder. They build and launch in my i686. Not tested in x64. I haven't used them so can't say if they do what they are supposed to (ie need further testing). Added maintainer in this thread. -- Guillaume PKGBUILD.fwbuilder Description: Binary data PKGBUILD.libfwbuilder Description: Binary data
Re: [arch-general] [arch-dev-public] dropping flashplugin x86_64
On Thu, Jun 17, 2010 at 3:53 AM, Patrick Burroughs celticmad...@gmail.com wrote: Maybe there's a bit of a slowdown versus Flash if you have a cutting-edge system, but not everyone is in that situation. yeah having a quad core with 6G of ram takes care of just about any system performance issues (except nepomuk and related tools which I've had to disable due to a massive memory leak that can eat all ram in a day). I suspect it's that the caching and downloading works better. I only get 180k down so it's easy for my entire network to flood. It doesn't help that I can't see the cache for a html5 video on youtube so it could all be perception... or just the fact that I tend to watch 1-2 hour video's on youtube and not the average 1-10 minutes. -- Caleb Cushing http://xenoterracide.blogspot.com
Re: [arch-general] [arch-dev-public] dropping flashplugin x86_64
On Thu, Jun 17, 2010 at 5:15 AM, Caleb Cushing xenoterrac...@gmail.com wrote: yeah having a quad core with 6G of ram takes care of just about any system performance issues however I was using flash 10 on a much less beefy system not so long ago... and didn't notice issues... so I'd be curious to know how low of a system spec do you have to go to have an issue. (it was a 1.8ghz athlon-xp that was my previous system) -- Caleb Cushing http://xenoterracide.blogspot.com
[arch-general] Knotify4 segmentation fault
Hi all, I am using kde 4.4.4. whenever i get any notifications knotify4 throws up error stating seg fault. this is very annoying cause sometime while chatting if chat window is unfocused, if someone replies, i get notification and immediately knotify throws error. Application: KNotify (knotify4), signal: Segmentation fault [KCrash Handler] #5 0x7f2fed7912f0 in snd_pcm_extplug_close () from /usr/lib/libasound.so.2 #6 0x7f2fed750d65 in snd_pcm_close () from /usr/lib/libasound.so.2 #7 0x7f2fed76f135 in snd_pcm_plug_close () from /usr/lib/libasound.so.2 #8 0x7f2fed750d65 in snd_pcm_close () from /usr/lib/libasound.so.2 #9 0x7f2febbd0f98 in gst_alsasink_close () from /usr/lib/gstreamer-0.10/libgstalsa.so #10 0x7f2fec30eb86 in gst_audioringbuffer_close_device () from /usr/lib/libgstaudio-0.10.so.0 #11 0x7f2fec2ff143 in gst_ring_buffer_close_device () from /usr/lib/libgstaudio-0.10.so.0 #12 0x7f2fec30a396 in gst_base_audio_sink_change_state () from /usr/lib/libgstaudio-0.10.so.0 #13 0x7f2fecbb28fc in gst_element_change_state () from /usr/lib/libgstreamer-0.10.so.0 #14 0x7f2fecbb32e2 in gst_element_set_state_func () from /usr/lib/libgstreamer-0.10.so.0 #15 0x7f2fed2efa2a in Phonon::Gstreamer::AudioOutput::setOutputDevice(Phonon::ObjectDescription(Phonon::ObjectDescriptionType)0 const) () from /usr/lib/kde4/plugins/phonon_backend/phonon_gstreamer.so #16 0x7f2ff7c2185c in Phonon::AudioOutputPrivate::setupBackendObject() () from /usr/lib/libphonon.so.4 #17 0x7f2ff7c21e63 in Phonon::AudioOutputPrivate::createBackendObject() () from /usr/lib/libphonon.so.4 #18 0x7f2ff7c1f0cc in Phonon::AudioOutputPrivate::init(Phonon::Category) () from /usr/lib/libphonon.so.4 #19 0x0040c871 in _start ()
Re: [arch-general] Knotify4 segmentation fault
What are the contents of /etc/asound.conf and ~/.asoundrc? On Thu, Jun 17, 2010 at 11:20 AM, Madhurya Kakati mkakati2...@gmail.com wrote: Hi all, I am using kde 4.4.4. whenever i get any notifications knotify4 throws up error stating seg fault. this is very annoying cause sometime while chatting if chat window is unfocused, if someone replies, i get notification and immediately knotify throws error. Application: KNotify (knotify4), signal: Segmentation fault [KCrash Handler] #5 0x7f2fed7912f0 in snd_pcm_extplug_close () from /usr/lib/libasound.so.2 #6 0x7f2fed750d65 in snd_pcm_close () from /usr/lib/libasound.so.2 #7 0x7f2fed76f135 in snd_pcm_plug_close () from /usr/lib/libasound.so.2 #8 0x7f2fed750d65 in snd_pcm_close () from /usr/lib/libasound.so.2 #9 0x7f2febbd0f98 in gst_alsasink_close () from /usr/lib/gstreamer-0.10/libgstalsa.so #10 0x7f2fec30eb86 in gst_audioringbuffer_close_device () from /usr/lib/libgstaudio-0.10.so.0 #11 0x7f2fec2ff143 in gst_ring_buffer_close_device () from /usr/lib/libgstaudio-0.10.so.0 #12 0x7f2fec30a396 in gst_base_audio_sink_change_state () from /usr/lib/libgstaudio-0.10.so.0 #13 0x7f2fecbb28fc in gst_element_change_state () from /usr/lib/libgstreamer-0.10.so.0 #14 0x7f2fecbb32e2 in gst_element_set_state_func () from /usr/lib/libgstreamer-0.10.so.0 #15 0x7f2fed2efa2a in Phonon::Gstreamer::AudioOutput::setOutputDevice(Phonon::ObjectDescription(Phonon::ObjectDescriptionType)0 const) () from /usr/lib/kde4/plugins/phonon_backend/phonon_gstreamer.so #16 0x7f2ff7c2185c in Phonon::AudioOutputPrivate::setupBackendObject() () from /usr/lib/libphonon.so.4 #17 0x7f2ff7c21e63 in Phonon::AudioOutputPrivate::createBackendObject() () from /usr/lib/libphonon.so.4 #18 0x7f2ff7c1f0cc in Phonon::AudioOutputPrivate::init(Phonon::Category) () from /usr/lib/libphonon.so.4 #19 0x0040c871 in _start ()
Re: [arch-general] [arch-dev-public] dropping flashplugin x86_64
On Thu, Jun 17, 2010 at 3:59 AM, Philipp Überbacher hollun...@lavabit.com wrote: Flash or some players seem to still be buggy. I recently booted a live CD to watch a long video, and at some point, out of the blue, it was simply impossible to seek forward or backward. The Volume controls did nothing at all. Hurray for flash video? that's you're example? I've had livecd's become useless run environments due to IO problems... tell me your test was at least a livecd environment loaded completely into ram. Have you tried that asteroids game linked in an earlier post in this thread? IMHO it works surprisingly well. no. don't do games much anymore. I personally don't care about them. I have seen several decent js examples of games and canvas and whatever. But I do believe in this stuff needing to be supported across all major vendors before it's ready. It's not supported yet. I hate IE, and I might leave 'features out' of my IE support but I think that even IE users should be able to access my content. The reason I believe this is I know how many site's screwed us for years (and still are). I don't want to be screwed and I'm not screwing anyone else. -- Caleb Cushing http://xenoterracide.blogspot.com
Re: [arch-general] Knotify4 segmentation fault
On Thu, Jun 17, 2010 at 2:53 PM, Jan Steffens jan.steff...@gmail.com wrote:
What are the contents of /etc/asound.conf and ~/.asoundrc?
On Thu, Jun 17, 2010 at 11:20 AM, Madhurya Kakati mkakati2...@gmail.com
wrote:
Hi all,
I am using kde 4.4.4. whenever i get any notifications knotify4 throws
up error stating seg fault. this is very annoying cause sometime while
chatting if chat window is unfocused, if someone replies, i get
notification and immediately knotify throws error.
Application: KNotify (knotify4), signal: Segmentation fault
[KCrash Handler]
#5 0x7f2fed7912f0 in snd_pcm_extplug_close () from
/usr/lib/libasound.so.2
#6 0x7f2fed750d65 in snd_pcm_close () from /usr/lib/libasound.so.2
#7 0x7f2fed76f135 in snd_pcm_plug_close () from /usr/lib/libasound.so.2
#8 0x7f2fed750d65 in snd_pcm_close () from /usr/lib/libasound.so.2
#9 0x7f2febbd0f98 in gst_alsasink_close () from
/usr/lib/gstreamer-0.10/libgstalsa.so
#10 0x7f2fec30eb86 in gst_audioringbuffer_close_device () from
/usr/lib/libgstaudio-0.10.so.0
#11 0x7f2fec2ff143 in gst_ring_buffer_close_device () from
/usr/lib/libgstaudio-0.10.so.0
#12 0x7f2fec30a396 in gst_base_audio_sink_change_state () from
/usr/lib/libgstaudio-0.10.so.0
#13 0x7f2fecbb28fc in gst_element_change_state () from
/usr/lib/libgstreamer-0.10.so.0
#14 0x7f2fecbb32e2 in gst_element_set_state_func () from
/usr/lib/libgstreamer-0.10.so.0
#15 0x7f2fed2efa2a in
Phonon::Gstreamer::AudioOutput::setOutputDevice(Phonon::ObjectDescription(Phonon::ObjectDescriptionType)0
const) ()
from /usr/lib/kde4/plugins/phonon_backend/phonon_gstreamer.so
#16 0x7f2ff7c2185c in
Phonon::AudioOutputPrivate::setupBackendObject() () from
/usr/lib/libphonon.so.4
#17 0x7f2ff7c21e63 in
Phonon::AudioOutputPrivate::createBackendObject() () from
/usr/lib/libphonon.so.4
#18 0x7f2ff7c1f0cc in
Phonon::AudioOutputPrivate::init(Phonon::Category) () from
/usr/lib/libphonon.so.4
#19 0x0040c871 in _start ()
cat shows this error cat: /etc/asound.conf: No such file or directory.
