Re: On Lists and Iterables
As J Fernyhough notes elsewhere in the thread, this is not the list to quibble
about Python 3.
Though, as John Lenton notes, there are excellent reasons for most of the
changes in Python 3, which of course has a different leading version number
precisely because it is not backward compatible. See e.g. this piece on the
critical need for Python 3, and the benefits of it. E.g.
Why Python 3 exists https://snarky.ca/why-python-3-exists/
For more on the rationale for changes related to iterators see
http://portingguide.readthedocs.io/en/latest/iterators.html
But it is very much appropriate for this list to help developers port packages
so they can continue to be supported in future Ubuntu versions after Python 2
is demoted.
And you should be pleased to learn that often all you have to do is use the
2to3 or futurize tools to automatically port your code to Python 3. After
doing so you can take advantage of the cleaner and more efficient Python 3
world. It is of course a hassle to do so, but it is a one-time cost, with many
benefits.
For example here I port your one-line Python 2 script that uses zip.
$ cat porting_example.py
print zip(["a","b"], ["c","d"])
$ python porting_example.py
[('a', 'c'), ('b', 'd')]
$ 2to3 porting_example.py > porting_example.patch
$ cat porting_example.patch
--- porting_example.py (original)
+++ porting_example.py (refactored)
@@ -1 +1 @@
-print zip(["a","b"], ["c","d"])
+print(list(zip(["a","b"], ["c","d"])))
$ patch -b < porting_example.patch # -b saves original as
porting_example.py.orig
$ cat porting_example.py
print(list(zip(["a","b"], ["c","d"])))
$ python3 porting_example.py
[('a', 'c'), ('b', 'd')]
See docs at http://python3porting.com/2to3.html
Porting Python 2 Code to Python 3 — Python 3.6.1rc1 documentation
https://docs.python.org/3/howto/pyporting.html
Neal McBurnett http://neal.mcburnett.org/
On Fri, Dec 15, 2017 at 11:40:14AM +0100, Xen wrote:
> I am just posting this so I don't have to save the text.
>
>
> 2.7: type(zip(["a","b"], ["c","d"]))
>
>
> 3 : type(zip(["a","b"], ["c","d"]))
>
>
> 3 : zip(["a","b"], ["c","d"])
>
>
> 2.7: zip(["a","b"], ["c","d"])
> [('a', 'c'), ('b', 'd')]
>
> 3 : list(zip(["a","b"], ["c","d"]))
> [('a', 'c'), ('b', 'd')]
>
> I don't even know what Iterables are.
>
> I just know that I can't print them directly.
>
> Python is supposed to be a beginner-friendly language.
>
> But this is incomprehensible.
>
> Zipping by definition produces a list of tuples, I mean zipping a
> list by definition creates a list of tuples, not a "zip" object.
>
> The whole semantic definition of "zip" is to take 2 (or more) lists,
> then create tuples out of every matched list element, and return
> those as a new list.
>
> Not to be left in some intermediate stage which is somehow more
> efficient to the interpreter or something.
>
> That would be like calling Set.difference and then getting a
> Difference object instead of a Set.
>
> Just an example of a user-unfriendly change.
>
> I already know someone is going to say "No it's not." and then leave
> it at that.
>
> About the above.
>
> Regards.
--
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Software installation on modern Ubuntu
Very helpful (and eye-opening) discussion of installation issues - thanks. Since it hasn't been mentioned yet, I'll note my favorite, the first install I make on new systems: wajig (https://en.wikipedia.org/wiki/Wajig) for command-line installs. It combines the confusing array of apt-* commands into one unified command, auto-invokes sudo when necessary, and much more. Cheers, Neal McBurnett http://neal.mcburnett.org/ On Sat, Aug 26, 2017 at 10:15:46PM +, Matt Wheeler wrote: > On Sat, 26 Aug 2017, 18:21 Colin Law wrote: > > OK, I see where you are coming from. It never occurred to me that > anyone wanting to install libgtk2.0-dev, or similar, would want to use > a GUI. I assumed everyone used apt for that. Obviously I am wrong. > > > I'd add to this that aptitude has an excellent curses-based interactive mode > (just run aptitude with no options) which feels > similar to synaptic to use. Very powerful search options (which are also > available on the aptitude command line) and interactive > resolver choice selection which is occasionally very useful. > > A surprising number of people on debian-devel were unaware that aptitude has > an interactive mode during a related discussion over > there, so I think it's worth pointing out here too :). > > -- > > -- > Matt Wheeler > http://funkyh.at > > -- > Ubuntu-devel-discuss mailing list > Ubuntu-devel-discuss@lists.ubuntu.com > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: the right to make a difference
Thank you Sam for yet again wading thru all of these misconceptions about the GPL and copyright licenses. It really is very clear. The GPL allows people to modify the software ONLY if they agree to the conditions of the license, just like any other copyright holder does when they LICENSE software. The license is the only thing that allows more than 'fair use'. Grsecurity is welcome to work on anything they like, or not. But if they want to modify and redistribute the Linux kernel, they need to abide by the GPLv2, which requires allowing free redistribution of their modifications. Note that they aren't just offering a driver or some sort of add-on or plugin. Their latest "test" patch at https://grsecurity.net/test/grsecurity-3.1-4.5.5-201605291201.patch modifies over 3000 distinct files in the kernel. But really, this discussion about copyright and license philosophy clearly doesn't belong here. There is tons about it to read online, and discussions can go to the Open Source Initiative "License Discuss" list: https://lists.opensource.org/pipermail/license-discuss/ among others. Also see this page for more information and links: http://www.fsf.org/licensing I found it helpful to get the initial notice of complaints about Grsecurity, which seems relevant to Ubuntu in a variety of indirect ways. But unless there is something else particularly relevant to Ubuntu about that, I'd ask people to find the more appropriate venues for the conversation. Cheers, Neal McBurnett http://neal.mcburnett.org/ On Thu, Jun 02, 2016 at 03:33:59PM +0100, Sam Bull wrote: > On Thu, 2016-06-02 at 14:35 +0200, Xen wrote: > > The intention of the GPL is not really relevant. > > > > What happens is that the authors remain to have a say about how the > > product is used, if copyright is at play (at least the idea of > > copyright). > > Yes, and the authors stated they require you to allow redistribution of > any modifications under the same conditions of the GPL. -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: GRsecurity is preventing others from redistributing source code
I agree with RMS that it sounds like this is a GPL violation. That also seems to agree with what you quoted from bkuhn (Brad Kuhn, president of Software Freedom Conservancy), who simply noted that we needed more details and the complaint has to be originitated by someone who does have the code and wants to distribute it. That's quite different from your characterization of the SFC response. And I agree that this is quite different from what Red Hat does, since they do distribute their patches. They protect their brand via trademark, which is appropriate. Someone who wants to open up GRsecurity patches could buy commercial support: https://grsecurity.net/business_support.php Elsewhere it has been said that support cost $200, but perhaps that has changed. Thanks for noting this, and I hope we find someone who can actually make this happen, or file a legal case. Neal McBurnett http://neal.mcburnett.org/ On Wed, Jun 01, 2016 at 02:37:51PM +, concernedfoss...@teknik.io wrote: > Here is RMS' response: > > Re: GRsecurity is preventing others from employing their rights under version > 2 the GPL to > redistribute source code > Richard Stallman (May 31 2016 10:27 PM) > > [[[ To any NSA and FBI agents reading my email: please consider ]]] > [[[ whether defending the US Constitution against all enemies, ]]] > [[[ foreign or domestic, requires you to follow Snowden's example. ]]] > > If I understand right, this is a matter of GPL 2 on the Linux patches. > Is that right? If so, I think GRsecurity is violating the GPL on > Linux. > > -- > Dr Richard Stallman > President, Free Software Foundation (gnu.org, fsf.org) > Internet Hall-of-Famer (internethalloffame.org) > Skype: No way! See stallman.org/skype.html. On Wed, Jun 01, 2016 at 02:15:46PM +, concernedfoss...@teknik.io wrote: > There is an important distinguishing feature: RedHat itself does release its > sourcecode, albit as huge code patches rather than the little ones that are > desired, but that makes the issue moot even before it would go to court. > > That is an important distinction, so these situations are not the same. > > Here the source is not released by Spengler to the public, > the stable patches do differ substantially from the "testing" patches > (one feature is 5 times bigger in the closed stable patch), and > sublicensees are threatened to not distribute. > > Now some people are arguing that kernel patches are not derivative works; > which would make the entire GPL even MORE worthless than it already has shown > to be in practice. > https://www.law.washington.edu/lta/swp/law/derivative.html > > And the SFConservancy doesn't seem to give a damn, > and #fsf and #gnu all scream to the high heavens that what spengler is doing > is just fine and > they seem to totally support him in it. > > I try to teach them that there is more to the law than their license but they > won't listen. > > > There is a legal term for this. It's called acting in bad faith. > That often gets your contract nullified. > Here there is a license grant. Spengler is acting in bad faith to frustrate > its purpose. > It does not matter if he is breaking legs, threatening to expose secrets, or > threatining to raise prices to exorbidant rates, or to cease sending the > patches: > What matters is that his goal is to deny the sublicensee the right given to > the sublicensee by the original licensor, and that he has obtained that goal > via his actions (the threats here). > > He has frustrated the purpose of the agreement (the grant) he had with the > original licensor, and thus > the grant fails. In other words: he has violated the license. > > > June 1 2016 2:02 PM, "Jonathan Corbet" wrote: > > On Tue, 31 May 2016 18:47:38 + > > concernedfoss...@teknik.io wrote: > > > >> Is this not tortious interference, on grsecurity's (Brad Spengler) part, > >> with the quazi-contractual relationship the sublicensee has with the > >> original licensor? > > > > Unfortunately, it doesn't seem to be that way. This is essentially the > > Red Hat approach, and that has generally been deemed to be acceptable over > > the years. > > > > jon > > -- > > Jonathan Corbet / LWN.net / cor...@lwn.net -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Updater can't update kernel due to disk space
On Thu, Jan 15, 2015 at 12:49:10PM -0200, Cláudio Sampaio wrote: > On Thu, Jan 15, 2015 at 12:45 PM, Colin Law wrote: > As from 14.04 apt-get autoremove should remove old kernels except for > current and most recent. > > > apt-get autoremove is an "arcane command-line tool". I thought by this part > of the discussion it had became clear that it is not a > sensible solution (except maybe if auto-scheduled). +1 Neal McBurnett http://neal.mcburnett.org/ -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Why Ubuntu doesn’t support certain form of shebang for Python?
