Re: cygport: patches welcome?
On Jul 13 13:06, Corinna Vinschen wrote: On Jul 13 05:58, Andrew Schulman wrote: I think that this won't be necessary if we use Dave's suggestion to remove config files in preremove scripts if they haven't changed. Then all the postinstall script has to do is if [ -f /etc/file ] ; then exit 32 else cp /etc/defaults/etc/file /etc fi (but with smarter exit handling). Hmm, yes, that doesn't sound bad. How about both: postinstall scripts that weren't able to update a config file because it was modified exit with signal 32 (or whatever; I suggest a power of 2 so we can use bitmasks). If any postinstall scripts exit with 32, then setup searches for .cygnew files in /etc and presents the list to the user. A side effect of this would be that each time a config file can't be updated, setup would present the entire list of .cygnew files to the user-- even if they were there from a previous installation, so the user had already been notified about them before. I think this would probably be okay, maybe even good, as long as the user didn't get a new nag screen *every* time they installed any new package-- only when a config file couldn't be updated. I agree. Any comment from our setup gurus? Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Project Co-Leader cygwin AT cygwin DOT com Red Hat
Re: [ITP] perl-5.8.8-2
On Jul 15 17:22, Reini Urban wrote: The -2 package below has no additional 5.8.8 script suffix anymore, just for the two binaries. I also add some more in-between patches, esp. an installperl bugfix for Gerrit's CYG04major.version.cygwin.sh.patch http://rurban.xarch.at/software/cygwin/release/perl/perl-5.8.8-2.tar.bz2 http://rurban.xarch.at/software/cygwin/release/perl/perl-5.8.8-2-src.tar.bz2 http://rurban.xarch.at/software/cygwin/release/perl/perl_manpages/perl_manpages-5.8.8-2.tar.bz2 Actually the -2 version above has almost only scripts with the 5.8.8 suffix now, the non-suffixed versions are missing. Exceptions are ld2, perlld and scandeps.pl, which only exist in a non-suffixed version. perl.exe and a2p.exe are missing, too, only perl5.8.8.exe and a2p5.8.8.exe exist. Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Project Co-Leader cygwin AT cygwin DOT com Red Hat
Re: cygport: patches welcome?
On Mon, Jul 16, 2007 at 10:21:54AM +0200, Corinna Vinschen wrote: On Jul 13 13:06, Corinna Vinschen wrote: On Jul 13 05:58, Andrew Schulman wrote: I think that this won't be necessary if we use Dave's suggestion to remove config files in preremove scripts if they haven't changed. Then all the postinstall script has to do is if [ -f /etc/file ] ; then exit 32 else cp /etc/defaults/etc/file /etc fi (but with smarter exit handling). Hmm, yes, that doesn't sound bad. How about both: postinstall scripts that weren't able to update a config file because it was modified exit with signal 32 (or whatever; I suggest a power of 2 so we can use bitmasks). If any postinstall scripts exit with 32, then setup searches for .cygnew files in /etc and presents the list to the user. A side effect of this would be that each time a config file can't be updated, setup would present the entire list of .cygnew files to the user-- even if they were there from a previous installation, so the user had already been notified about them before. I think this would probably be okay, maybe even good, as long as the user didn't get a new nag screen *every* time they installed any new package-- only when a config file couldn't be updated. I agree. Any comment from our setup gurus? I have no comment other than to note that you can't exit with signal 32. You can exit 32 but you can't kill -32 $$. cgf
src/winsup/cygwin ChangeLog cygheap.h grp.cc s ...
CVSROOT:/cvs/src Module name:src Changes by: [EMAIL PROTECTED] 2007-07-16 20:01:15 Modified files: winsup/cygwin : ChangeLog cygheap.h grp.cc security.cc security.h syscalls.cc uinfo.cc Log message: * cygheap.h (cygheap_user::curr_imp_token): Rename from current_token. Accommodate changge throughout Cygwin. (cygheap_user::imp_token): Rename from token. Accommodate changge throughout Cygwin. (rcygheap_user::eimpersonate): Use primary token for impersonation. * grp.cc (internal_getgroups): Use primary impersonation token when impersonated. * security.h (_push_thread_privilege): Use primary impersonation token when impersonated. Patches: http://sourceware.org/cgi-bin/cvsweb.cgi/src/winsup/cygwin/ChangeLog.diff?cvsroot=srcr1=1.3841r2=1.3842 http://sourceware.org/cgi-bin/cvsweb.cgi/src/winsup/cygwin/cygheap.h.diff?cvsroot=srcr1=1.123r2=1.124 http://sourceware.org/cgi-bin/cvsweb.cgi/src/winsup/cygwin/grp.cc.diff?cvsroot=srcr1=1.103r2=1.104 http://sourceware.org/cgi-bin/cvsweb.cgi/src/winsup/cygwin/security.cc.diff?cvsroot=srcr1=1.217r2=1.218 http://sourceware.org/cgi-bin/cvsweb.cgi/src/winsup/cygwin/security.h.diff?cvsroot=srcr1=1.85r2=1.86 http://sourceware.org/cgi-bin/cvsweb.cgi/src/winsup/cygwin/syscalls.cc.diff?cvsroot=srcr1=1.443r2=1.444 http://sourceware.org/cgi-bin/cvsweb.cgi/src/winsup/cygwin/uinfo.cc.diff?cvsroot=srcr1=1.147r2=1.148
[ANNOUNCEMENT] Updated: clamav-0.91-1