The output of cat ~/.asoundrc is
ctl.equal {
type equal;
}
pcm.plugequal {
type equal;
# Modify the line below if you don't
# want to use sound card 0.
#slave.pcm plughw:0,0;
#by default we want to play from more sources at time:
slave.pcm plug:dmix;
}
#pcm.equal {
# Or if you want the equalizer to be your
# default soundcard uncomment the following
# line and comment the above line.
pcm.!default {
type plug;
slave.pcm plugequal;
}
Re: [arch-general] [arch-dev-public] dropping flashplugin x86_64
On Thu, Jun 17, 2010 at 02:17, Caleb Cushing xenoterrac...@gmail.com wrote: On Thu, Jun 17, 2010 at 5:15 AM, Caleb Cushing xenoterrac...@gmail.com wrote: yeah having a quad core with 6G of ram takes care of just about any system performance issues however I was using flash 10 on a much less beefy system not so long ago... and didn't notice issues... so I'd be curious to know how low of a system spec do you have to go to have an issue. (it was a 1.8ghz athlon-xp that was my previous system) I will admit, it's pretty low. My previous system was a 2GHz Athlon XP, and while Flash wasn't instant on there, and occasionally lagged, it worked. That died, and I haven't the means to replace it, so I've been using an old Dell Latitude C610 (1.2GHz P3, 256MB RAM); Flash just utterly fails on here. Well, that's not quite true; if I download a lighter game, and run it in the standalone Flash player as the only X client, it works, but that's not exactly feasible for everything. ~celti
Re: [arch-general] [arch-dev-public] dropping flashplugin x86_64
On Thu, 2010-06-17 at 00:53 -0700, Patrick Burroughs wrote: Personally, if it wasn't for HTML5 I wouldn't be able to use YouTube. My laptop is ancient and decrepit, and cannot handle Flash on Linux, but the video element works just fine, and loads as fast as I'm used to Flash video loading. Maybe there's a bit of a slowdown versus Flash if you have a cutting-edge system, but not everyone is in that situation. I don't care much about performance, but what is irritating is that whenever some website loads anything flash-related, my CPU gets speedstepped to max frequency and my laptop fan prepares my laptop for a takeoff. When you're on battery, this can mean you'll lose half of battery runtime, just by having a browser window open that includes a flash banner. This isn't only a problem on x86_64, but on every non-windows platform. Maybe it extends to windows also, but I haven't tested that in years. Besides the performance problem, flash also makes browsers unstable. I'm very happy with the out-of-process plugins in Firefox 3.6.4 prereleases, it's just too bad that I don't use firefox for daily browsing.
Re: [arch-general] [arch-dev-public] dropping flashplugin x86_64
On Thu, Jun 17, 2010 at 5:41 AM, Patrick Burroughs celticmad...@gmail.com wrote: I will admit, it's pretty low. My previous system was a 2GHz Athlon XP, and while Flash wasn't instant on there, and occasionally lagged, it worked. That died, and I haven't the means to replace it, so I've been using an old Dell Latitude C610 (1.2GHz P3, 256MB RAM); Flash just utterly fails on here. right... so that's ~10 years old... I'm guessing given a P3 which were ending there cycle about 2000 with 1.2 GHz being the the upper performance range... for comparison I'm using 1.2G of ram right now without flash running... all of that between chromium and ktorrent. I couldn't run most of what I do now on linux with that system... so yes there are apps (like fluxbox) that would let me run that light. But for the most part it's just not true anymore. -- Caleb Cushing http://xenoterracide.blogspot.com
Re: [arch-general] mplayer 31428-1 broken without libvpx.so.0
You're right, it was AUR version that I maintained, the first release of libvpx provided only the static lib, and unfortunately, it seems that the libvpx package in extra don't replace the AUR package that is now deleted. 2010/6/17 PT M. pen...@gmail.com ok i got it, i somehow have libvpx 0.9.0-4 installed (cant remember form where, maybe aur?), with no libvpx.so.0 provided. i reinstall libvpx from extra and everything's fine On Thu, Jun 17, 2010 at 10:51 AM, Ng Oon-Ee ngoo...@gmail.com wrote: On Thu, Jun 17, 2010 at 10:39 AM, PT M. pen...@gmail.com wrote: after recent update, mplayer failed to load with such error: $ mplayer mplayer: error while loading shared libraries: libvpx.so.0: cannot open shared object file: No such file or directory this so i think is supposed by libvpx, but: $ pacman -Ql libvpx|grep /usr/lib libvpx /usr/lib/ libvpx /usr/lib/libvpx.a only a static lib is supplied. libvpx is about the VP8 Codec which is newly added to ffmpeg and mplayer, but this does this need some fix. Not that I can provide any help, but this is just a generic works here. [ngoo...@ngoonee-laptop ~]$ pacman -Qi libvpx | grep Version Version: 0.9.0-1 [ngoo...@ngoonee-laptop ~]$ pacman -Ql libvpx | grep /usr/lib libvpx /usr/lib/ libvpx /usr/lib/libvpx.a libvpx /usr/lib/libvpx.so libvpx /usr/lib/libvpx.so.0 libvpx /usr/lib/libvpx.so.0.9 libvpx /usr/lib/libvpx.so.0.9.0 -- Arch Linuxer, Pythoner, Geek -- Blog: http://apt-blog.net
Re: [arch-general] [arch-dev-public] dropping flashplugin x86_64
Excerpts from Caleb Cushing's message of 2010-06-17 11:28:48 +0200: On Thu, Jun 17, 2010 at 3:59 AM, Philipp Überbacher hollun...@lavabit.com wrote: Flash or some players seem to still be buggy. I recently booted a live CD to watch a long video, and at some point, out of the blue, it was simply impossible to seek forward or backward. The Volume controls did nothing at all. Hurray for flash video? that's you're example? I've had livecd's become useless run environments due to IO problems... tell me your test was at least a livecd environment loaded completely into ram. I have no idea, it was simply the latest ubuntu live CD, i386 I believe. I never claimed that it was scientific, just recent experience. I used a live CD for this because I didn't want to install flash, but now I couldn't install it if I wanted to (practically I could, but it would be insane). The whole thing is a great example why we should avoid proprietary technologies. First we're used as a testbed, then dropped. It shows how much you're at the companies mercy. That alone is reason enough for me to not use stuff like flash or skype. Have you tried that asteroids game linked in an earlier post in this thread? IMHO it works surprisingly well. no. don't do games much anymore. I personally don't care about them. I have seen several decent js examples of games and canvas and whatever. But I do believe in this stuff needing to be supported across all major vendors before it's ready. It's not supported yet. I hate IE, and I might leave 'features out' of my IE support but I think that even IE users should be able to access my content. The reason I believe this is I know how many site's screwed us for years (and still are). I don't want to be screwed and I'm not screwing anyone else. It wasn't about the game, but more about how well it runs. I was surprised to say the least. It kind of defeats the 'flash is much more than video' argument. Same is probably true for that wikipedia video page I linked somewhere, it has well working controls, very similar to those of flash players. I've no idea about how well it is supported across browsers, only tried FF. I agree that it should work across all browsers and also all platforms (not sure flash does ppc and stuff). It might or might not work in some alternative browsers, but they sadly still have plenty of issues anyway. IE however will have to catch up in reasonable time if it lags behind other major browsers. From what I remember, they said they'll support webm, if only as codec you need to install separately. Proper html5 and js support will have to happen too. So maybe it's not all there yet, and flash isn't dead yet, but I think (and hope) it won't take very long. -- Regards, Philipp -- Wir stehen selbst enttäuscht und sehn betroffen / Den Vorhang zu und alle Fragen offen. Bertolt Brecht, Der gute Mensch von Sezuan
Re: [arch-general] Knotify4 segmentation fault
See if it works after you remove (and backup) .asoundrc
On Thu, Jun 17, 2010 at 11:34 AM, Madhurya Kakati mkakati2...@gmail.com wrote:
On Thu, Jun 17, 2010 at 2:53 PM, Jan Steffens jan.steff...@gmail.com wrote:
What are the contents of /etc/asound.conf and ~/.asoundrc?
On Thu, Jun 17, 2010 at 11:20 AM, Madhurya Kakati mkakati2...@gmail.com
wrote:
Hi all,
I am using kde 4.4.4. whenever i get any notifications knotify4 throws
up error stating seg fault. this is very annoying cause sometime while
chatting if chat window is unfocused, if someone replies, i get
notification and immediately knotify throws error.
Application: KNotify (knotify4), signal: Segmentation fault
[KCrash Handler]
#5 0x7f2fed7912f0 in snd_pcm_extplug_close () from
/usr/lib/libasound.so.2
#6 0x7f2fed750d65 in snd_pcm_close () from /usr/lib/libasound.so.2
#7 0x7f2fed76f135 in snd_pcm_plug_close () from /usr/lib/libasound.so.2
#8 0x7f2fed750d65 in snd_pcm_close () from /usr/lib/libasound.so.2
#9 0x7f2febbd0f98 in gst_alsasink_close () from
/usr/lib/gstreamer-0.10/libgstalsa.so
#10 0x7f2fec30eb86 in gst_audioringbuffer_close_device () from
/usr/lib/libgstaudio-0.10.so.0
#11 0x7f2fec2ff143 in gst_ring_buffer_close_device () from
/usr/lib/libgstaudio-0.10.so.0
#12 0x7f2fec30a396 in gst_base_audio_sink_change_state () from
/usr/lib/libgstaudio-0.10.so.0
#13 0x7f2fecbb28fc in gst_element_change_state () from
/usr/lib/libgstreamer-0.10.so.0
#14 0x7f2fecbb32e2 in gst_element_set_state_func () from
/usr/lib/libgstreamer-0.10.so.0
#15 0x7f2fed2efa2a in
Phonon::Gstreamer::AudioOutput::setOutputDevice(Phonon::ObjectDescription(Phonon::ObjectDescriptionType)0
const) ()
from /usr/lib/kde4/plugins/phonon_backend/phonon_gstreamer.so
#16 0x7f2ff7c2185c in
Phonon::AudioOutputPrivate::setupBackendObject() () from
/usr/lib/libphonon.so.4
#17 0x7f2ff7c21e63 in
Phonon::AudioOutputPrivate::createBackendObject() () from
/usr/lib/libphonon.so.4
#18 0x7f2ff7c1f0cc in
Phonon::AudioOutputPrivate::init(Phonon::Category) () from
/usr/lib/libphonon.so.4
#19 0x0040c871 in _start ()
cat shows this error cat: /etc/asound.conf: No such file or directory.