On Tue, Nov 11, 2014 at 05:19:38PM -0500, Barry Warsaw wrote: > On Nov 11, 2014, at 11:48 AM, Neal McBurnett wrote: > > >I'm glad that python2 is in Debian and Ubuntu (do you know offhand which > >releases?). Which distros is it still not supported in? Are they likely to > >catch up? > > Sorry, I don't know off-hand. > > >Do you see a path to a world where compliance with PEP 0394 is the right > >approach, making the transition to python3 easier? > > > > http://legacy.python.org/dev/peps/pep-0394/ > > I suspect PEP 394 will mostly be a reflection of reality rather than a driver > of downstream policy. E.g. I think it will be a very long time, if ever, > that you'll see PEP 394 recommend, or widespread de facto adoption, of > /usr/bin/python pointing to Python 3. Maybe by Python 4 . > > Hopefully though PEP 394 will stop other distros from doing insane things like > was done with that one existing "adventurous" outlier. > > Cheers, > -Barry I should have clarified my point better. Scott's message recommended putting python, rather than python2 in shebangs, since it works in more distros. That seems to be In contrast with PEP 394, which says to use python2 rather than python, unless the code works in both python 2.x and python 3.x. That is in order to facilitate migration, and it would be necessary before anyone could make the next step you talk of (pointing python to python 3). That's why I'm wondering where the PEP 394 approach doesn't currently work, and when we might indeed recommend following the current PEP 394 standard. Thanks, Neal McBurnett http://neal.mcburnett.org/ -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Why Ubuntu doesn’t support certain form of shebang for Python?
On Tue, Nov 11, 2014 at 01:35:09PM -0500, Scott Kitterman wrote:
> On Tuesday, November 11, 2014 13:04:38 Rodney Dawes wrote:
> > On Tue, 2014-11-11 at 18:02 +0100, GatoLoko wrote:
> > > Since different distributions and unix systems may have different paths,
> > > you may want to use the env utility in a shebang like "#!/usr/bin/env
> > > python2".
> >
> > Using /usr/bin/env will cause problems in certain conditions, such as
> > when running under a virtualenv and other such environments.
> >
> > Also, for python 2.x scripts, you should always use /usr/bin/python, and
> > if python3 is required, /usr/bin/python3. There is no guarantee that
> > "python2" will be a valid command.
>
> The problem is that one Linux distro went insane and pointed /usr/bin/python
> at a python3 version, which is the only reason the PEP creating
> /usr/bin/python2 exists, so thanks to them there is no common shebang one can
> be sure will always work. /usr/bin/python works fine everywhere but one
> distro, so that's what I'd use too. /usr/bin/env python{2} is fine for
> developer oriented packages where they may want to override the default
> python
> version in some contained environment, but risky for things that are part of
> an actual system.
I'm glad that python2 is in Debian and Ubuntu (do you know offhand which
releases?).
Which distros is it still not supported in? Are they likely to catch up?
Do you see a path to a world where compliance with PEP 0394 is the right
approach, making the transition to python3 easier?
http://legacy.python.org/dev/peps/pep-0394/
Thanks,
Neal McBurnett http://neal.mcburnett.org/
--
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Pre-upgrade warnings and advice?
On Fri, Jun 06, 2014 at 02:46:46PM +0100, Matthew Paul Thomas wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Neal McBurnett wrote on 02/06/14 20:49:
> > Is there anything in the official upgrade tools to remind users
> > about use of ppas, non-repo packages, unofficial desktops or other
> > potentially problematic bits of software like unofficial programs
> > which "tweak" UI settings and the like?
> >
> > I recall some warning about some such packages at upgrade time,
> > but I forget when it happens, what it includes, and what advice it
> > gives.
>
> The alert appears after the release notes, and before the new packages
> are downloaded. It has primary text "Third party sources disabled",
> and secondary text "Some third party entries in your sources.list were
> disabled. You can re-enable them after the upgrade with the
> 'software-properties' tool or your package manager." It has one
> button, "Close".
>
> There are several problems with this. Is it really necessary for the
> sources to be disabled? Does that mean software from those channels
> will be removed too? If so, which software is involved? And if not, if
> a security update is issued in that third-party source later on, am I
> just out of luck? Why is there no button for cancelling the upgrade at
> this point? And if I cancel the upgrade after this point, do the
> sources remain disabled, and if so, why?
>
> Even if the function is unchanged, the presentation could be improved
> in many ways. Why am I exposed to the filename "sources.list", when I
> probably added the channel through Software Sources without seeing
> that filename? What is an "entry", and what does it mean for it to be
> "disabled"? Which ones were disabled, exactly? Why is a graphical tool
> referred to by its command-line name? Why is it using Ascii
> apostrophes instead of quote marks? And what is a "package manager"?
Excellent points, Matthew! And thanks for digging out the details.
> > It would seem most convenient to have a safe, stand-alone
> > application that would just look for such software and give good
> > advice on what might not work, where folks might go or look for
> > upgrade paths supported by PPA developers or other organizations,
> > etc. It would help a lot if it didn't spew out too much
> > information, e.g. by combining warnings for a set of packages into
> > an overall warning about a particular desktop or suite of related
> > packages with similar upgrade issues.
>
> Why would it be most convenient for it to be a standalone application?
> That would mean that most people upgrading wouldn't see it and
> therefore wouldn't benefit from it. And if it was intended for use
> outside the upgrade process, that's what Software Sources is for. It's
> already a Windows-Vista-like awkwardness that Software Sources is a
> standalone app instead of a System Settings panel.
>
> - --
> mpt
The option I was focusing on is the "pre-upgrade" phase. I'd like to have an
app that just keeps track for me of what I've been doing that might affect
future upgrades. It could also help me recover my third-party packages,
tweaks, etc. after an upgrade. It would help us do "spring cleaning" of our
sources, packages, etc, when we're not in the heat of following a shiny package
("Hey I want to try this package out and will do whatever it takes to install
it, ignoring possible upgrade issues down the line.")
In that regard, the recent response describing Aptik was most encouraging. See
e.g.
Aptik - A Tool to Backup/Restore Your Favourite PPAs and Apps in Ubuntu
http://www.tecmint.com/aptik-a-tool-to-backuprestore-your-favourite-ppas-and-apps-in-ubuntu/
Aptik: Command line utility to simplify re-installation of software packages
after upgrading and re-installing the Linux distribution.
https://launchpad.net/apt-toolkit
Unfortunately it seems to still only be available from a PPA itself.
So I see two use cases. Besides the one I describe, you're noting that the
actual upgrade process should be clearer, and I certainly agree. That would
benefit everyone who upgrades. At a minimum I'd suggest that during there be
better information, as you suggest, an option to cancel, and a reference to an
official version of aptik or something like it.
Cheers,
Neal McBurnett http://neal.mcburnett.org/
--
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Upgrade issues
On Mon, Jun 02, 2014 at 02:18:52PM -0700, Dale Amon wrote: > On Mon, Jun 02, 2014 at 01:59:23PM -0600, Neal McBurnett wrote: > > The appropriate way to deal with clear bugs is to report them in launchpad, > > along with the necessary details like steps to reproduce, kind of hardware, > > etc. Do you have bug numbers for these? > > It is not clear these are bugs. It seems more likely they > are just items for which someone can say: "Just do this" or "Just > read this". > > The only one I think is a probable real bug is the inability > of the backdrop panel to handle large numbers of files. You cut out the text of mine that you're responding to, but you'll see that in that reply I only was talking about the items that clearly are bugs: the large number of files and the "lockups on lid closure". Did you subumit bug reports on them? As for the rest of your issues, as far as I can see Mate was in the "universe" component in Saucy, and thus does not have official support available. It should have "community support", but that is hard, especially for very tricky stuff like seamless upgrades. I still suggest detailing your experiences in launchpad bug reports for those also - that is the best way to get help and to help others out, in my experience. Or, indeed, to switch to a distro that focuses on your preferred software, if it has a better track record or community for what you want to do. See more at https://help.ubuntu.com/community/Repositories: Universe The universe component is a snapshot of the free, open-source, and Linux world. It houses almost every piece of open-source software, all built from a range of public sources. Canonical does not provide a guarantee of regular security updates for software in the universe component, but will provide these where they are made available by the community. Users should understand the risk inherent in using these packages. Popular or well supported pieces of software will move from universe into main if they are backed by maintainers willing to meet the standards set by the Ubuntu team. Neal McBurnett http://neal.mcburnett.org/ -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Upgrade issues
On Mon, Jun 02, 2014 at 12:50:29PM -0700, Dale Amon wrote: > The big must fix items: > * Critical: lockups on lid closure ... > And note that you really do have at least one bug in the > backdrop and lock panel. I have thousands of aviation photos > in ~/Pictures and it cannot deal with it, only shows perhaps > one of ten images for backdrop selection. The appropriate way to deal with clear bugs is to report them in launchpad, along with the necessary details like steps to reproduce, kind of hardware, etc. Do you have bug numbers for these? Thanks, Neal -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Pre-upgrade warnings and advice?
Ubuntu support for upgrades naturally depends on exactly what is being upgraded. Use of software from outside the official Ubuntu repositories (PPA repositories or .deb files or tar.gz packages or the like) means upgrades may be more complicated for the user. Is there anything in the official upgrade tools to remind users about use of ppas, non-repo packages, unofficial desktops or other potentially problematic bits of software like unofficial programs which "tweak" UI settings and the like? I recall some warning about some such packages at upgrade time, but I forget when it happens, what it includes, and what advice it gives. It would seem most convenient to have a safe, stand-alone application that would just look for such software and give good advice on what might not work, where folks might go or look for upgrade paths supported by PPA developers or other organizations, etc. It would help a lot if it didn't spew out too much information, e.g. by combining warnings for a set of packages into an overall warning about a particular desktop or suite of related packages with similar upgrade issues. Do things like that exist? Cheers, Neal McBurnett http://neal.mcburnett.org/ -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Upgrade issues
You would make this easier for yourself and all of us if you start with a few basic bits of information: Which Ubuntu version did you use before the upgrade? What did you upgrade to? How did you do the upgrade? Which desktop did you use? I note you mention "Mate" which I don't know much about, but which until very recently seems not to even have been in the official repositories. Did you install it via a PPA? Did you use tweaks or other UI configuration management tools that are not officially supported by Ubuntu? If you used features unsupported by Ubuntu, you should ask the supporters of those repos and tools about how to do a clean upgrade. Neal McBurnett http://neal.mcburnett.org/ -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Aptitude installed by default on 13.10?