The output of cat ~/.asoundrc is
ctl.equal {
type equal;
}
pcm.plugequal {
type equal;
# Modify the line below if you don't
# want to use sound card 0.
#slave.pcm plughw:0,0;
#by default we want to play from more sources at time:
slave.pcm plug:dmix;
}
#pcm.equal {
# Or if you want the equalizer to be your
# default soundcard uncomment the following
# line and comment the above line.
pcm.!default {
type plug;
slave.pcm plugequal;
}
Re: [arch-general] [arch-dev-public] dropping flashplugin x86_64
On Thu, Jun 17, 2010 at 5:57 AM, Philipp Überbacher hollun...@lavabit.com wrote: I have no idea, it was simply the latest ubuntu live CD, i386 I believe. I never claimed that it was scientific, just recent experience. I used a live CD for this because I didn't want to install flash, but now I couldn't install it if I wanted to (practically I could, but it would be insane). so... you're blaming flash for something that /could/ be a problem with your environment... and certainly something flash was not designed to run on... I've had livecd's with graphical environments cease to respond after leaving them unattended. I blame the environment... livecd's are great for recovery... but mediocre, at best, for an actual environment. The whole thing is a great example why we should avoid proprietary technologies. First we're used as a testbed, then dropped. It shows how much you're at the companies mercy. That alone is reason enough for me to not use stuff like flash or skype. right... as if open source never stops getting supported for long periods of time... synergy anyone? or that we're never used as a testbed *cough*kde 4.0*cough*. It wasn't about the game, but more about how well it runs. I was surprised to say the least. It kind of defeats the 'flash is much more than video' argument. Same is probably true for that wikipedia video page I linked somewhere, it has well working controls, very similar to those of flash players. I'm sure it does... I've no idea about how well it is supported across browsers, only tried FF. I agree that it should work across all browsers and also all platforms (not sure flash does ppc and stuff). It might or might not work in some alternative browsers, but they sadly still have plenty of issues anyway. IE however will have to catch up in reasonable time if it lags behind other major browsers. From what I remember, they said they'll support webm, if only as codec you need to install separately. Proper html5 and js support will have to happen too. it depends... I doubt many/any companies will do a full switch without at least 50% market share. Which IE still holds, (flash has something like 99% market share). Certainly it's not going away on youtube. So maybe it's not all there yet, and flash isn't dead yet, but I think (and hope) it won't take very long. I suspect unless IE adopts webm it'll be around for a very long time. -- Caleb Cushing http://xenoterracide.blogspot.com
Re: [arch-general] [arch-dev-public] dropping flashplugin x86_64
Am Thu, 17 Jun 2010 07:06:23 -0400 schrieb Caleb Cushing xenoterrac...@gmail.com: right... as if open source never stops getting supported for long periods of time... synergy anyone? or that we're never used as a testbed *cough*kde 4.0*cough*. Let me think. I'm using open source (Linux) since many years now. Everything I needed was supported and maintained during all the years. If a tool isn't maintained anymore then there's a fork or a usually better alternative which is maintained. Closed source? Windows? Windows 98? Windows NT? Windows XP in the near future? Flash for x86_64? Several anti-virus software for x86_64? Zattoo for x86_64? Everything is unsupported or stopped getting supported. Flash for x86_64 was supported only for a short while (about 1 or 2 years?) anyway. So what is getting better and longer supported? Open source or closed source? ... we're never used as a testbed ... Somehow it sounds as if you were from Adobe. it depends... I doubt many/any companies will do a full switch without at least 50% market share. Which IE still holds, (flash has something like 99% market share). Certainly it's not going away on youtube. I doubt that. Why has Flash a market share like 99%? Only because portals like Youtube are using this and everyone wants to watch their videos. As soon as Youtube and other video portals switch to HTML5 Flash's market share will rapidly decrease. I've already uninstalled it due to the lack of x86_64 support and its security holes. For watching Youtube videos without Flash and HTML5 I've found two nice Greasemonkey user scripts, which let me watch the videos with the good working gecko-mediaplayer. I suspect unless IE adopts webm it'll be around for a very long time. I doubt that it will take too long until IE will adopt webm. And don't overvalue IE. IE isn't as important as it was some years ago. Heiko
Re: [arch-general] Knotify4 segmentation fault
On Thu, Jun 17, 2010 at 3:43 PM, Jan Steffens jan.steff...@gmail.com wrote:
See if it works after you remove (and backup) .asoundrc
On Thu, Jun 17, 2010 at 11:34 AM, Madhurya Kakati mkakati2...@gmail.com
wrote:
On Thu, Jun 17, 2010 at 2:53 PM, Jan Steffens jan.steff...@gmail.com wrote:
What are the contents of /etc/asound.conf and ~/.asoundrc?
On Thu, Jun 17, 2010 at 11:20 AM, Madhurya Kakati mkakati2...@gmail.com
wrote:
Hi all,
I am using kde 4.4.4. whenever i get any notifications knotify4 throws
up error stating seg fault. this is very annoying cause sometime while
chatting if chat window is unfocused, if someone replies, i get
notification and immediately knotify throws error.
Application: KNotify (knotify4), signal: Segmentation fault
[KCrash Handler]
#5 0x7f2fed7912f0 in snd_pcm_extplug_close () from
/usr/lib/libasound.so.2
#6 0x7f2fed750d65 in snd_pcm_close () from /usr/lib/libasound.so.2
#7 0x7f2fed76f135 in snd_pcm_plug_close () from
/usr/lib/libasound.so.2
#8 0x7f2fed750d65 in snd_pcm_close () from /usr/lib/libasound.so.2
#9 0x7f2febbd0f98 in gst_alsasink_close () from
/usr/lib/gstreamer-0.10/libgstalsa.so
#10 0x7f2fec30eb86 in gst_audioringbuffer_close_device () from
/usr/lib/libgstaudio-0.10.so.0
#11 0x7f2fec2ff143 in gst_ring_buffer_close_device () from
/usr/lib/libgstaudio-0.10.so.0
#12 0x7f2fec30a396 in gst_base_audio_sink_change_state () from
/usr/lib/libgstaudio-0.10.so.0
#13 0x7f2fecbb28fc in gst_element_change_state () from
/usr/lib/libgstreamer-0.10.so.0
#14 0x7f2fecbb32e2 in gst_element_set_state_func () from
/usr/lib/libgstreamer-0.10.so.0
#15 0x7f2fed2efa2a in
Phonon::Gstreamer::AudioOutput::setOutputDevice(Phonon::ObjectDescription(Phonon::ObjectDescriptionType)0
const) ()
from /usr/lib/kde4/plugins/phonon_backend/phonon_gstreamer.so
#16 0x7f2ff7c2185c in
Phonon::AudioOutputPrivate::setupBackendObject() () from
/usr/lib/libphonon.so.4
#17 0x7f2ff7c21e63 in
Phonon::AudioOutputPrivate::createBackendObject() () from
/usr/lib/libphonon.so.4
#18 0x7f2ff7c1f0cc in
Phonon::AudioOutputPrivate::init(Phonon::Category) () from
/usr/lib/libphonon.so.4
#19 0x0040c871 in _start ()
cat shows this error cat: /etc/asound.conf: No such file or directory.
The output of cat ~/.asoundrc is
ctl.equal {
type equal;
}
pcm.plugequal {
type equal;
# Modify the line below if you don't
# want to use sound card 0.
#slave.pcm plughw:0,0;
#by default we want to play from more sources at time:
slave.pcm plug:dmix;