On Tue, Apr 09, 2013 at 01:25:22PM -0700, Clint Byrum wrote: > Excerpts from Robert Holtzman's message of 2013-04-09 12:33:05 -0700: > > .snip > > > > > On Ubuntu Desktop we want to discourage usage of command line =) as > > > there is no need for that for non-developers. > > > > That's one of the more elitist, swinishly arrogant statements I've heard > > lately. Are you actually discouraging new users from learning linux? > > Why? The cli is one of the best teaching tools there is. Are you afraid > > of confusing Grandma and Grandpa? Is this part of the process of dumbing > > down the distro that's been going on lately? Did the devs come up with > > that or was it an edict from Mavelous Mark? > > > > I hope to hell that was a joke. > > > > For computer enthusiasts and power users, the CLI is great. But for the > person who sees their computing device as a window to other activities, > it is a huge distraction. It's good to help people avoid things they see as distractions. But that is no cause to "discourage usage of command line", since for many people it is a huge time-saver and far less distracting than wading thru the learning curve on the GUI-du-jure. So given that it seems we can agree that the original message was a bit off-target (thanks for the clarification, Brett!), can we also agree that this notion that Ubuntu wants to "discourage usage of command line" (sic) is also not only unsupported by any evidence, but not a good idea. Instead, let's continue to free GUI-lovers from *needing* to use the command line, and let's make it easy for command-line users to retain all their superpowers without needless disruption. Specific bug reports related to those goals are welcomed. And lets all take a deep breath. In... Out... Ahhh... Thanks to all the volunteers and supporters that make Ubuntu possible! Neal McBurnett http://neal.mcburnett.org/ -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: How to install Precise without getting screwed?
Dale, please note that this is the "ubuntu-devel-discuss" list. You are not talking to Canonical. You're not even talking to the main developer list "ubuntu-devel". This is an "open-to-anyone" list and I don't even know how many developers pay attention to it. They certainly pay less attention to a thread with a title like this one. This is a place where people, mostly volunteers, typically try to get started in making technical contributions to Ubuntu, which is why people keep trying to steer the conversation back to concrete suggestions, bug reports, etc. That's how we get stuff done here. If you want to talk business, this is not the right place, nor is it the right place to get someone else to talk business on your behalf. To talk business, I'd suggest either giving Canonical a call, or looking at the huge variety of support options (from Canonical and from many many others) at http://www.ubuntu.com/support If you're not interested in a business relationship (which might well involve money), perhaps you could take it up with the Technical Board, or the Community Council. Or really get involved, by coming to the Ubuntu Developer Summit, or digging in to the aspect of Ubuntu where you could have the best leverage. But this is not the place to address the concerns you have, at least in the way you're trying to frame them. Neal McBurnett http://neal.mcburnett.org/ On Wed, Apr 11, 2012 at 09:04:47PM +0100, Dale Amon wrote: > On Wed, Apr 11, 2012 at 09:33:54PM +0200, Sebastien Bacher wrote: > > You also assume that > > - what you used before was "meet(ing) customer needs" better than > > Unity, it might be true for you or your customer, it doesn't mean > > your case is the most common one in the world > > Just curious, what is the customer base > you are working with? I do systems for > investor conferences (for a large NY bank); > various moderate sized accountancy firms (DC area) > and a number of aerospace companies (New Space > market segment, ie private space). > > I also often work side by side with techs from the big > broadcast networks and guys who have worked > on Wall Street. (It's nice work while the contracts > are running... I'd do nicely if those gigs were > more regular.) The folks I deal with have racks of > gear in colo's in Manhattan. > > Also, I've been around the patch a bit and know a lot > of folks and what their requirements are... hint: my > first program was in Fortran on a 360/67 at Carnegie > Mellon. > > > > > > -- > Ubuntu-devel-discuss mailing list > Ubuntu-devel-discuss@lists.ubuntu.com > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: No Cyber Cafe Software for Ubuntu yet...
On Wed, Dec 23, 2009 at 01:12:52PM +, Matthew Paul Thomas wrote: > Onkar Shinde wrote on 23/12/09 09:19: > > > > On Mon, Dec 21, 2009 at 3:09 AM, omar ar > > wrote: > >> > >> Why not the ubuntu developer develope the cyber cafe software that > >> works with ubuntu server and clients. There is no any cyber cafe > >> software for ubuntu yet. and make it open source perhaps. It will > >> make easier for anybody who wants to open a cyber cafe business. > > > > Just saying cyber cafe software doesn't say much. What kind of > > functionality are you looking for. Perhaps it is already available in > > different packages. > >... > > A client applet that locks the screen whenever the computer is not in > use; shows time elapsed, and charges so far, whenever it is in use; and > completely resets the environment when the customer has finished. > > An editable schedule of charges for amount of time spent on the computer > (including things like overnight specials and loyalty programs), and for > extras such as printing and CD-Rs. > > A dashboard showing a geographically-correct map of computers in the > cybercafe; whether each one is free, in use, in use but idle, or > unresponsive; and for each one in use, how long it has been used and > what charges have accrued. The ability to add extra charges to a > computer manually, or to reset its time if something went wrong. > > Integration with the printing system, so that when someone prints > something they get charged automatically. > > As a bonus, the ability to check what's happening on the screen of each > computer to ensure that it won't be disturbing other customers. Good list! For what it's worth, I used Linux-based cyber cafe software (workstation and presumably server also) at a cyber cafe near the train station in Bansko Bulgaria in 2005. So there has been some demand/availability :) Neal McBurnett http://neal.mcburnett.org/ -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Apache Maven to be removed from Karmic?
On Thu, Oct 15, 2009 at 11:09:41AM -0400, Alvin Thompson wrote: > Currently, the Apache Maven package doesn't work due to the libplexus > packages (a Maven dependency) being synced from Debian but not Maven > itself. According to the bug reports [1][2], this isn't going to be > fixed for Karmic and the Maven package will most likely just be dropped. ... > 1. https://bugs.launchpad.net/bugs/427539 > 2. https://bugs.launchpad.net/bugs/417164 > 3. https://bugs.launchpad.net/bugs/450554 Thanks for linking to the source of great information on the complex issues here. The bugs in launchpad are where developers generally focus most of their attention, so there is high quality updated linked information there. Note in https://bugs.launchpad.net/bugs/427539 that there is a Maven2 package from Artur reported to work in karmic, deployed now in a personal package archive (ppa): Workaround is install maven2 from ppa: https://launchpad.net/~uninea/+archive/java Please test it and give feedback. And there still seems to possibly be a chance of getting that in karmic if people can test it out and help get it built in a way that works properly within the ubuntu build process. If that doesn't work out, please recognize how hard it is to put together a project like Ubuntu with over 24000 packages, many at the cutting edge, most maintained by loosely-coupled volunteers, on a clockwork schedule that can't possibly match the schedules of all the component upstream development projects. We can always use new testers, developers, and folks to get involved early in a release cycle to look out for issues like this. Thanks, Neal McBurnett http://neal.mcburnett.org/ -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Ubuntu Desktop Unit Consistency (LP: #369525)
On Wed, Jun 10, 2009 at 09:01:48AM +0800, Christopher Chan wrote: > Except that this is not 'improvement'. This is about blowing that > erroneous three decade or so operating system convention of using SI > prefixes for 1024 multiples of bytes out of the water without adding to > the confusion that is leading to this move back to standards. That is > absolutely not something Ubuntu specific and therefore not an > improvement for the Ubuntu 'movement/OS'. > > Besides, I have already made clear in later posts in this thread that I > really do not care what is used so long as it is uniform across all > operating systems. If Ubuntu wants to do its thing while other operating > systems keep convention, be my guest. You bet that I, for one, will not > be installing it anywhere on school campus because the school has more > important things to do than preach Ubuntu is right and all other > operating systems are wrong which is why you have different numbers for > GB on Ubuntu and XP, Solaris and Mac OS X and I will not risk looking > like a fool or an Ubuntu/Linux fundamentalist for something the school > may or may not care about. People keep ignoring a part of the original issues pointed out here. While for some things (e.g. file sizes) there has been a recent pattern of using the metric units improperly, that is not true when other things on computers are measured, e.g. bandwidth, and is never true for any other units (energy, distance, time, etc). For the prefixes and units to make any sense at all to users, they need to be consistently used. We can't expect people to learn that M means 10^6 for everything except storage on computers. And anyone who does anything with the numbers (like dividing file sizes by bandwidth units) to see how long something will take will get results that are off by larger and larger amounts as we move from kilobytes to terabytes. It is certainly an improvement to make these things make sense. We can argue about how to do it, who to work with, etc, but this confusion finally needs to be cleaned up. Neal McBurnett http://neal.mcburnett.org/ -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Ubuntu Desktop Unit Consistency (LP: #369525)
This discussion is devolving into apples vs oranges, so here is a shot at helping us focus again. Note the subject line talks about the "Desktop", not the command-line stuff where POSIX got its start. The original post on this topic was talking about Gnome and glib: https://bugs.launchpad.net/ubuntu/+source/glib2.0/+bug/369525 I doubt that POSIX has anything to say about glib, but perhaps I'm missing something. There I think using standard SI units properly is probably the best approach for desktop users in Gnome. I think we've already seen that many interesting command line apps (which POSIX does address) have a --si option which I'm guessing allows folks to stay POSIX-compliant or get something that meets the SI standard, so that's cool. We've also discussed the fix (already fixed in intrepid) for ifconfig. https://bugs.launchpad.net/ubuntu/+source/net-tools/+bug/240073 and I don't know but I somehow doubt that there is a POSIX issue there, though I guess that some folks might parse the output and get confused. But it seems like the right direction to go. I think it will help in this discussion to be very specific about which tool or application we're talking about. I think POSIX is important, as is clarity and consistency about use of unit prefixes, as is consistency with upstream and other distros. And as we've seen, those can conflict. So I expect it to be an ongoing conversation as we look at each package. If we can use standard SI and/or IEC units without violating POSIX, I think we should. There was also a discussion all this last September on the devel list: Ubuntu Policy: prefixes for multiples of units https://lists.ubuntu.com/archives/ubuntu-devel/2008-September/026567.html and I recall a discussion at UDS-Jaunty https://wiki.ubuntu.com/UDSJaunty about it but the link on that page to the schedule is gone http://summit.ubuntu.com/uds-jaunty/ and I don't see any mention of it in the reports. Scott - can you shed some more light on that? In general the best way to have an effect is to comment in the bug reports, or in the blueprint, both of which help to preserve important context. See also the Gnome bug discussions: storage units standard http://bugzilla.gnome.org/show_bug.cgi?id=309850 g_format_size_for_display() should use correct IEC units http://bugzilla.gnome.org/show_bug.cgi?id=554172 Neal McBurnett http://neal.mcburnett.org/ -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Ubuntu Desktop Unit Consistency (LP: #369525)
On Tue, Jun 02, 2009 at 10:59:10AM +0800, Christopher Chan wrote: > Neal McBurnett wrote: > > I agree. More details and discussion are at this ifconfig bug report, > > which came to the same conclusion: > > > > https://bugs.launchpad.net/ubuntu/+source/net-tools/+bug/240073 > > > The interface speed in base10 yes. The number of bytes transferred, NO, > because that is and has always been base2. You are barking up the wrong > tree with regard to ifconfig's report on RX and TX bytes. Your beloved > bit_rate page is only for interface speed. So a 100mbit/s interface can > be reported as 12.5MB/s interface (100,000,000bits/8 = 12,500,000bytes) > which is still base10 but the amount of bytes transferred has to be > base2 because that is how blinking file sizes are calculated. The size > of a file has always been base2 and so this nonsense of reporting disk > space in base10 will only lead to discrepancies between the amount of > space available and how many files you are dump on it. > > That stupid IEC standard is at complete odds with the way computers > operate. I don't want to have to miscalculate just because tools started > following stupidity and gave me numbers that were rounded up or down. > Take this MB/Mib nonsense and stuff it. As a system administrator, I am > having NONE of it. Have you read the actual references we've been providing? Would you mind providing some of your own if you disagree? This is not just the IEC promoting consistent use of the metric system - it is most of the relevant standards bodies. The world doesn't care that some system admins got used to a bad idea when it was in vogue for a short while in the overall history of the metric system. Users buy disks that list decimal multiples on the box, and are pissed when the system reports it as a smaller number. There are more users who want the world to agree on what the prefix "M" means, than sysadmins who want to redefine the metric system. E.g. http://en.wikipedia.org/wiki/Binary_prefix#Software The binary convention is supported by standardization bodies and technical organizations such as IEEE, CIPM, NIST, and SAE.[4][2][5][58] The new binary prefixes have also been adopted by the European Committee for Electrotechnical Standardization (CENELEC) as the harmonization document HD 60027-2:2003-03.[59] This document will be adopted as a European standard.[60] As described elsewhere on that page, with pictures of labels and reference, files have been described with both properly labeled decimal multiples, and with mislabled binary multiples over time. The insanity must stop, and imagining that people will prefer a system where you transmit at 1 MB/s for one second and end up with . Saying that having 8 bits in a byte affects these arguments makes no sense to me. I bet most users and consumers don't even know how many bits are in a byte, and would see no reason to change what the prefixes mean based on it. Neal McBurnett http://neal.mcburnett.org/ -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Ubuntu Desktop Unit Consistency (LP: #369525)
On Mon, Jun 01, 2009 at 09:23:25AM +0200, Martin Pitt wrote: > Remco [2009-06-01 5:15 +0200]: > > I have a file here of "701.2 MB", which is "735270912 bytes". Now, if > > it really *were* 701.2 MB, then it would be 70120 bytes. So that's > > clearly base 2, which should be MiB. > > Indeed this is a bug which we should fix. It should say "735.3 MB". > > > While that may be true, the most useful thing about base 10 is that > > normal humans can actually understand it. We cannot calculate using a > > binary number system. Base 2 is not useful for anything, except > > sometimes in programming. > > I'm still inclined to keep the exception for RAM size, though, since > they consistently come in multiples of MiB/GiB. Everything else should > use MB/GB, though. I agree. More details and discussion are at this ifconfig bug report, which came to the same conclusion: https://bugs.launchpad.net/ubuntu/+source/net-tools/+bug/240073 Neal McBurnett http://neal.mcburnett.org/ -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Ubuntu 8.10 released but...
On Thu, Oct 30, 2008 at 07:09:32PM -0400, Scott Kitterman wrote: > On Thu, 30 Oct 2008 16:50:33 -0400 Martin Owens <[EMAIL PROTECTED]> wrote: > > > >> Firefox is a special case. Because of Mozilla Corp's trademark policy > >> Ubuntu cannot ship Firefox and call it Firefox unless Mozilla has > approved > >> all the changes in the package. If you have a problem with Firefox, I > >> think you really need to look upstream. > > > >Doesn't this tie our hands with regards to serving our users? If mozilla > >went evil and decided to ignore any bugs not found in the windows > >version. What would we do? > > Switch to the unbranded "abrowser" version that we already ship. We can > modify that all we want, but since it's built from the same source as > Firefox, it's not particularly feasible to diverge from the branded package > while we continue to ship it. > > >Ont he other hand for Mozilla's side, aren't they inviting forks if no > >one but Mozilla devs can fix problems? > > > > We recently had a painfully long discussion on this topic and I don't care > for doing it again. Like it or not, their policy is what it is. > > We can fix problems, we just need permission to ship the fix. Asac and > Ubuntu Mozillateam do a good job in a difficult environment. > > Scott K Scott is right - complicated trademark issues leave us with two options as described above. For those that want to see the discussion, most of it is pointed to in this long bug: https://bugs.launchpad.net/ubuntu/+source/firefox-3.0/+bug/269656 Rehashing it here won't be helpful - take it up directly with the good folks firefox working on firefox, or use a different code base. Neal McBurnett http://neal.mcburnett.org/ -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Rejecting the Firefox EULA in Ubuntu
On Wed, Sep 17, 2008 at 02:14:47PM +0100, Sean Hodges wrote: > >> Is there an easy way to reject the EULA on the Firefox shipped with > >> Ubuntu and still be able to use the software? Has anyone patched the > >> source code to remove this yet? > >> > *SNIP* > > > >This is on Fedora, but should help: > >http://www.toad.com/gnu/sysadmin/index.html#firefox-eula-sux > > Thanks for the suggestion, I have seen this article before. > > It describes how to modify the binary and not the source. I'm looking to > remove the EULA dialog from the source altogether, so the resulting > packages do not have it. Or alternatively allow you to reject the terms > but still use the program. I tried to find the place this was changed, and saw nothing in the changelog for the firefox-3.0 package. Then I was referred to the ubufox package, which is where the change took place on Fri, 12 Sep 2008 12:02:19 +0200 in version ubufox (0.6~b1-0ubuntu1) intrepid. * MERGE 0.6~b1 release from lp:ubufox That isn't very informative about such a controversial change. But we can look at the bzr logs for ubufox: https://code.edge.launchpad.net/~asac/ubufox/main I haven't looked in detail, but revision 103 talks about EULA changes: Merge first run EULA display feature from lp:~asac/ubufox/main.firstrun - update content/overlay.js - update defaults/preferences/ubufox.js - add content/mozeula.html See http://bazaar.launchpad.net/~asac/ubufox/main/revision/103 > It seems no'one has looked into this yet, so I will have a look this > weekend. I hope this helps. And remember, as others have pointed out, this is being very actively worked on by both Mozilla and Ubuntu firefox folks. You can vote on brainstorm as Jane Silber suggests: https://bugs.edge.launchpad.net/ubuntu/+source/firefox-3.0/+bug/269656/comments/383 and see what Mozilla is saying and proposing: http://blog.lizardwrangler.com/2008/09/15/ubuntu-firefox-and-license-issues/ http://lockshot.wordpress.com/2008/09/15/firefox-eula-in-linux-distributions/ I resonate with the user comments in the latter URL, that even without a click-thru requirement, any sort of "agreement" asserted by Mozilla for using the code is out of line with what I want Ubuntu to be about. Note the complication that they are also trying to get agreement to use their anti-malware and anti-phishing web services, which is a different thing. Is there a better place to discuss the Ubuntu process and options with those working on it? The bug is not the right place, and those involved may not be subscribed to this list. Neal McBurnett http://mcburnett.org/neal/ -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Firefox newly insists on showing an EULA
On Mon, Sep 15, 2008 at 02:12:52PM +0300, Peteris Krisjanis wrote: > IMHO, several ways to handle that: > 1) Cave in to Mozilla request (Trademarks are trademarks. They are > bitch and their protection are somehow incompatible with free > software. But that's life) > 2) Provide Iceweasel and rebrand it as Ubuntu Web browser, and provide > easy way to install Firefox from universe. Those who will care will > install it, OEMs will install it on new boxes by default anyway, and > those who care about libre, will stay clean. > 3) Ditch Firefox as default browser in Intrepid+1 and go on with > Epiphany/Webkit. Still, provide easy way to install FF. > > One big point is that most users who would like to see Firefox as > "familiar" brand are OEM users anyway - they will get their browser > installed by support guys. Also Hardy still get FF 3.0 without EULA > (so far), so propably not so much to worry about. Thanks for listing some options. My gut reaction is to do #2 above: reluctantly drop the problematic Firefox brand and go with a brand that doesn't introduce trademark and EULA hassles for our users and redistributors. But first I'd like to actually read the EULA, and I'm surprised no one has posted the text of it (as far as I have found) to this discussion or to the bug. Though the bug is so verbose now that I haven't managed to read all the way thru, I must admit - but I didn't see any attachments. Thanks, Neal McBurnett http://mcburnett.org/neal/ -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: [ubuntu-web] feedback on new wiki theme