}
#pcm.equal {
# Or if you want the equalizer to be your
# default soundcard uncomment the following
# line and comment the above line.
pcm.!default {
type plug;
slave.pcm plugequal;
}
It worked. Thanks :D
Re: [arch-general] [arch-dev-public] dropping flashplugin x86_64
also has everyone forgotten this http://techcrunch.com/2010/03/30/flash-player-to-come-bundled-with-google-chrome-new-browser-plugin-api-coming/ ? if google wants flash dead so bad why bundle it? I suspect that's why adobe has cancelled support for now. I bet they have to rewrite parts of 64-bit flash anyways in order to do this. Once it's done they'll re-release. -- Caleb Cushing http://xenoterracide.blogspot.com
Re: [arch-general] [arch-dev-public] dropping flashplugin x86_64
On Thu, 17 Jun 2010 11:46:11 +0200, Jan de Groot j...@jgc.homeip.net wrote: I don't care much about performance, but what is irritating is that whenever some website loads anything flash-related, my CPU gets speedstepped to max frequency and my laptop fan prepares my laptop for a takeoff. When you're on battery, this can mean you'll lose half of battery runtime, just by having a browser window open that includes a flash banner. This isn't only a problem on x86_64, but on every non-windows platform. Maybe it extends to windows also, but I haven't tested that in years. Besides the performance problem, flash also makes browsers unstable. I'm very happy with the out-of-process plugins in Firefox 3.6.4 prereleases, it's just too bad that I don't use firefox for daily browsing. I didn't like flash but kept it to play games occasionally (and yes, youtube a little, max 1 vid a day). Since it doesn't run on x86_64 and there isn't an easy way to install the 32bit version and make it work with Opera 10.6 beta, I dropped it. Opera 10.6 and Chrome 5 support WebM, so will Firefox 4, Opera 10.6 and Firefox 3 both support Ogg Theora, so yes I think the video tag is ready. IE is always slow on adopting new technologies so I can't see it as a serious browser (no matter if it has 50% market share). I forgot about Safari, well that is just a strange kid. Apple ports the browser to Windows and claims to have a cross platform browser, what about Linux? :-s On the codec side it doesn't support WebM nor Ogg Theora, a new IE6 if you ask me. For the games, canvas would be great, and indeed the Astroid game works smooth. I think I should open a topic on the forums with more of these games websites. I don't know how far the support for canvas is, but my default browser Opera 10.6 does. On the topic of open-source versus closed-source, I wont discus it. Both have advantages and disadvantages, I just prefer to use the software that just works (like Opera, WebM, Chromium, Firefox). Flash doesn't work for me, the same with IE and Safari. Youtube should really convert ALL there videos to WebM, old and new, it will become the standard in the next months. -- To read: http://en.wikipedia.org/wiki/Posting_style#Bottom-posting
Re: [arch-general] Package fwbuilder flagged out-of-date
Hi, Here are new versions for fwbuilder and libfwbuilder. They build and launch in my i686. Not tested in x64. I haven't used them so can't say if they do what they are supposed to (ie need further testing). Added maintainer in this thread. -- Guillaume Hi I tried install new packages but getting this error when launching from command line fwbuilder fwbuilder: error while loading shared libraries: libfwbuilder.so.8: cannot open shared object file: No such file or directory More basic troubleshooting $ locate libfwbuilder.so.8 /usr/lib/libfwbuilder.so.8 /usr/lib/libfwbuilder.so.8.2 /usr/lib/libfwbuilder.so.8.2.0 $ ls /usr/lib/ | grep libfw libfwbuilder.so libfwbuilder.so.9 libfwbuilder.so.9.1 libfwbuilder.so.9.1.0 libfwcompiler.so libfwcompiler.so.9 libfwcompiler.so.9.1 libfwcompiler.so.9.1.0 The are packages are I used. [1] libfwbuilder-4.0.2-1-x86_64.pkg.tar.xz -- http://ubuntuone.com/p/7LH/ [2] fwbuilder-4.0.2-1-x86_64.pkg.tar.xz -- http://ubuntuone.com/p/7LR/ seems these are broken :| Regards, Gaurish Sharma www.gaurishsharma.com On Thu, Jun 17, 2010 at 2:09 PM, Guillaume ALAUX guilla...@alaux.net wrote:
Re: [arch-general] Package signing for the umpteenth time (was Re: unrealircd 3.2.8.1-2 contains backdoor)
On Sun, 13 Jun 2010 12:46:09 +0200 Xavier Chantry chantry.xav...@gmail.com wrote: It's all there : http://projects.archlinux.org/users/allan/pacman.git/log/?h=gpg and there : http://wiki.archlinux.org/index.php/Package_Signing_Proposal_for_Pacman Come back to us when everything is implemented and working :) You can also read the last thread : http://mailman.archlinux.org/pipermail/arch-general/2010-April/012897.html And contact Denis A. Altoé Falqueto about pacman-key and all the rest, and maybe Aleksis Jauntēvs too Basically there is no one leading and coordinating these efforts, just various people who pushed it a bit at random time in the past, and got quickly de-motivated by the lack of interest from everyone else. It seems to be actually progressing pretty quickly now and from the other posts on this subject it looks like we may not have to wait too long before it's implemented. Keep up the good work developers! Ananda
Re: [arch-general] [arch-dev-public] dropping flashplugin x86_64
On Thu, Jun 17, 2010 at 12:29 PM, Jeroen Op 't Eynde jer...@xprsyrslf.be wrote: Chrome 5 I thought WebM wasn't queued up until Chrome 6? pretty sure it's only H264 in 5... but I could be wrong... I think even youtube says something like that. -- Caleb Cushing http://xenoterracide.blogspot.com
[arch-general] New Google Group for discussion and notices on Arch security.
I've created a Google Group here for discussion around creating an Arch Security Team: http://groups.google.com/group/arch-security Please join it if you're interested. The reason for this group is in response to my rejected suggestion for an arch-security mailing list. I'll CC any policy or process suggestions to arch-general, but when announcements happen and also discussion regarding specific vulnerabilities and mitigation they won't be CCed. If an Arch Security Team comes coalesces and the Devs are happy to integrate us officially then we can consider deleting the group and if possible transferring the archives to archlinux.org. Ananda
Re: [arch-general] [arch-dev-public] dropping flashplugin x86_64
Am Thu, 17 Jun 2010 11:26:57 -0400 schrieb Caleb Cushing xenoterrac...@gmail.com: kde1,2,3 aren't maintained anymore this saying windows nt, 98, xp is just about the same. kde4 is very similar in how vista has gone into 7. don't confused unsupported with we released a new version and aren't supporting the previous. I don't confuse anything. KDE 1, 2 and 3 have been regular updates. KDE 4 is quite different and can't be seen as a usual update. KDE 3 is btw. still maintained by the Trinity project (http://trinity.pearsoncomputing.net) and updated to 3.5.11. As I said, if an open source software isn't maintained anymore, it usually get's forked or maintained by someone else or replaced by a usually better alternative. Window 98, NT, XT, Vista, 7 are also not real updates and not just a release of a new version, because first they are all completely different and not generally compatible (Windows Vista Software doesn't run on Windows 98 and probably vice versa) and second you need to pay for all of these updates. So you can't compare those with regular updates. open source actually supports it's old versions a lot less in most cases. I only know 2 projects with really long term support: postgres (5 years now) and the kernel (only certain versions). Why should old versions be supported? They are updated and maintained. And these are real updates (releases of new versions). So this software is maintained and supported. postgres is btw. also updated several times. I doubt that there are still 5 years old versions of postgres. So I guess you shouldn't mix up two different things, updating a software by releasing a new version and releasing a new software which is incompatible with the previous versions. wtf is zattoo (don't answer I don't care). reason AV's don't have 64-bit support is windows is their only serious market and windows hasn't had serious 64-bit support. And why are there free Linux versions of every anti-virus software, if Windows is their only serious market? And are there 64 bit Windows versions of those anti-virus software? I haven't seen any yet. So this can't be the reason. don't take this out of context. I was referring to kde 4.0 where all the distro's decided to roll it out when kde explicitly said 'this is a developer release only'. I didn't take this out of context. You weren't referring to KDE 4 there. At least I couldn't read this. right because that's the only flash site people use? Not the only one, but the one which is used by most people. I doubt hulu is going to switch (and it never worked on 64-bit flash maybe that's why adobe is (according to them) overhauling 64-bit flash), pandora could have been implemented in js when it came out, they chose flash. I believe flash had that market share when youtube was in its infancy and maybe even earlier. But don't forget that Hulu and Pandora (officially) only work in the USA. And the USA is not the world even if some Americans (mainly the US Government and US Army) conceit themselves to be the world or at least like to take over the world domination. yes it's becoming less important, and their's certainly a push to kill IE6. I don't think that's going to matter to what I said though. People who are still using IE6 (I mean the old version, not an IE vs.FF flamewar) are beyond help anyway. Heiko
Re: [arch-general] [arch-dev-public] dropping flashplugin x86_64
Am Thu, 17 Jun 2010 14:16:14 -0400 schrieb Caleb Cushing xenoterrac...@gmail.com: I thought WebM wasn't queued up until Chrome 6? pretty sure it's only H264 in 5... but I could be wrong... I think even youtube says something like that. WebM is already implemented in Chromium 5. Youtube's HTML5 version is working perfectly with Chromium 5. Heiko
Re: [arch-general] [arch-dev-public] dropping flashplugin x86_64
On Thu, Jun 17, 2010 at 2:35 PM, Heiko Baums li...@baums-on-web.de wrote: And why are there free Linux versions of every anti-virus software, if Windows is their only serious market? because they're primarily used for scanning email for virii in web gateways. you'll probably find more 64-bit av's in enterprise editions. -- Caleb Cushing http://xenoterracide.blogspot.com
Re: [arch-general] New Google Group for discussion and notices on Arch security.
On Thu, Jun 17, 2010 at 1:32 PM, Ananda Samaddar ana...@samaddar.co.uk wrote: I've created a Google Group here for discussion around creating an Arch Security Team: http://groups.google.com/group/arch-security Please join it if you're interested. The reason for this group is in response to my rejected suggestion for an arch-security mailing list. I'll CC any policy or process suggestions to arch-general, but when announcements happen and also discussion regarding specific vulnerabilities and mitigation they won't be CCed. If an Arch Security Team comes coalesces and the Devs are happy to integrate us officially then we can consider deleting the group and if possible transferring the archives to archlinux.org. Sounds like a blast from the past: http://wiki.archlinux.org/index.php/Security_Task_Force http://code.google.com/p/arch-sheriff/ Best of luck this time around. -Dan
Re: [arch-general] [arch-dev-public] dropping flashplugin x86_64
On Thu, Jun 17, 2010 at 2:38 PM, Heiko Baums li...@baums-on-web.de wrote: WebM is already implemented in Chromium 5. not in our stable build. http://www.permadi.com/blog/2010/05/sample-webm-video-2/ that's supposed to be webm and the video that's on youtube should have an webm and html5 badge... I just get the html5 one. I hear it's been backported in unstable and in chrome. so firefox 4 isn't out, opera is in beta. I'm not actually 100% that webm is in chrome stable. and this is ready? call me when stable browsers have been released with it. -- Caleb Cushing http://xenoterracide.blogspot.com
Re: [arch-general] New Google Group for discussion and notices on Arch security.
Cool. I just joined. -Miah On Thu, Jun 17, 2010 at 11:45 AM, Dan McGee dpmc...@gmail.com wrote: On Thu, Jun 17, 2010 at 1:32 PM, Ananda Samaddar ana...@samaddar.co.uk wrote: I've created a Google Group here for discussion around creating an Arch Security Team: http://groups.google.com/group/arch-security Please join it if you're interested. The reason for this group is in response to my rejected suggestion for an arch-security mailing list. I'll CC any policy or process suggestions to arch-general, but when announcements happen and also discussion regarding specific vulnerabilities and mitigation they won't be CCed. If an Arch Security Team comes coalesces and the Devs are happy to integrate us officially then we can consider deleting the group and if possible transferring the archives to archlinux.org. Sounds like a blast from the past: http://wiki.archlinux.org/index.php/Security_Task_Force http://code.google.com/p/arch-sheriff/ Best of luck this time around. -Dan
Re: [arch-general] New Google Group for discussion and notices on Arch security.