On Tue, Sep 09, 2008 at 09:34:49AM +0100, Matthew Paul Thomas wrote: > Neal McBurnett wrote on 09/09/08 00:12: > >... > > It is common to focus on a fixed width design as "narrow", but for > > many users the big issue is that it is "fixed". On a wide page it > > looks narrow, but on a narrow page it is nearly unusable since it is > > wider than the window, and requires using the horizontal scroll bar to > > read each line. > > > > As others have mentioned, the fact that the user can't control the > > width of the content is the real issue, and the reason fluid designs > > are very popular. > >... > > This is all a false dichotomy. Instead of setting a fixed width, or a > fluid width, set a max-width. That way the page is narrow in narrow > windows, and wider in wide windows, without becoming over-wide. Using max-width is an option, and is better than fixed-width. But just to be clear, it is not what I am asking for. I want the theme to use the space that I give it when I set the width of the browser window. If it seems wide to me, I'll make the window narrower. I prefer a fluid design. If the consensus is that there should be a maximum width, then go ahead and use max-width. But it is not a false dichtomy. Both wide pages and narrow pages can be very useful with a fluid design. Neal McBurnett http://mcburnett.org/neal/ -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: feedback on new wiki theme
On Mon, Sep 08, 2008 at 05:45:42PM -0500, Matthew Nuzum wrote: > > I disagree - the problem with fixed width is that at some point we have to > > make assumptions as to the screen size used to access as well as how the > > reader wants to read the information. I feel that these both should be left > > to the reader not pre-defined by the writer. > Sometimes I see a fixed-width page and I just feel like it looks so > lonely sitting there in the middle of such wide margins to either > side. Especially on a single column site like this one. But when I > stop looking at the design of the site and just start using it I like > it much better. The narrow column width really pulls you into the > site's content. (and seriously, its not that narrow with a content > width of 820px and a column width of 875px) > > I've used this theme for a bit now and browsed many different pages > and feel that the it works very nicely on a content-heavy page. I've > maximized my browser window (1280x800) to hopefully get a taste of the > pain experienced by people who use their browser this way typically > and honestly I think that overall its an improvement. It is common to focus on a fixed width design as "narrow", but for many users the big issue is that it is "fixed". On a wide page it looks narrow, but on a narrow page it is nearly unusable since it is wider than the window, and requires using the horizontal scroll bar to read each line. As others have mentioned, the fact that the user can't control the width of the content is the real issue, and the reason fluid designs are very popular. This is of course famously a problem for folks with narrow screens (e.g. handheld computers). But it is also often a problem for folks with big screens. E.g. I often use the very practical info in a wiki interactively, looking back and forth between a narrow web page on the left and a terminal window on the right, and wanting as much material, and page height, as I can get. A fixed design thwarts that plan. So as earlier posters have said, what is wrong with keeping the fluidity of the current design, letting the user choose how wide to make their browser window, and thus how long their lines of text should be? The rest of the design can match ubuntu.com, where graphics and other design considerations can be an issue, but for a wiki, I think fixed-width is the wrong choice. Neal McBurnett http://mcburnett.org/neal/ -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: feedback on new wiki theme
On Fri, Sep 05, 2008 at 06:07:49PM -0400, Connor Imes wrote: > Jordan Mantha wrote: > > On Fri, Sep 5, 2008 at 1:56 PM, Matthew East <[EMAIL PROTECTED]> wrote: > >> Recently I've been developing a new theme which is intended to replace > >> the existing themes on the documentation wiki > >> (https://help.ubuntu.com/community). The intention of the theme is to > >> make reading the wiki easier for a user (so the interface should be > >> cleaner) and for an editor (so there is an editbar at the bottom of > >> the screen which follows the window as you scroll). My top priority for editing would be to put "save changes" next to the comment on the edit, at end of edit box. This would help folks add comments which I find very helpful (and almost mandatory on wikipedia) The most problematic dimension on my screen is vertical. The floating footer takes yet more vertical space away from the viewing and edit window, and that makes it much harder to have enough context when I read or edit. So I'd leave those at the top, or put them at the bottom of the whole page if you prefer. It would also help to tighten up or move the help examples in the edit window. When I preview an edit, I hate scrolling past the edit window to get to the preview. I find that my name at the bottom overlaps text while editing. More comments below > > This is a very nice theme and looks more professional and usable to > > me. My only complaint is that it's rather narrow on all my computers > > (widescreen laptop and LCD displays). It looks like we're losing an > > awful lot of screen real estate. Is it possible to make it a fluid > > rather than fixed width theme? http://www.ubuntu.com has the same > > issue. It ends up looking rather cramped on all my computers and more > > like a blog site (perhaps because of the ubiquity of some of > > Wordpresses past default themes :-) ). I agree with the desire to have a fluid view. When I want a narrow one I'll make my window narrow. I know there are different preferences on that, but that is my preference, both for this wiki and for ubuntu.com. But I don't see why we would need to preserve the lack of fluidity of ubuntu.com - we could keep the same branding and just change the fluidity. I figure a wiki has a different mission and much simpler layout than more complicated custom professional ubuntu.com pages. > I like the new theme as well, and agree that the page should not be > statically sized. If we want to implement the static size somewhere, it > may be more appropriate for the official docs, not the community > documentation (then it's more like reading a book or a manual). Right. > -I also noticed that the Tabs in the upper right are gone, so it feels a > bit empty on that part of the page. Will these be re-added? Right. It seems to me that the tabs are pretty important. > -I think the Page History link at the end of a page should be in the > non-moving footer. I use page history more than edit or subscribe, so I'd like it there also. > -The "copyright" part of the footer seems a little awkward. I think we > can condense it so that there isn't whitespace between the two lines. Yes - tighter would be my preference. Beyond that - I definitely appreciate attention to updating the theme. I like the smaller text. Thanks! Neal McBurnett http://mcburnett.org/neal/ > Ideas for improvement aside, I really like this theme - it doesn't > really take any getting used to (which is good), and looks much more > clean and professional than the older theme. I really hope we can have > this ready in advance of Intrepid. Thanks for making this happen! > > -Connor -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Disappointed with Ubuntu Server, could be used by such a wider audience
On Wed, Jul 30, 2008 at 06:14:06PM -0700, Anthony Watters wrote: > The Ubuntu server should come in two offerings; i.e. the unfriendly existing > Ubuntu server, and, more importantly to the masses, a friendly pre-configured > Ubuntu server that uses SME Server (http://smeserver.com) and ClarkConnect > (http://clarkconnect.com) as a starting point only not crippled, and much > better. Thanks for the input. Note that's the wrong URL for the CentOS-based SME Server, aka E-smith. See http://www.smeserver.org/ http://en.wikipedia.org/wiki/SME_Server http://distrowatch.com/table.php?distribution=smeserver Many of us agree that a really friendly Ubuntu offering for the home or small business server market is a high priority, and we've been tossing around ideas for some time now. What we really need is more testers and contributors to eBox, and some more upgraded specs along the lines of https://wiki.ubuntu.com/UbuntuEasyBusinessServer https://wiki.ubuntu.com/EboxSpec Please join the Server Team and get involved! https://wiki.ubuntu.com/ServerTeam Cheers, Neal McBurnett http://mcburnett.org/neal/ > It is only a matter of time before people start running servers from home > (check out Windows Home Server and no doubt Apple will have something up its > sleeves before very long too). Ubuntu server should be leading the way and > definitely before Microsoft cooks up its next bit of mischief. The last thing > people want is to have to mess around down in the bowels to configure the > thing > (should be easy). > > The server section of the 2007 "The Official Ubuntu Book" is way too vague too > and designed to scare people from using the server. > > Preconfigure the thing, give it a GUI web admin, make it easy for someone to > set up a Web server/Webmail/File server either in server only mode or server > and gateway mode. All I should need to set up is a couple of users, provide > the > IP address and say whether I want RAID and maybe how I want the partitions > configured (but with suggested recommendations along the way at every step). > > I have my own registered domain currently hosted with an ISP. I want to move > it > into my home. How to do it? That's where the focus should be. There are many, > many thousands like me. -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: LTS and release methodology
On Tue, Jul 08, 2008 at 10:24:46AM -0400, Mackenzie Morgan wrote: > On Tue, Jul 8, 2008 at 10:16 AM, Peteris Krisjanis <[EMAIL PROTECTED]> wrote: > >> On Mon, Jul 7, 2008 at 1:48 PM, Vincenzo Ciancia <[EMAIL PROTECTED]> wrote: > >>> 2) What about adding some basic hardware testing to these test cases? > >>> For example, vga out support never survives a release or two before > >>> being killed by X progressing, in my experience, but it is very > >>> important for the whole academic community which is one of the primary > >>> targets of linux-based environments at the moment. As of now, I own > >>> three different laptops, of different ages. For different bugs none of > >>> them can project on a VGA projector in hardy, and ALL of them have been > >>> able in past releases. This gives a very bad impression of ubuntu to > >>> newcomers. [snip] > Then take into account > the drivers. If he's using a closed source driver, it could be the > driver's fault, and how would we prove that? And if it's Nvidia, good > luck getting them to respond to a bug report telling them that their > newer drivers broke VGA out. I'd like to address the responsibility of the hardware manufactures as a major aspect of the problem. It is important for us to test and report bugs to Ubuntu and the xorg folks. But it is also important for us to report issues to the hardware manufacturers and tell them we'd like them to do open source development and testing if they want folks to buy their hardware. If we all think "they'll just ignore me" than no one will write to them and they'll think it isn't an issue. Neal McBurnett http://mcburnett.org/neal/ -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Need to upgrade apache2 and php5 for security reasons
On Wed, Jul 02, 2008 at 04:06:00PM -0400, Scott Kitterman wrote: > On Wednesday 02 July 2008 15:10, Daniel Hahler wrote: > > Christian Desrochers wrote: > > > Our web servers have been checked recently by an external security firm. > > > We have been told that our web servers need to be upgraded to the latest > > > version in order to fix some security issues. > > > > The changelog for PHP 5.2.6 lists: > > * Fixed possible stack buffer overflow in the FastCGI SAPI > > identified by Andrei Nigmatulin. > > * Fixed integer overflow in printf() identified by Maksymilian > > Aciemowicz. > > * Fixed security issue detailed in CVE-2008-0599 identified by Ryan > > Permeh. > > * Fixed a safe_mode bypass in cURL identified by Maksymilian > > Arciemowicz. > > * Properly address incomplete multibyte chars inside > > escapeshellcmd() identified by Stefan Esser. > > * Upgraded bundled PCRE to version 7.6 > > > > ..and there hasn't been any upload to *-security for this (AFAICS). > > > > Previously I was using PHP from CVS (branch PHP_5_2) and updated that > > from time to time, following the CVS commits. > > > > On a new server I'm using the official packages, but have backported the > > package from Debian unstable (and/or Intrepid) to include all the fixes. > > > > I think it would make a lot of sense to request a backport for PHP (for > > Dapper, Gutsy and Hardy; see > > https://help.ubuntu.com/community/UbuntuBackports). > > > > Still, it looks like a security update would be required, too. > > Daniel, > > It would be nice if you could file some bugs and provide some patches ... Hmm - this is all discussed in 227464: https://bugs.edge.launchpad.net/ubuntu/+source/php5/+bug/227464 Fixed in Intrepid, and progress is being made on good patches for a security update. A debdiff is available: https://bugs.edge.launchpad.net/ubuntu/+source/php5/+bug/227464/comments/15 and a ppa version for Hardy in https://edge.launchpad.net/~tormodvolden/+archive Which all goes to show that searching the bug database first, or early on in the conversation, would avoid a lot of messages Neal McBurnett http://mcburnett.org/neal/ -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Reusing old specs
On Mon, May 12, 2008 at 11:51:16AM -0700, Bryce Harrington wrote: > On Sun, May 04, 2008 at 11:59:30PM +0200, Przemys??aw Kulczycki wrote: > > Hi! > > I have a suggestion for development of Intrepid Ibex. > > The Ubuntu's blueprints page currently lists over 2000 specs. > > https://blueprints.launchpad.net/ubuntu > > Some of them are implemented, but not marked as such. > > Some of them have been deferred, but are not marked as such. > > Some of them became obsolete. > > And finally some of them might be good for Ubuntu 8.10, at least after > > some cleanups. > > Maybe a separate spec should be created to cleanup old specs? > > Good but old ideas shouldn't be forgotten nor stopped in the middle. > > It does seem some cleanup could be beneficial. In going through the > blueprints looking for Xorg-related ones, I've assembled a list of ones > that look like Duplicate/Obsolete ones here: > > http://wiki.ubuntu.com/X/Blueprints > > > Hopefully now that we have brainstorm.ubuntu.com, that will serve as a > better forum for raw ideas, and blueprints will become used less for > that and more for detailed proposals. Yes - it is very hard to see which blueprints are still in play. It is also hard to find what other people are preparing to discuss. A week away, and no specs have been approved yet: https://blueprints.edge.launchpad.net/sprints/uds-intrepid Another thing that would help a lot is if launchpad could let us see which blueprints have been _proposed_ for a sprint: https://bugs.edge.launchpad.net/blueprint/+bug/111610 which is a dup of https://bugs.edge.launchpad.net/blueprint/+bug/66093 so we'd know we didn't have to duplicate work that has already been done, or we could prepare and discuss things more easily before the meeting. Neal McBurnett http://mcburnett.org/neal/ -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: firefox and bad ssl certificates
On Thu, May 08, 2008 at 12:45:46AM +0200, Martin Pitt wrote: > Peio Ziarsolo [2008-05-07 13:03 +0200]: > > But for power user that know the significance of a bad certificate it's > > annoniying add exceptions (this morning I have to add 3 esceptions). > > This doesn't have anything to do with power users/n00bs. An invalid > SSL certificate isn't any better or worse depending on the type of > user. If a site sets up SSL with an invalid certificate, then this > buys the user nothing but a false sense of security. > > The proper approach to this IMHO is to make adding exceptions in all > web browsers (especially IE) as hard and explicit as in Firefox 3. > This would perhaps force site admins to get a grip and stop ignoring > broken SSL certs, once they get a flood of complaints. > > > Is there any key to toogle off this new feature? > > I *so much* hope that there isn't. People should really start to > understand that this is a SERIOUS error and shouldn't at all be > considered 'normal'. Invalid certs are one thing. But doesn't this also affect self-signed certs? Self-signed certs are appropriate for many use cases in which the goal is primarily encryption (e.g. to protect data flowing back from the server to the user), rather than e.g. protecting bank accounts by authenticating the server to the user. E.g. connecting to a local ebox management port, or a small community wiki. In many low-security situations, this change pushes server operators into buying pricey certs from certificate vendors who often offer little or no meaningful vetting and accept zero liability. This stuff is complicated, involves politics, and can't be painted with such a broad brush. Education is a big part of it, like with most security-related issues. The current warnings are confusing, and are being improved. Let's try to see to it that they communicate as well as possible. Otherwise too many grass-roots sites will just go back to asking folks to enter passwords over unencrypted connections, or users will get used to bypassing yet another set of dialogs and phishing will continue scarcely abated. E.g. how hard is it for folks to buy in to their own web of trust and get e.g. all CACert certs accepted? http://cacert.org Neal McBurnett http://mcburnett.org/neal/ signature.asc Description: Digital signature -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Developemnt and use - Training manual
On Fri, Apr 25, 2008 at 08:15:32AM -0600, Neal McBurnett wrote: > I think the "non-commercial" part is more complicated than most people > think, and makes it less useful to both commercial and non-commercial > use. I've looked some more and here are some specifics. The definition of non-commercial use is complicated enough that MIT and Creative Commons have put forward quite different interpretations of the same license - is it about "the user" or "the use"? See: Creative Commons vs MIT OCW: Interpreting the Noncommercial Clause David Wiley http://opencontent.org/blog/archives/307 Note that Creative Commons is still in flux about this - see also the other complexities at: http://wiki.creativecommons.org/DiscussionDraftNonCommercial_Guidelines In early 2008 we will be re-engaging that discussion and will be undertaking a serious study of the NonCommercial term which will result in changes to our licenses and/or explanations around them. What particular commercial uses are the authors of the Training Manual concerned about? Is it licensed under other terms for some users? And thanks again - it is very nicely done! Neal McBurnett http://mcburnett.org/neal/ -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Developemnt and use - Training manual
On Fri, Apr 25, 2008 at 11:53:24AM +0300, Billy Cina wrote: > Hi All, > > The purpose of the license is to prevent the material being used for > profit-seeking purposes. If you (or anyone else) is from a not-for-profit > institution or running community classes etc., then this material is 100% > intended for that. Charging students minimal fees to cover expenses is also > ok. Thank you for the training manual :-) The "share and share alike" part of the license is the most important in my view, and it is similar to the GPL license that is popular in Ubuntu. I think the "non-commercial" part is more complicated than most people think, and makes it less useful to both commercial and non-commercial use. I'm currently self-employed and not contemplating any commercial use of this, but I have worked for big corporations, and have experienced (and contributed to) the growth of free software driven by for-profit corporations. (And I have seen not-for-profit corporations act in ways that are not at all community-spirited - e.g. huge hospitals that pay their CEOs outrageous salaries.) E.g. I would love to see big enterprise users using this for training their people, even though it would be for-profit. And I would love for them to base their products on Ubuntu (e.g. a point-of-sale product) and use this to train their customers in how to use Ubuntu, even though they would charge for that training. The point is they would still have to share modifications, and we would all benefit - both the training community, and the whole Ubuntu user and developer community - because it would be essentially a win-win-win. Neal McBurnett http://mcburnett.org/neal/ > Hope this clears any misunderstanding. > > Best regards > Billy Cina > Training Programmes Manager > > Colin Watson wrote: > > On Fri, Apr 18, 2008 at 02:53:12PM -0700, George Farris wrote: > > > https://wiki.ubuntu.com/Training > > This site has an Instructor and Student training manual for Ubuntu. > The > license says share and add to but not for commercial use. Why ion > earth > would you not allow Educational Institutions to use this material in > classes. I find this very strange. > > Possibly the license could be tweaked to at least allow training > people > with this material. > > If anyone has any information about this I would be very interested. > > > > I've CCed Billy and Torsten, who would be the appropriate people to > reply to this. > > Cheers, > > > > > > > -- > Billy Cina > Training Programmes Manager > Dir: +44 207 630 2454 > Mob: +44 780 938 9862 > [EMAIL PROTECTED] > www.ubuntu.com > > > -- > Ubuntu-devel-discuss mailing list > Ubuntu-devel-discuss@lists.ubuntu.com > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: libc borked
On Thu, Mar 13, 2008 at 01:43:41PM +0100, Daniel Holbach wrote: > https://launchpad.net/bugs/201673 has information about what happened > and how to fix it. Semi-official workaround instructions will be added > there too. > > Have a nice day, > Daniel YAY Daniel - here's a hug for finally adding some *helpful* content to this discussion. A bug reference - just what Todd so nicely asked for!! And thanks to all the developers who got us this far, and who make things happen, and who try to learn from the past. Yeah, we're all human. Neal McBurnett http://mcburnett.org/neal/ -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Securely downloading Ubuntu