On Thu, 17 Jun 2010 13:45:17 -0500 Dan McGee dpmc...@gmail.com wrote: Sounds like a blast from the past: http://wiki.archlinux.org/index.php/Security_Task_Force http://code.google.com/p/arch-sheriff/ Best of luck this time around. -Dan As I've mentioned before, I don't think getting the processes in place will be that hard if we modify Gentoo's way of doing things to suit Arch. Gentoo's docs are all cc-by-sa licensed so it shouldn't be an issue. The mailing lists for vulnerabilities exist that can be used to check against the packages in Arch. What is needed are volunteers who: 1. Check for vulnerabilities 2. Know how to use PKGBUILDS and abs 3. Can spare some time to send announcements, create interim PKGBUILDs and file security issues on the bug tracker. It may well turn out to be a one man show for the immediate future, but I'm prepared for that. Ananda
[arch-general] What should the Arch Security Team be called?
On to the first order of business. As the subject says, what should security team be called. Hopefully we can get a few suggestions and then reach a consensus. Arch Linux Security Task Force just sounds like too much of a mouthful to me. I was brooding over this and I thought some sort of acronym that's an actual word would sound better, so I came up with this: 'Arch Response Team for Security' or ARTS. It's a bit cheesy and cheats a bit to get the acronym but is instantly memorable. I'm aware arts was also a KDE technology but it has long since been deprecated. Ideas? Ananda signature.asc Description: PGP signature
Re: [arch-general] Package fwbuilder flagged out-of-date
On Thu, Jun 17, 2010 at 11:34 PM, Ionuț Bîru biru.io...@gmail.com wrote: first compile and install libfwbuilder and then compile fwbuilder against the new libfwbuilder. the order is important -- Ionuț Hi, I compiled libfwbuilder and installed it. then I complied fwbuilder package and installed it. All this was done by makepkg. but still setting that error about missing shared library libfwbuilder.so.8 I guess, downgrading to version 3 and waiting for official packages seems the only solution. Hope the maintainer finds some time and updates it. Regards, Gaurish Sharma www.gaurishsharma.com
Re: [arch-general] Package fwbuilder flagged out-of-date
Which architecture your are building on? On 17 June 2010 21:50, Gaurish Sharma cont...@gaurishsharma.com wrote: On Thu, Jun 17, 2010 at 11:34 PM, Ionuț Bîru biru.io...@gmail.com wrote: first compile and install libfwbuilder and then compile fwbuilder against the new libfwbuilder. the order is important -- Ionuț Hi, I compiled libfwbuilder and installed it. then I complied fwbuilder package and installed it. All this was done by makepkg. but still setting that error about missing shared library libfwbuilder.so.8 I guess, downgrading to version 3 and waiting for official packages seems the only solution. Hope the maintainer finds some time and updates it. Regards, Gaurish Sharma www.gaurishsharma.com
Re: [arch-general] Package fwbuilder flagged out-of-date
On Thursday 17 June 2010 21:50:27 Gaurish Sharma wrote: I guess, downgrading to version 3 and waiting for official packages seems the only solution. Hope the maintainer finds some time and updates it. Hi, please try these packages and report any issue. If you say that them are working I will upload them in [extra]. libfwbuilder - http://andreascarpino.it/uploads/libfwbuilder-4.0.2-1- x86_64.pkg.tar.xz fwbuilder - http://andreascarpino.it/uploads/fwbuilder-4.0.2-1- x86_64.pkg.tar.xz -- Andrea Scarpino - andreascarpino.it KDE Maintainer in Arch Linux
Re: [arch-general] Package fwbuilder flagged out-of-date
On Fri, Jun 18, 2010 at 1:29 AM, Andrea Scarpino and...@archlinux.org wrote: Hi, please try these packages and report any issue. If you say that them are working I will upload them in [extra]. libfwbuilder - http://andreascarpino.it/uploads/libfwbuilder-4.0.2-1- x86_64.pkg.tar.xz fwbuilder - http://andreascarpino.it/uploads/fwbuilder-4.0.2-1-x86_64.pkg.tar.xz -- Andrea Scarpino - andreascarpino.it KDE Maintainer in Arch Linux Hi, Awesome work! These packages work without any issues. Thanks a lot. Regards, Gaurish Sharma www.gaurishsharma.com
Re: [arch-general] Package fwbuilder flagged out-of-date
Sweet ! Well done Andreas. Could we see the sources plz? I'm curious ! On 17 June 2010 22:04, Gaurish Sharma cont...@gaurishsharma.com wrote: On Fri, Jun 18, 2010 at 1:29 AM, Andrea Scarpino and...@archlinux.org wrote: Hi, please try these packages and report any issue. If you say that them are working I will upload them in [extra]. libfwbuilder - http://andreascarpino.it/uploads/libfwbuilder-4.0.2-1- x86_64.pkg.tar.xz fwbuilder - http://andreascarpino.it/uploads/fwbuilder-4.0.2-1-x86_64.pkg.tar.xz -- Andrea Scarpino - andreascarpino.it KDE Maintainer in Arch Linux Hi, Awesome work! These packages work without any issues. Thanks a lot. Regards, Gaurish Sharma www.gaurishsharma.com
Re: [arch-general] What should the Arch Security Team be called?
On 17/06/10 at 08:46pm, Ananda Samaddar wrote: On to the first order of business. As the subject says, what should security team be called. Hopefully we can get a few suggestions and then reach a consensus. Arch Linux Security Task Force just sounds like too much of a mouthful to me. I was brooding over this and I thought some sort of acronym that's an actual word would sound better, so I came up with this: 'Arch Response Team for Security' or ARTS. It's a bit cheesy and cheats a bit to get the acronym but is instantly memorable. I'm aware arts was also a KDE technology but it has long since been deprecated. Ideas? Ananda Arch Response Security Engineers? -- Dave.
Re: [arch-general] Package fwbuilder flagged out-of-date
On Thursday 17 June 2010 22:07:31 Guillaume ALAUX wrote: Sweet ! Well done Andreas. Could we see the sources plz? I'm curious ! Of curse. http://repos.archlinux.org/wsvn/packages/libfwbuilder/trunk/ http://repos.archlinux.org/wsvn/packages/fwbuilder/trunk/ Building i686 now. -- Andrea Scarpino - andreascarpino.it KDE Maintainer in Arch Linux
Re: [arch-general] What should the Arch Security Team be called?
On Thu, 17 Jun 2010 21:19:38 +0100 Dave Morgan davemorgan...@btinternet.com wrote: On 17/06/10 at 08:46pm, Ananda Samaddar wrote: On to the first order of business. As the subject says, what should security team be called. Hopefully we can get a few suggestions and then reach a consensus. Arch Linux Security Task Force just sounds like too much of a mouthful to me. I was brooding over this and I thought some sort of acronym that's an actual word would sound better, so I came up with this: 'Arch Response Team for Security' or ARTS. It's a bit cheesy and cheats a bit to get the acronym but is instantly memorable. I'm aware arts was also a KDE technology but it has long since been deprecated. Ideas? Ananda Arch Response Security Engineers? Sensible suggestions please! Ananda signature.asc Description: PGP signature
Re: [arch-general] What should the Arch Security Team be called?
On Thu 17 Jun 2010 21:19 +0100, Dave Morgan wrote: On 17/06/10 at 08:46pm, Ananda Samaddar wrote: On to the first order of business. As the subject says, what should security team be called. Hopefully we can get a few suggestions and then reach a consensus. Arch Linux Security Task Force just sounds like too much of a mouthful to me. I was brooding over this and I thought some sort of acronym that's an actual word would sound better, so I came up with this: 'Arch Response Team for Security' or ARTS. It's a bit cheesy and cheats a bit to get the acronym but is instantly memorable. I'm aware arts was also a KDE technology but it has long since been deprecated. Ideas? Arch Response Security Engineers? HAHA YES!
Re: [arch-general] [arch-security] Re: What should the Arch Security Team be called?
On Thu, 17 Jun 2010 13:27:59 -0700 (PDT) nepherte nephe...@gmail.com wrote: Why not just Arch Security Team (AST) not to be confused with abstract syntax trees :) No need to make things complicated. This looks like the way to go, if there's no more dissenters or better suggestions. Ananda signature.asc Description: PGP signature
Re: [arch-general] What should the Arch Security Team be called?
I second Arch Security Team (AST). Its simple. -Miah On Thu, Jun 17, 2010 at 1:29 PM, Ananda Samaddar ana...@samaddar.co.ukwrote: On Thu, 17 Jun 2010 21:19:38 +0100 Dave Morgan davemorgan...@btinternet.com wrote: On 17/06/10 at 08:46pm, Ananda Samaddar wrote: On to the first order of business. As the subject says, what should security team be called. Hopefully we can get a few suggestions and then reach a consensus. Arch Linux Security Task Force just sounds like too much of a mouthful to me. I was brooding over this and I thought some sort of acronym that's an actual word would sound better, so I came up with this: 'Arch Response Team for Security' or ARTS. It's a bit cheesy and cheats a bit to get the acronym but is instantly memorable. I'm aware arts was also a KDE technology but it has long since been deprecated. Ideas? Ananda Arch Response Security Engineers? Sensible suggestions please! Ananda
[arch-general] Licensing of Arch Wiki content
I notice it's all under GFDL 1.2. I'm wanting to use a Gentoo doc for the Arch Security stuff but it's under a CC-SA attribution license which is incompatible with GFDL. Would it be possible to allow Wiki content under a CC licenses? I can't see it being too controversial a choice, as in CC licenses are now widely accepted. Even the venerable RMS uses CC licenses for his personal stuff as does a lot of the FSF/GNU stuff. Ananda signature.asc Description: PGP signature
Re: [arch-general] What should the Arch Security Team be called?
On Thu, Jun 17, 2010 at 22:19, Dave Morgan davemorgan...@btinternet.com wrote: On 17/06/10 at 08:46pm, Ananda Samaddar wrote: On to the first order of business. As the subject says, what should Ideas? Ananda Arch Response Security Engineers? -- Dave. hmmm. Let's Make Arch Overprotected (LMAO) Tape Arch's Cracks - Organiztaion (TACO) -- ijanos
Re: [arch-general] What should the Arch Security Team be called?