On Tue, Jan 29, 2008 at 02:48:44PM +0100, [EMAIL PROTECTED] wrote: > On Jan 29, 2008, at 1:16 PM, Colin Watson wrote: > > Do you know what the state of cryptanalytic research is on > > Whirlpool? My > > concern is that the MD5/SHA family, for all its faults, has been > > extremely extensively cryptanalysed, and at least we know where we > > stand, while the other families are still relatively unknown. > > That's correct. Whirlpool is AES-based, which is slightly reassuring, > but its designers have to my knowledge never presented it in an > academic conference; even so, it passed quite some scrutiny when it > was submitted to (and subsequently selected by) the NESSIE project. > For high-security applications, combining a SHA-2 variant and either > RIPEMD-160 or Whirlpool is sufficient to satisfy even the > professionally paranoid among us. I chose a SHA-256+Whirlpool > combination for signature verification in the OLPC firmware. Offhand, this sounds like the right approach to me. Opinions will be volitile for the next several years with the focus on the field and the ongoing NIST Hash Algorithm Competition http://csrc.nist.gov/groups/ST/hash/ On Tue, Jan 29, 2008 at 02:36:41PM +0100, [EMAIL PROTECTED] wrote: > On Jan 28, 2008, at 5:28 PM, Neal McBurnett wrote: > >Cryptographers are nervous about not only MD5, but also all the > >functions in the same class, which includes SHA-1 and SHA-256. The > >latter ones use more bits and thus have more life in them than MD5 > > This is an oversimplification. The SHA-2 family is not merely a longer > SHA-1; while closely based on SHA-1, the SHA-2 compression function is > different enough that the resulting hashes are much stronger, and > practical attacks on SHA-2 are considered unlikely in at least the > next ten years. Yes, definitely an oversimplification :-) But Arjen Lenstra, one of the folks involved in finding holes in the current set of hash functions, disagreed when he spoke at our workshop 2 years ago. His .ppt is online: http://middleware.internet2.edu/pki05/proceedings/#lenstra-hashing_crypto He characterizes the changes in SHA-2 as "tweaks" on the same iterative design that both MD5 and SHA-1 use, and emphasizes that we've there is a lot of fundamental stuff about designing hashes that we don't really understand yet. Others probably disagree and I haven't gotten a recent update, but the nature of this field is that attacks come suddenly and can have big impacts, so I would be more cautious, and I think we agree that two relatively diverse hashes like sha-256 and whirlpool would be prudent. -Neal -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Securely downloading Ubuntu
[I've been sending, like the original poster, to both lists, and different responses from different people have gone to each list. But we should probably choose just one of these lists to use for this conversation I'd choose the -devel-discuss list since my postings to the -devel list have to be approved by the moderator] On Mon, Jan 28, 2008 at 10:51:49PM -0500, Fabian Rodriguez wrote: > Neal McBurnett wrote: > | That ftpmaster key is already on installed systems, right? I would > | think we could preinstall system keyrings and give instructions that > | would be based on that. Do we not ship the <[EMAIL PROTECTED]> key? > GnuPG's local keyrings are created when it's first invoked, so they > should actually be empty. I personally overwrite the local keyrings or > use an external USB key on my laptop, depending on the kind of install > I've had in the past. Adding that key to a default install would > probably require setting up an additional keyring with it and changing > the default gpg.conf accordingly. Just to clarify, I was not proposing that Ubuntu put any keys in a user's gpg keyring - that would be a BAD THING. By "system keyring" I meant that Ubuntu could use one of the existing keyrings used by apt et al (perhaps /etc/apt/trusted.gpg?) E.g. on my gutsy machine both keys seem to be there: $ gpg --no-default-keyring --list-keys --keyring /etc/apt/trusted.gpg /etc/apt/trusted.gpg pub 1024D/437D05B5 2004-09-12 uid Ubuntu Archive Automatic Signing Key <[EMAIL PROTECTED]> sub 2048g/79164387 2004-09-12 pub 1024D/FBB75451 2004-12-30 uid Ubuntu CD Image Automatic Signing Key <[EMAIL PROTECTED]> > Another problem is the download page should actually link to: > https://help.ubuntu.com/community/VerifyIsoHowto > > I checked that page and added a few links about the web of trust and the > warning you mention. Good - thanks. For folks using Ubuntu, this is much easier. It looks like because there is an appropriate /etc/apt/trustdb.gpg file there, this seems to work nicely for verifying MD5SUMS, without any need to download keys or set up trust beforehand: $ gpg --no-default-keyring --keyring /etc/apt/trusted.gpg --verify MD5SUMS.gpg MD5SUMS gpg: Signature made Thu 18 Oct 2007 01:47:10 AM MDT using DSA key ID FBB75451 gpg: Good signature from "Ubuntu CD Image Automatic Signing Key <[EMAIL PROTECTED]>" > Although the [EMAIL PROTECTED] (0xFBB75451) key is not in the "strong > set" and does not show up in the Keyanalyze reports, Colin Watson's and > Martin Pool's (which both sign it) do. I wonder if they should be used to sign each other and some other key in the strong set so they would be in the strong set - that would make establishing trust more convenient. Neal McBurnett http://mcburnett.org/neal/ -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Securely downloading Ubuntu
On Mon, Jan 28, 2008 at 05:20:52PM +, Matt Zimmerman wrote: > On Mon, Jan 28, 2008 at 09:28:48AM -0700, Neal McBurnett wrote: > > > (I'm all in favor of moving to SHA256 or whatever is considered best > > > practice these days. I've just not heard that MD5 is really as broken as > > > I think Chris suggests here.) > > > > One easy thing to do is to also publish sha256 sums of the CD > > images, so if MD5 preimage attacks are developed, that would help. > > > > I think we should do that now, and consider a hash function in a > > different class also (whirlpool?). > > > > Shipping more hash functions in the base install would help a lot in a > > crisis, so users have what they need to validate software updates. > > I guess coreutils has the md5 and sha families well covered, but > > again, something different like whirlpool could help a lot some day. > > Perhaps we should publish detached signatures for each ISO rather than > signing MD5SUMS? >From what I've heard, the main principle for dealing with hash issues is "algorithm agility" - i.e. making it easy for folks to use multiple algorithms. Publishing detached signatures is a way to make the user interface easier (perhaps) for folks that want to validate the gpg signature. But I would think many (especially those without a good way to trust the gpg key, as noted previously) would want to just be able to validate hashes. I would still argue for the use of multiple hash algorithms, and I guess for gpg that means multiple detached signatures, one per hash algorithm. And some are not supported by all versions of gpg I'd suggest we publish a "CHECKSUMS" file with a good assortment of hashes in text format, and also sign that. Neal McBurnett http://mcburnett.org/neal/ -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Securely downloading Ubuntu
On Mon, Jan 28, 2008 at 04:58:00PM +, John Carr wrote: > > > If the MD5SUMS files are purely for validating downloads[3], could the > > > completely useless/misleading GPG files be dropped? > > > > They are far from useless - they are the only way to validate the hash > > information based on trust roots that are (or should be) on your > > system already. > > > > Neal McBurnett http://mcburnett.org/neal/ > > > > > /Lamby > > > > > Forgive me if i'm missing the obvious. Why should any of the keys in > [1] be in my system already? The ftpmaster key might be there if i'm > starting with Ubuntu, but i doubt it would on a fresh gentoo system > for example.. How would I go about trusting any of these keys? > > If I can't, then what is the value of keeping the .gpg, other than to > lead me into a (potentially) false sense of security? Sorry, good point - only Ubuntu users could be expected to have the keys already installed. But even if it were only used for that case, it would be very valuable for upgrades etc. In general, the PGP web of trust along with various tools allows people (and programs) to gain trust in the keys used to sign the file. But that topic is best discussed elsewhere. http://en.wikipedia.org/wiki/Web_of_trust > John > > [1] http://preview.tinyurl.com/2llzqr -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Securely downloading Ubuntu
On Mon, Jan 28, 2008 at 04:44:05PM +0200, Lars Wirzenius wrote: > On ti, 2008-01-22 at 19:32 +, Chris Lamb wrote: > > However, the MD5 digest algorithm is utterly broken > > How broken is it? Can one reasonably expect that a well-provisioned > attacker can create an MD5SUMS file that has the wrong content but still > matches the GnuPG signature? The current state of the art allows people to easily create two files with the same MD5 (a "hash collision"). But no one has claimed to be able to create a file that matches the MD5 of a file that someone else created (a "preimage attack"): http://en.wikipedia.org/wiki/MD5 http://en.wikipedia.org/wiki/Preimage_attack To take advantage of the existing vulnerability (hash collision), the attacker would have to be also be able to modify the ISO that is published on the Ubuntu sites. If they can do that, we have more important things to worry about. I think the main risk for Ubuntu would be the latter kind of attack, if it is ever developed. Cryptographers are nervous about not only MD5, but also all the functions in the same class, which includes SHA-1 and SHA-256. The latter ones use more bits and thus have more life in them than MD5, but the field is in a lot of turmoil. > (I'm all in favor of moving to SHA256 or whatever is considered best > practice these days. I've just not heard that MD5 is really as broken as > I think Chris suggests here.) One easy thing to do is to also publish sha256 sums of the CD images, so if MD5 preimage attacks are developed, that would help. I think we should do that now, and consider a hash function in a different class also (whirlpool?). Shipping more hash functions in the base install would help a lot in a crisis, so users have what they need to validate software updates. I guess coreutils has the md5 and sha families well covered, but again, something different like whirlpool could help a lot some day. There is at least one LGPL library which provides a uniform interface to a large number of hash algorithms: mhash (http://mhash.sourceforge.net/). And there is a python interface to it, but I don't see a package for it. On Tue, Jan 22, 2008 at 07:32:32PM +, Chris Lamb wrote: > Is it actually possible to securely download Ubuntu? > > A typical mirror contains an MD5SUMS and an associated MD5SUMS.gpg [0]. > However, the MD5 digest algorithm is utterly broken and the key is signed > by just a handful of people anyway[1], only two of which I (visually) > recognise as having anything to do with the Ubuntu project. Remember, anyone can sign a key on a public keyring, so most of those sigs are probably from "volunteers". But all the user needs is a trust path from their trusted keys to the key in question, and since it is signed by Ubuntu Archive Master Signing Key <[EMAIL PROTECTED]> users should be able to have that. But the warning on the https://help.ubuntu.com/community/VerifyIsoHowto page is an issue: WARNING: This key is not certified with a trusted signature! That ftpmaster key is already on installed systems, right? I would think we could preinstall system keyrings and give instructions that would be based on that. Do we not ship the <[EMAIL PROTECTED]> key? > If the MD5SUMS files are purely for validating downloads[3], could the > completely useless/misleading GPG files be dropped? They are far from useless - they are the only way to validate the hash information based on trust roots that are (or should be) on your system already. Neal McBurnett http://mcburnett.org/neal/ > /Lamby > > [0] http://cdimage.ubuntu.com/releases/7.10/release/ > [1] http://preview.tinyurl.com/2llzqr > [2] https://help.ubuntu.com/community/VerifyIsoHowto -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Kerberos? Does anyone have this running?