2010/6/17 János Illés ija...@gmail.com: On Thu, Jun 17, 2010 at 22:19, Dave Morgan davemorgan...@btinternet.com wrote: On 17/06/10 at 08:46pm, Ananda Samaddar wrote: On to the first order of business. As the subject says, what should Ideas? Ananda Arch Response Security Engineers? -- Dave. hmmm. Let's Make Arch Overprotected (LMAO) Tape Arch's Cracks - Organiztaion (TACO) I vote for TACO ! -- Angel Velásquez angvp @ irc.freenode.net Arch Linux Trusted User Linux Counter: #359909 http://www.angvp.com
Re: [arch-general] What should the Arch Security Team be called?
On Thursday 17 of June 2010 21:46:59 Ananda Samaddar wrote: On to the first order of business. As the subject says, what should security team be called. Hopefully we can get a few suggestions and then reach a consensus. Arch Linux Security Task Force just sounds like too much of a mouthful to me. I was brooding over this and I thought some sort of acronym that's an actual word would sound better, so I came up with this: 'Arch Response Team for Security' or ARTS. It's a bit cheesy and cheats a bit to get the acronym but is instantly memorable. I'm aware arts was also a KDE technology but it has long since been deprecated. Ideas? Ananda Arch Security Mailing List ASML ? -- Marek Otahal :o)
Re: [arch-general] What should the Arch Security Team be called?
On Thu, 17 Jun 2010 23:02:30 +0200 Marek Otahal markota...@gmail.com wrote: Arch Security Mailing List ASML ? That's more for the mailing list I reckon. I'll leave it half a day or so, so that users from other time zones can get their opinions heard. The consensus, trolling aside, seems to be on Arch Security Team (AST). It's simple and to the point so seems to be in keeping with Arch's philosophy and therefore fitting. Ananda signature.asc Description: PGP signature
Re: [arch-general] Licensing of Arch Wiki content
On Thu 17 Jun 2010 21:42 +0100, Ananda Samaddar wrote: I notice it's all under GFDL 1.2. I'm wanting to use a Gentoo doc for the Arch Security stuff but it's under a CC-SA attribution license which is incompatible with GFDL. Would it be possible to allow Wiki content under a CC licenses? I can't see it being too controversial a choice, as in CC licenses are now widely accepted. Even the venerable RMS uses CC licenses for his personal stuff as does a lot of the FSF/GNU stuff. I don't think anyone would sue you for it.
Re: [arch-general] Licensing of Arch Wiki content
Ananda Samaddar wrote: I notice it's all under GFDL 1.2. I'm wanting to use a Gentoo doc for the Arch Security stuff but it's under a CC-SA attribution license which is incompatible with GFDL. Would it be possible to allow Wiki content under a CC licenses? I can't see it being too controversial a choice, as in CC licenses are now widely accepted. Even the venerable RMS uses CC licenses for his personal stuff as does a lot of the FSF/GNU stuff. Ananda I assume this ask to have GFDL CC-BY-SA content coexist at the wiki. The existing content can only be relicensed by its authors. The GFDL 1.3 gateway expired on August 1, 2009. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: [arch-general] Licensing of Arch Wiki content
On Thu, 17 Jun 2010 17:17:38 -0400 Loui Chang louipc@gmail.com wrote: On Thu 17 Jun 2010 21:42 +0100, Ananda Samaddar wrote: I notice it's all under GFDL 1.2. I'm wanting to use a Gentoo doc for the Arch Security stuff but it's under a CC-SA attribution license which is incompatible with GFDL. Would it be possible to allow Wiki content under a CC licenses? I can't see it being too controversial a choice, as in CC licenses are now widely accepted. Even the venerable RMS uses CC licenses for his personal stuff as does a lot of the FSF/GNU stuff. I don't think anyone would sue you for it. Fair enough, the Arch Wiki states though that all content is under GFDL1.2 in the page footer. Would it be possible to change this to also allow Creative Commons? In other words officially endorse it in the Arch Wiki. Ananda signature.asc Description: PGP signature
Re: [arch-general] [arch-dev-public] dropping flashplugin x86_64
Am Thu, 17 Jun 2010 14:49:50 -0400 schrieb Caleb Cushing xenoterrac...@gmail.com: not in our stable build. And why does it (Youtube) work with the current chromium from [extra]? http://www.permadi.com/blog/2010/05/sample-webm-video-2/ that's supposed to be webm and the video that's on youtube should have an webm and html5 badge... I just get the html5 one. I hear it's been backported in unstable and in chrome. You probably misunderstand something. HTML5 is the new HTML version, the language in which websites (Youtube e.g.) are written, the language which provides the video tag. WebM is the codec of the videos like MPEG, Ogg/Theora, etc. Heiko
Re: [arch-general] Package fwbuilder flagged out-of-date
On 17 June 2010 22:24, Andrea Scarpino and...@archlinux.org wrote: On Thursday 17 June 2010 22:07:31 Guillaume ALAUX wrote: Sweet ! Well done Andreas. Could we see the sources plz? I'm curious ! Of curse. http://repos.archlinux.org/wsvn/packages/libfwbuilder/trunk/ http://repos.archlinux.org/wsvn/packages/fwbuilder/trunk/ Building i686 now. -- Andrea Scarpino - andreascarpino.it KDE Maintainer in Arch Linux Hum... now that I'm back home, I checked the PKGBUILDs I wrote on my x86_64 Arch and they build and run fine! Anyway, thanks for this Andrea. -- Guillaume
Re: [arch-general] [arch-dev-public] dropping flashplugin x86_64
On Thu, Jun 17, 2010 at 5:40 PM, Heiko Baums li...@baums-on-web.de wrote: You probably misunderstand something. HTML5 is the new HTML version, the language in which websites (Youtube e.g.) are written, the language which provides the video tag. WebM is the codec of the videos like MPEG, Ogg/Theora, etc. no I understand it perfectly and have been playing with the youtube beta. and that link I got was from #chromium-support maybe you don't understand? that link has a webm video. I enabled js and plugins on that page to be sure... and the video doesn't play. It's greyed out. so unless you tell me that one works we don't. from http://www.youtube.com/html5 * The HTML5 player has a badge in the control bar. If you don't see the HTML5 icon in the control bar, you've been directed to the Flash player (due to restrictions listed below) *The HTML5 player also has a badge to indicate the video is using the WebM format. If you don't see the WebM icon, the video is encoded using h.264 so according to that you should see HTML5 WebM. Do you? I see HTML5 but no WebM which means it's using h.264. even if you append the webm=1 which I suspect means youtube is smart and knows to fall back. -- Caleb Cushing http://xenoterracide.blogspot.com
Re: [arch-general] New Google Group for discussion and notices on Arch security.
On Thu, 17 Jun 2010 20:57:56 +0200, Ananda Samaddar ana...@samaddar.co.uk wrote: 1. Check for vulnerabilities 2. Know how to use PKGBUILDS and abs 3. Can spare some time to send announcements, create interim PKGBUILDs and file security issues on the bug tracker. 1. [testing] users do that 2. [testing] users, Devs and TUs (should) know this 3. see 1 and 2 IMHO, Arch's rolling release and cutting/bleeding edge kicks the need for a security team. Just do your one man thing like any testing user. The only thing I can think of in ways of security is signed packages, so write some code if you are a coder or put some time in a plan on how to achieve this instead of starting a strange vague unofficial security mailing list. If you do have a lot of security issues about arch, just flood the arch-general mailing list. If the devs see 'a lot' of messages concerning security, they might come back on the arch-security mailing list. Just be patient. -- To read: http://en.wikipedia.org/wiki/Posting_style#Bottom-posting
Re: [arch-general] What should the Arch Security Team be called?
On Thursday 17 Jun 2010 at 21:53 Angel Velásquez wrote: Let's Make Arch Overprotected (LMAO) Tape Arch's Cracks - Organiztaion (TACO) I vote for TACO ! or: Tape Arch's Cracks Over Toughened Arch Community Operation Tough Arch Crack Ops Lots of TACO options :-) But yes, something simple and obvious is probably better. How about: Standing Arch Linux Security Alliance (SALSA) :-D
Re: [arch-general] What should the Arch Security Team be called?
Arch Security Enhancement Team? Securing Arch For Everyone? Arch Guard? On Thu, Jun 17, 2010 at 08:46:59PM +0100, Ananda Samaddar wrote: On to the first order of business. As the subject says, what should security team be called. Hopefully we can get a few suggestions and then reach a consensus. Arch Linux Security Task Force just sounds like too much of a mouthful to me. I was brooding over this and I thought some sort of acronym that's an actual word would sound better, so I came up with this: 'Arch Response Team for Security' or ARTS. It's a bit cheesy and cheats a bit to get the acronym but is instantly memorable. I'm aware arts was also a KDE technology but it has long since been deprecated. Ideas? Ananda
Re: [arch-general] [arch-dev-public] dropping flashplugin x86_64
On Thu, 17 Jun 2010 23:50:10 +0200, Caleb Cushing xenoterrac...@gmail.com wrote: so according to that you should see HTML5 WebM. Do you? I see HTML5 but no WebM which means it's using h.264. even if you append the webm=1 which I suspect means youtube is smart and knows to fall back. I checked and I was wrong, Chrome/chromium 5 doesn't support WebM yet. Sorry about that, it is in the Dev channel though. Got confused with the tagging. Still, give it a few months. Opera will probably be the first to release an official browser version that supports WebM, quickly followed by Chromium and then Firefox. -- To read: http://en.wikipedia.org/wiki/Posting_style#Bottom-posting
Re: [arch-general] New Google Group for discussion and notices on Arch security.
I think there is much more that can be done besides the short list from Ananda. The thing you have to remember is that security does not mean I'm running the newest code.. Things to remember: 1. There is no such thing as secure. 2. Proper security consists of multiple layers of defense. Additional examples of things the AST could do: 1. Propose changes to default configuration files to be more secure, and have more documentation around setting up services in a more secure fashion. 2. Assist with SELinux GRsecurity projects. 3. Propose changes to initscripts to make sure software drops privileges and chroots where possible, or at least make it easier to enable such features. 4. pie / ssp 5. PaX 6. Audits This list is by no means complete, but the end goal should be to make things more secure. The other thing to remember is that just because you are running the latest rev of code, it doesn't mean there aren't vulnerabilities, or unpatched issues. Developers don't always consider issues that could be security issues to be security issues, or don't they understand the security implications of certain issues. Lastly, just because Arch is a rolling release it doesn't mean that everybody that uses it just updates everything at a whim. Some people do believe in change control and it may be useful for those people to be aware of security issues in certain packages that need to be updated. Not everybody does a daily/weekly/monthly system update. For some people stability is a feature. Some people might choose to upgrade packages which are security conscious while taking caution to upgrade a package they are dependent on. TOFU. -Miah On Thu, Jun 17, 2010 at 3:06 PM, Jeroen Op 't Eynde jer...@xprsyrslf.bewrote: On Thu, 17 Jun 2010 20:57:56 +0200, Ananda Samaddar ana...@samaddar.co.uk wrote: 1. Check for vulnerabilities 2. Know how to use PKGBUILDS and abs 3. Can spare some time to send announcements, create interim PKGBUILDs and file security issues on the bug tracker. 1. [testing] users do that 2. [testing] users, Devs and TUs (should) know this 3. see 1 and 2 IMHO, Arch's rolling release and cutting/bleeding edge kicks the need for a security team. Just do your one man thing like any testing user. The only thing I can think of in ways of security is signed packages, so write some code if you are a coder or put some time in a plan on how to achieve this instead of starting a strange vague unofficial security mailing list. If you do have a lot of security issues about arch, just flood the arch-general mailing list. If the devs see 'a lot' of messages concerning security, they might come back on the arch-security mailing list. Just be patient. -- To read: http://en.wikipedia.org/wiki/Posting_style#Bottom-posting
Re: [arch-general] What should the Arch Security Team be called?
I think the name should be simple (I've already commented on AST). But I wanted to point out, the name isn't everything. Its what the team does or proposes to do that should be thought about. Spending too much time on a name, while not actually doing anything is fail. -Miah On Thu, Jun 17, 2010 at 3:18 PM, J. McBlane toolma...@gmail.com wrote: Arch Security Enhancement Team? Securing Arch For Everyone? Arch Guard? On Thu, Jun 17, 2010 at 08:46:59PM +0100, Ananda Samaddar wrote: On to the first order of business. As the subject says, what should security team be called. Hopefully we can get a few suggestions and then reach a consensus. Arch Linux Security Task Force just sounds like too much of a mouthful to me. I was brooding over this and I thought some sort of acronym that's an actual word would sound better, so I came up with this: 'Arch Response Team for Security' or ARTS. It's a bit cheesy and cheats a bit to get the acronym but is instantly memorable. I'm aware arts was also a KDE technology but it has long since been deprecated. Ideas? Ananda
Re: [arch-general] New Google Group for discussion and notices on Arch security.
On Fri, 18 Jun 2010 00:35:19 +0200, Miah Johnson m...@chia-pet.org wrote: Things to remember: 1. There is no such thing as secure. 2. Proper security consists of multiple layers of defense. Additional examples of things the AST could do: 1. Propose changes to default configuration files to be more secure, and have more documentation around setting up services in a more secure fashion. 2. Assist with SELinux GRsecurity projects. 3. Propose changes to initscripts to make sure software drops privileges and chroots where possible, or at least make it easier to enable such features. 4. pie / ssp 5. PaX 6. Audits First of all, please don't top post. It is really annoying. A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail? Back on topic: Start a security team while there isn't anything like secure? Alright I get the point, but I guess arch has the natural ability to become faster stable just because of the bleeding edge. Software bugs get tackled faster, patch are quickly spread, not waiting for months like many other distros. I know running the newest code doesn't mean secure, but that choice is up to the user (check the svn and use abs and so on). Other examples, hmm. You can still propose changes, you don't need a team to write a patch for a configuration file or the initscripts. SELinux is not even in community, maybe apply for becoming a TU for it? Or help out at Fedora or wherever it is developed? I don't know much about GRsecurity/PaX/SSP/Audits, but check the Wiki and try to help out there, discus it there. People who are interested should be following those pages and contribute, the same for SELinux. The Wikipages look really nice. I don't know pie, but that would probably have something to do with GRsecurity too. I guess most of the things are already there, some people want to give it a name. I'm not stopping you from a team, but I just don't believe in it after seeing so many fails. (I'm not a Dev nor a TU, just giving my opinion.) -- To read: http://en.wikipedia.org/wiki/Posting_style#Bottom-posting
Re: [arch-general] New Google Group for discussion and notices on Arch security.
Comments interspersed on a few points. On Thu, 2010-06-17 at 15:35 -0700, Miah Johnson wrote: I think there is much more that can be done besides the short list from Ananda. The thing you have to remember is that security does not mean I'm running the newest code.. Things to remember: 1. There is no such thing as secure. 2. Proper security consists of multiple layers of defense. Additional examples of things the AST could do: 1. Propose changes to default configuration files to be more secure, and have more documentation around setting up services in a more secure fashion. Except with very good reasons, I doubt its a good idea to make more changes to default configuration files than necessary, its against the 'upstream as much as possible' policy. The rest sounds fine, though I'm not sure about point 3 since I'm not familiar with what sort of control the initscript has at the moment. 2. Assist with SELinux GRsecurity projects. 3. Propose changes to initscripts to make sure software drops privileges and chroots where possible, or at least make it easier to enable such features. 4. pie / ssp 5. PaX 6. Audits This list is by no means complete, but the end goal should be to make things more secure. The other thing to remember is that just because you are running the latest rev of code, it doesn't mean there aren't vulnerabilities, or unpatched issues. Developers don't always consider issues that could be security issues to be security issues, or don't they understand the security implications of certain issues. Lastly, just because Arch is a rolling release it doesn't mean that everybody that uses it just updates everything at a whim. Some people do believe in change control and it may be useful for those people to be aware of security issues in certain packages that need to be updated. Not everybody does a daily/weekly/monthly system update. For some people stability is a feature. Some people might choose to upgrade packages which are security conscious while taking caution to upgrade a package they are dependent on. My OPINION is that Arch is not a distro for those who do not want to do regular total updates. Of course, some have individual packages in NoUpgrade, but the number of problems which crop up which come down to you didn't run pacman -Syu! is an indicator of why its a bad idea.
Re: [arch-general] New Google Group for discussion and notices on Arch security.
On Fri, 18 Jun 2010 01:00:57 +0200, Ng Oon-Ee ngoo...@gmail.com wrote: My OPINION is that Arch is not a distro for those who do not want to do regular total updates. Of course, some have individual packages in NoUpgrade, but the number of problems which crop up which come down to you didn't run pacman -Syu! is an indicator of why its a bad idea. +1 Forgot to react on that part. -- To read: http://en.wikipedia.org/wiki/Posting_style#Bottom-posting
Re: [arch-general] New Google Group for discussion and notices on Arch security.
On Friday 18 of June 2010 00:35:19 Miah Johnson wrote: I think there is much more that can be done besides the short list from Ananda. The thing you have to remember is that security does not mean I'm running the newest code.. Things to remember: 1. There is no such thing as secure. 2. Proper security consists of multiple layers of defense. Additional examples of things the AST could do: 1. Propose changes to default configuration files to be more secure, and have more documentation around setting up services in a more secure fashion. 2. Assist with SELinux GRsecurity projects. 3. Propose changes to initscripts to make sure software drops privileges and chroots where possible, or at least make it easier to enable such features. 4. pie / ssp I like this! btw, anyone tried/knows about rootless(without root privileges) X? There was a hype about his with KMS, I've heard MeeGo uses this. I've read some articles at phoronix,ubuntu has a blueprint plan for it,.. once I have time, i'll write more on the topic. 5. PaX 6. Audits This list is by no means complete, but the end goal should be to make things more secure. The other thing to remember is that just because you are running the latest rev of code, it doesn't mean there aren't vulnerabilities, or unpatched issues. Developers don't always consider issues that could be security issues to be security issues, or don't they understand the security implications of certain issues. Lastly, just because Arch is a rolling release it doesn't mean that everybody that uses it just updates everything at a whim. Some people do believe in change control and it may be useful for those people to be aware of security issues in certain packages that need to be updated. Not everybody does a daily/weekly/monthly system update. For some people stability is a feature. Some people might choose to upgrade packages which are security conscious while taking caution to upgrade a package they are dependent on. TOFU. -Miah On Thu, Jun 17, 2010 at 3:06 PM, Jeroen Op 't Eynde jer...@xprsyrslf.bewrote: On Thu, 17 Jun 2010 20:57:56 +0200, Ananda Samaddar ana...@samaddar.co.uk wrote: 1. Check for vulnerabilities 2. Know how to use PKGBUILDS and abs 3. Can spare some time to send announcements, create interim PKGBUILDs and file security issues on the bug tracker. 1. [testing] users do that 2. [testing] users, Devs and TUs (should) know this 3. see 1 and 2 IMHO, Arch's rolling release and cutting/bleeding edge kicks the need for a security team. Just do your one man thing like any testing user. The only thing I can think of in ways of security is signed packages, so write some code if you are a coder or put some time in a plan on how to achieve this instead of starting a strange vague unofficial security mailing list. If you do have a lot of security issues about arch, just flood the arch-general mailing list. If the devs see 'a lot' of messages concerning security, they might come back on the arch-security mailing list. Just be patient. -- To read: http://en.wikipedia.org/wiki/Posting_style#Bottom-posting -- Marek Otahal :o)
Re: [arch-general] New Google Group for discussion and notices on Arch security.