On Thu, Jan 10, 2008 at 03:02:28PM -0700, Kevin Fries wrote: > > https://bugs.edge.launchpad.net/ubuntu/+source/krb5/+bug/159357 > > Yep, saw that, and followed that thread. But I like many others have > dnsdomainname working correctly, and it is still not working. ... > Others in the forums report the same failure despite dnsdomainname > returning correctly. Yet, there were no responses. That is why I > decided to ask the developers. Thinking it may be in the process of > being EOL'd or something. Well of course kerberos is part of AD also, so I don't think there is much risk of it being EOL'd. But finding an easier way to configure it all is a high priority. Again, I think that posting those results, config files, etc to the relevant launchpad bug report(s) is the best way to get developer assistance. Or the IRC links I gave before. Good luck! -Neal -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Kerberos? Does anyone have this running?
My guess is that the server team mailing list, or #ubuntu-server or #kerberos would be better places for this discussion. But read on - my comments are interspersed. On Thu, Jan 10, 2008 at 06:17:56PM +0100, Magnus Runesson wrote: > On Wed, 2008-01-09 at 08:59 -0700, Kevin Fries wrote: > > I am trying to build a single signon environment as an Ubuntu demo. > > > > I tried to follow the help.ubuntu.com website to insure I did it the > > "proper" or "documented" way. There are numerous threads of people > > asking for help in the forums. In addition, there are 15 bugs filed in > > Launchpad. Many of these are going back to 7.04. > > > > Do you have the full links to the doc you refer to? I second the question :-) Makes it much easier for the many readers of this thread. > Regards, > /Magnus > > > Is there something going on with Kerberos as to why there is no help, or > > bug fixes? Is this package going the way of the Woolly Mammoth? Or is > > it just not getting enough TLC? Or, is something else going on? I don't know, but my guess is that most of the efforts are going into improving interoperability with Active Directory rather than just kerberos. The major news on that front is "Likewise": likewise: http://www.linux-watch.com/news/NS2350659361.html and the server team is working on getting that integrated for Hardy. > > For the record, I tripped upon the problem documented in the forums, and > > launchpad bug reports, where upon install it does not properly run its > > full configuration. It never asks me for realm or anything. Once > > blowing off its config, it then fails to start (yeah I know, go figure). > > But manually setting up the configuration does not work either. The > > package keeps coming up with the error: "kadmind: Improper format of > > Kerberos configuration file while initializing context, aborting". As > > suggested, my dnsdomainname returns correctly, and I have manually > > configured the files in accordance with the documentation. No errors > > are thrown in the syslog. I had a problem like that once, and think that it had to do with not having a Fully Qualified Domain Name (FQDN) for my system in /etc/hosts. I seem to recall that the kerberos installation uses the server's FQDN to make a default realm, and doesn't catch the error if that doesn't exist. Googling for your error string with the word "launchpad" added (which helps google prioritize authoritative launchpad bugs over chat in the forums) led me quickly to this: https://bugs.edge.launchpad.net/ubuntu/+source/krb5/+bug/159357 which gives more details on the root problem: dnsdomainname is not finding the FQDN. For me, a gutsy install in which I gave it my FQDN at install time properly put my FQDN in the /etc/hosts file, but if I just gave it a local name I ran into this kerberos problem. This is the format of what worked for me in /etc/hosts: 127.0.1.1 example.com example Cheers, Neal McBurnett http://mcburnett.org/neal/ -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
VOIP: ekiga, wengophone, twinkle (was What is 'administrivia')
On Mon, Dec 31, 2007 at 01:41:20PM -0500, Mackenzie Morgan wrote: > I've tried, unsuccessfully, to use Ekiga a few times. I got > Wengophone to work once. I know a lot of other people have had > issues with Ekiga not connecting to anything. Maybe that's changed > since Dapper, but I don't know. It didn't work for me with > Feisty--that's when I tried Wengo. > > On Dec 30, 2007 10:22 AM, Evan <[EMAIL PROTECTED]> wrote: >I'm sure there have been long discussions on these >before, but here are my suggestions: > >Remove >-ekiga (very few people use voip, and most of those that >do use skype. leave it in the repos if you must, but it >makes no sense to have it on the cd) It is clear to me that we need at least one free, best-of-breed VOIP app shipping with Ubuntu. VOIP is steadily increasing in popularity. Providing free standards-compliant end-to-end VOIP is an important alternative to the phone companies and others trying to turn it into a proprietary ghetto. http://www.joeterranova.net/2007/10/09/why-i-hate-vonage/ Skype is not only non-free, but it is anti-open in the sense that it does not interoperate with other VOIP apps or use a standard protocol. It is worse than cell phones in the years before we required portability of phone numbers between providers. In these days of the opening up of cell phone interoperability between providers, I think the last thing we should encourage is that Ubuntu users use Skype. I've had success with ekiga. Removing it from main without a free alternative would be a setback. Neal McBurnett http://mcburnett.org/neal/ -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: What is 'administrivia'?
On Sun, Dec 30, 2007 at 09:42:35AM -0500, Evan wrote: > I just sent an email to this list, and a few seconds later found out it had > been put on hold pending review because: "Message may contain administrivia" > > What??? Often people who don't understand mailing lists send requests like "subscribe" or "help" to the entire list, rather than to the administrative address assocaited with the list. So the software tries to filter that "administrivia" out so it doesn't spam the other subscribers. My guess would be to look for command-words like that, rephrase them and try again. Neal McBurnett http://mcburnett.org/neal/ -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Appropriateness of posts to this list (Was Re: evince crash)
a non-developer trying to find out if a post to the list about a "favorite bug" was appropriate. Unfortunately we've now regressed into a non-so-pretty internal argument. What an inappropriate waste!! In summary I think we will make a lot more progress if we recognize there are many ways of helping. Treating each other with respect is one of the most important. And figuring out creative new ways to contribute is another. My own suggestions for contributors, both developers and non-developers, is in a talk I did last month for the Boulder Linux Users Group: http://mcburnett.org/neal/talks/contribute_to_ubuntu.html Cheers, Neal McBurnett http://mcburnett.org/neal/ -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: regular fsck runs are too disturbing
On Tue, Dec 04, 2007 at 08:40:25AM -0600, HggdH wrote: > I am guessing what we would need here is a reanalysis of how the checks > are done, and what could be changed to minimise the impact of such > checks. I would expect changes in the filesystems also. You're right - a deeper analysis is needed. And this issue has at least one official blueprint: https://blueprints.edge.launchpad.net/ubuntu/+spec/prompt-for-fsck-on-shutdown https://wiki.ubuntu.com/AutoFsckspec You can try AutoFsck: https://wiki.ubuntu.com/AutoFsck Neal McBurnett http://mcburnett.org/neal/ signature.asc Description: Digital signature -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Our best foot forward
On Sun, Nov 25, 2007 at 01:46:03AM +, (``-_-´´) -- Fernando wrote: > On Monday 19 November 2007 12:41:35 Sebastian Heinlein wrote: > > Am Sonntag, den 18.11.2007, 08:34 -0500 schrieb Patrick: > > > I see it now. I never noticed it there. Is there any reason it cannot > > > also be placed under the right click too?-Patrick > > > > I don't think that this is a very often needed feature. We want to keep > > the menu short. > > Still, I would vote to have it on the right click menu. I never saw it > before, on the package menu. > On a not so related topic, "Download Changelog" should have a keyboard > shortcut I agree that having "configure" and "download changelog" available via the right-click menu would help people, and help folks that do support. The alternative is people not noticing these standard ways of getting information and doing configuration "The Ubuntu/Debian Way". But I think these are just the sorts of things we want more and more users to be aware of. Now, instead, people suffer with systems that don't work the way they want, or hack configuration files by hand in ways that are harder to upgrade. Neal McBurnett http://mcburnett.org/neal/ signature.asc Description: Digital signature -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Our best foot forward
Patrick I've pulled some ideas of yours I like from two separate posts: On Mon, Nov 15, 2007 at 20:30:20PM, Patrick wrote: > I think these are "configuration centric": > > 3)Question=I want to configure my NFS server > Answer= manually edit configuration file or use dpkg-reconfigure -plow > to launch configuration script. > > 4)Question=Why can't Totem play WMV files? > Answer= for legal reasons we can't install the codecs by default. You > will need to install them manually elsewhere. > Synaptic can answer all the "package centric" questions but I don't > see an easy solution for the new user for the configuration centric" > questions. Having the dpkg-reconfigure option built into Synaptic > would help a lot but it would not solve question #4. A utility to > provide answers and helper scripts for configuration issues ad FAQs > might be helpful. Somewhere facts such as Totem does not come with > such and such codecs need to be expressed. There should be someplace > simple for all of this to happen. It should not happen in the man > pages and it would be nice if people did not have to search on the > net for this information. I don't really know what to call it but > perhaps a Q & A / interactive tutorial utility could provide quick > guidance to new users. It could help them through these topics > quickly and we could put our best foot forward. On Mon, Nov 19, 2007 at 07:50:20PM -0500, Patrick wrote: > I had a lot of trouble configuring services in the past, in particular > my first one vsftpd, was hard as it was my first manual edit of a > configuration file. I can now edit all kinds of these files. It's easy > once you do one, an 8 year old could do this. > > The problem is it's not obvious to the first time user. I could carry > out usability studies with friends and family but really I don't think > anyone is ready to set up an nfs, ftp or samba server in the first 10-20 > hours. A usability study beyond a few hours is not practical for family > and friends. ... > If this is the market we are chasing then this is a big problem. The > thing is Ubuntu is so much more then a way to surf the net and answer > emails. Comparing Windows to Ubuntu is like comparing a glossy pamphlet > to an encyclopedia with the front cover torn off. Ubuntu has content but > it is not easy to find. There is enormous power in it. Ubuntu has saved > my business lots of money and opened up all kinds of doors for me. It is > perfect for business. > > We should be putting forth what Ubuntu can do that Windows cannot. It is > the ability to set up so many services and customize so many things that > makes it amazing. Most of this still needs to be done at the terminal > though. People need to be able to use it's rich set of features without > so much suffering. The server team is working on a graphical configuration option for hardy that I think will go a significant way towards addressing a number of these issues for many users. It involves packaging and enhancing the "ebox" web configuration utility so people can configure their systems with a nice graphical environment over the web. They can do it either from a local browser or from another machine. https://wiki.ubuntu.com/EboxSpec It uses the web because we shouldn't require servers to have the huge set of (potentially dangerous) packages that are needed for X11 and Gnome or KDE. Neal McBurnett http://mcburnett.org/neal/ -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