On Thu, Jun 17, 2010 at 1:32 PM, Ananda Samaddar ana...@samaddar.co.ukwrote: I've created a Google Group here for discussion around creating an Arch Security Team: http://groups.google.com/group/arch-security Please join it if you're interested. The reason for this group is in response to my rejected suggestion for an arch-security mailing list. I'll CC any policy or process suggestions to arch-general, but when announcements happen and also discussion regarding specific vulnerabilities and mitigation they won't be CCed. If an Arch Security Team comes coalesces and the Devs are happy to integrate us officially then we can consider deleting the group and if possible transferring the archives to archlinux.org. Ananda I am going to vote that you please do not CC all of this to arch-general. Many of us are not concerned with this, and already this afternoon I've seen enough mail regarding it that I can see it as a problem. The arch-security list has been denied, and it seems to me all this is doing is trying to circumvent the denial. Your google group is your business, but I feel that forwarding to arch-general, the most popular list we have, is unfair to those who do not wish to be involved.
[arch-general] b43: wireless issues
I'm having problems getting my wireless connection to work properly. It's a broadcom card, using the b43 driver. It connects fine on login, but once I actually use the network I'm disconnected and all attempts to re-connect fail. I've found some reports of similar behaviour online, but none seem to offer any good solutions to it :-( So I'm trying my luck in here instead. One person mentioned that things started working much better if he limited the network to 802.11b (not g), but I haven't seen any obvious way of achieving this. Any hints on what I can do to test that myself? $ lspci -vnn |grep 14e4 03:00.0 Network controller [0280]: Broadcom Corporation BCM4312 802.11b/g [14e4:4315] (rev 01) I did extract some stuff from dmesg that might be of importance, but I really couldn't tell: b43 ssb0:0: firmware: requesting b43/ucode15.fw b43 ssb0:0: firmware: requesting b43/lp0initvals15.fw b43 ssb0:0: firmware: requesting b43/lp0bsinitvals15.fw b43-phy0: Loading firmware version 478.104 (2008-07-01 00:50:23) b43-phy0 ERROR: Fatal DMA error: 0x0800, 0x, 0x, 0x, 0x, 0x b43-phy0 ERROR: This device does not support DMA on your system. Please use PIO instead. b43-phy0: Controller RESET (DMA error) ... b43-phy0: Loading firmware version 478.104 (2008-07-01 00:50:23) b43-phy0: Controller restarted Cheers, M -- Magnus Therning(OpenPGP: 0xAB4DFBA4) magnus@therning.org Jabber: magnus@therning.org http://therning.org/magnus identi.ca|twitter: magthe
Re: [arch-general] b43: wireless issues
Hi Magnus, Excerpts from Magnus Therning's message of Fri, 18 Jun 2010 00:22 +0100: It's a broadcom card, using the b43 driver. It connects fine on login, but once I actually use the network I'm disconnected and all attempts to re-connect fail. One person mentioned that things started working much better if he limited the network to 802.11b (not g), but I haven't seen any obvious way of achieving this. Any hints on what I can do to test that myself? I used to use b43, but now I don't. I had similar situations with other wifi cards. 1. Two or more access points in the vicinity are using the same channel. If you're able to change the channel, chose one not used by others. The reasons are more or less obvious. 2. If other computers are using the same access point, and my connection is getting dropped I indeed intentionally lower the bitrate: iwconfig wlan0 bitrate 24M (or lower) - it works, but the reason is unknown, I haven't investigated it. You may want to install wavemon program to monitor your connection [0], there is a package in AUR too [1]. Cheers, Sergey [0] http://eden-feed.erg.abdn.ac.uk/wavemon/ [1] http://aur.archlinux.org/packages/wavemon/wavemon/PKGBUILD
Re: [arch-general] New Google Group for discussion and notices on Arch security.
On Fri, Jun 18, 2010 at 8:33 AM, C Anthony Risinger anth...@extof.me wrote: security is the responsibility of those deploying, not those packaging. it requires end-to-end oversight and complete configuration toward a specific and particular purpose; something that is not possible for those creating a distribution for a generic, multi-purpose user base. 2 words. Debian, and SSH. -jf -- Every nonfree program has a lord, a master -- and if you use the program, he is your master. --Richard Stallman It's so hard to write a graphics driver that open-sourcing it would not help. -- Andrew Fear, Software Product Manager, NVIDIA Corporation http://kerneltrap.org/node/7228
Re: [arch-general] File Associations for firefox thunderbird :)^
It would appear that on Jun 16, Patrick Brisbin did say: On 06/14/10 at 11:33pm, Michishige Kaito wrote: I found thunderbird asking me for a program to execute for links. Pointed it to the right program and told it to remember. Never asked again. I wouldn't know where to change it if I ever wanted, but it's been working so far, and I don't use a DE. xdg-open for non-DE users is annoying but possible. I spent an evening reading the source (it's just a bash script anyway). When no DE stuff is present it falls back to some application.list file which associates mimetypes with .desktop files. The list and .desktop files are searched for in /usr/share/applications globally and ~/.local/share/applications on a per user basis. There's also xdg-open commands to add/remove associations and .desktop files to/from the list. No match found for a mimetype and we fall back on $BROWSER. At least that's how I remember it all working, I haven't looked in quite some time. I hear you can also install mimeo or some other Xyne-tool which will override all this and make it work better. Pardon me but this all sounds like a petty annoyance I have when I want to see the content of a pdf I find on the web. I once was a kde user and still prefer several of it's applications over the gnome equivalents. Nowadays I'm usually working from within E17 which is by now more of a DE than a WM (I think)... And I routinely use two different web browsers. (Opera Firefox) Both of which ask me which application I want to open it with. Unfortunately it always defaults to Evince. And I usually get better results with Okular. But unlike Michishige, I'm unwilling to use the pop-up to set the default because I like always having the choice. Unfortunately, for some reason when I'm doing this with my Arch Linux installation, the Open With scroll box never offers any other choices besides Other which won't find okular but makes me enter the full pathname of /usr/bin/okular and worse still, it doesn't even remember the choice if I need to open another pdf from the same browser session. (like when I'm reviewing my banking activity, and I want to peek at more than one canceled check image) These files you mention in /usr/share/applications interest me. But I don't know what to do to them to give greater preference to the desktop files: /usr/share/applications/kde4/okular.desktop /usr/share/applications/kde4/okularApplication_*.desktop Than to: /usr/share/applications/evince.desktop would you be so kind as to give me a pointer or two? I mean I don't suppose I could getaway with simply renaming evince.desktop as okular.desktop to get that effect without buggering up my ability to get evince on the rare occasions when I actually want it? Or perhaps I could simply copy all the okular desktop files from /usr/share/applications/kde4/ to /usr/share/applications/??? -- | ~^~ ~^~ | ? ? Joe (theWordy) Philbrook | ^J(tWdy)P |\___/ jtw...@ttlc.net
Re: [arch-general] What should the Arch Security Team be called?
On 06/18/2010 03:48 AM, J. McBlane wrote: Arch Security Enhancement Team? Securing Arch For Everyone? Arch Guard? On Thu, Jun 17, 2010 at 08:46:59PM +0100, Ananda Samaddar wrote: On to the first order of business. As the subject says, what should security team be called. Hopefully we can get a few suggestions and then reach a consensus. Arch Linux Security Task Force just sounds like too much of a mouthful to me. I was brooding over this and I thought some sort of acronym that's an actual word would sound better, so I came up with this: 'Arch Response Team for Security' or ARTS. It's a bit cheesy and cheats a bit to get the acronym but is instantly memorable. I'm aware arts was also a KDE technology but it has long since been deprecated. Ideas? Ananda I vote for Securing Arch For Everyone (SAFE) -- Regards, Nilesh Govindarajan Facebook: http://www.facebook.com/nilesh.gr Twitter: http://twitter.com/nileshgr Website: http://www.itech7.com Cheap and Reliable VPS Hosting: http://j.mp/arHk5e
Re: [arch-general] New Google Group for discussion and notices on Arch security.
On Thu, Jun 17, 2010 at 10:18 PM, Jeffrey 'jf' Lim jfs.wo...@gmail.com wrote: On Fri, Jun 18, 2010 at 8:33 AM, C Anthony Risinger anth...@extof.me wrote: security is the responsibility of those deploying, not those packaging. it requires end-to-end oversight and complete configuration toward a specific and particular purpose; something that is not possible for those creating a distribution for a generic, multi-purpose user base. 2 words. Debian, and SSH. Did you mean ssl? Andres P
Re: [arch-general] New Google Group for discussion and notices on Arch security.
On Fri, Jun 18, 2010 at 1:25 PM, Andres P aep...@gmail.com wrote: On Thu, Jun 17, 2010 at 10:18 PM, Jeffrey 'jf' Lim jfs.wo...@gmail.com wrote: On Fri, Jun 18, 2010 at 8:33 AM, C Anthony Risinger anth...@extof.me wrote: security is the responsibility of those deploying, not those packaging. it requires end-to-end oversight and complete configuration toward a specific and particular purpose; something that is not possible for those creating a distribution for a generic, multi-purpose user base. 2 words. Debian, and SSH. Did you mean ssl? ah yes, SSL! sorry :) -jf -- Every nonfree program has a lord, a master -- and if you use the program, he is your master. --Richard Stallman It's so hard to write a graphics driver that open-sourcing it would not help. -- Andrew Fear, Software Product Manager, NVIDIA Corporation http://kerneltrap.org/node/7228
Re: [arch-general] Xorg-server 1.8 - when?
* On Wed, Jun 16, 2010 at 12:21:52PM +0200, Lukáš Jirkovský l.jirkov...@gmail.com wrote: On 16 June 2010 12:17, Gaurish Sharma cont...@gaurishsharma.com wrote: Hi, I think Nvidia still does not work with 1.8 Regards, Gaurish Sharma At least nvidia-beta works fine. I am using xorg-server from about one month. No issues so far. Also I am using nvidia-beta (for 1.8 from versions 195.36.24 onwards,currently on 256.29). --- Raghavendra D Prabhu
Re: [arch-general] mplayer 31428-1 broken without libvpx.so.0
On 17 June 2010 17:48, julroy67 julro...@gmail.com wrote: You're right, it was AUR version that I maintained, the first release of libvpx provided only the static lib, and unfortunately, it seems that the libvpx package in extra don't replace the AUR package that is now deleted. Remember, official packages never replace, conflict with, or provide for anything in AUR, so this was normal behaviour. -- GPG/PGP ID: B42DDCAD