The cygwin clamav packages (Clam AntiVirus - GPL anti-virus toolkit) has been updated to 0.91-1. This adds the previous experimental Phishing code (enabled in cygwin since 0.90-1) as default. About == Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software. See http://freshmeat.net/projects/clamav/ ChangeLog: http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog The clamav package comes in three parts: clamav: the executables and binaries libclamav2: the shared library since 0.90.1 libclamav-devel: development resources (headers, static- and import libraries) Cygwin Package Changes: * remove untouched /etc files with preremove To update your installation, click on the Install Cygwin now link on the http://cygwin.com/ web page. This downloads setup.exe to your system. Then, run setup and answer all of the questions. *** CYGWIN-ANNOUNCE UNSUBSCRIBE INFO *** If you want to unsubscribe from the cygwin-announce mailing list, look at the List-Unsubscribe: tag in the email header of this message. Send email to the address specified there. It will be in the format: [EMAIL PROTECTED] If you need more information on unsubscribing, start reading here: http://sources.redhat.com/lists.html#unsubscribe-simple Please read *all* of the information on unsubscribing that is available starting at this URL. -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: [ANNOUNCEMENT] Updated: clamav-0.91-1
Reini Urban [EMAIL PROTECTED] wrote: The cygwin clamav packages (Clam AntiVirus - GPL anti-virus toolkit) has been updated to 0.91-1. This adds the previous experimental Phishing code (enabled in cygwin since 0.90-1) as default. Reini, thank you for your efforts. I downloaded and it runs beautifully. Many should be able to sleep bettter at night thanks to your work. With both careful, downloading and with clamscan a pretty clean machine can be maintained.. Wynfield -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: Problem after fresh Cygwin installation
On 7/15/07, Dave Korn [EMAIL PROTECTED] wrote: On 13 July 2007 19:12, Bernd Bartmann wrote: Now comes the weird part. I created a new file hello.c in my home dir with vim. ls -al shows that the file exists, but more hello.c gives no output at all. I just get a new shell prompt. The same problem exits when I run gcc hello.c -o hello. Nothing happens, not even an error message is displayed and no file hello is created. Could be a missing dll dependency. Run cygcheck `which more` and see if any are listed as not found. Thanks Dave! cygcheck more reveals that more is available under /usr/bin/more, but cygintl-3.dll is missing. I'll try to download the whole Cygwin install directory tree from another mirror again and reinstall everything. Best regards, Bernd. -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
RE: Problem after fresh Cygwin installation
On 16 July 2007 14:53, Bernd Bartmann wrote: On 7/15/07, Dave Korn [EMAIL PROTECTED] wrote: Bernd, please abide by the list etiquette of not quoting people's email addresses in the raw, as they end up on the web archive and get harvested by spammers. (See http://cygwin.com/acronyms#PCYMTNQREAIYR for justification). On 13 July 2007 19:12, Bernd Bartmann wrote: Now comes the weird part. I created a new file hello.c in my home dir with vim. ls -al shows that the file exists, but more hello.c gives no output at all. I just get a new shell prompt. The same problem exits when I run gcc hello.c -o hello. Nothing happens, not even an error message is displayed and no file hello is created. Could be a missing dll dependency. Run cygcheck `which more` and see if any are listed as not found. Thanks Dave! cygcheck more reveals that more is available under /usr/bin/more, but cygintl-3.dll is missing. I'll try to download the whole Cygwin install directory tree from another mirror again and reinstall everything. STOP There should be no need to go that far. If you just re-run setup.exe, choosing Install from internet and then clicking Next all the way through without altering anything, it should just update your installation and, as part of that, it will verify the installed packages and attempt to install anything missing. So hopefully it'll only download anything that failed last time, or if it downloaded ok but the install step failed last time, it'll just re-run the install step. It should be much easier than redownloading the whole thing. If for any reason it doesn't work, you could try manually selecting the libintl3 package on the package chooser page to Reinstall. cheers, DaveK -- Can't think of a witty .sigline today -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: Problem after fresh Cygwin installation
On 7/16/07, Dave Korn wrote: Bernd, please abide by the list etiquette of not quoting people's email addresses in the raw, as they end up on the web archive and get harvested by spammers. (See http://cygwin.com/acronyms#PCYMTNQREAIYR for justification). Dave, thanks for the hint. I'll try to take care of this in the future, but I really think this should be done central on the mailing list server by the mailing list software that creates the list archives. There should be no need to go that far. If you just re-run setup.exe, choosing Install from internet and then clicking Next all the way through without altering anything, it should just update your installation and, as part of that, it will verify the installed packages and attempt to install anything missing. So hopefully it'll only download anything that failed last time, or if it downloaded ok but the install step failed last time, it'll just re-run the install step. It should be much easier than redownloading the whole thing. If for any reason it doesn't work, you could try manually selecting the libintl3 package on the package chooser page to Reinstall. The system I'm trying to install to is on a separate lab network that has no direct internet access. I need to take a CD or USB stick containing the install packages to the target system. Best regards, Bernd. -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
grep -f problem
Hi I have a problem with grep -f. Here is my example script: #!sh echo -e calvin\nhobbes expressions.txt echo -e calvin chases\nhis favourite imaginary friend\nhobbes text.txt grep -f expressions.txt text.txt The output is: $ grepbug.sh hobbes The expected output: C:\UnxUtils\usr\local\wbinsh grepbug.sh calvin chases hobbes I am not very familiar with unix or cygwin. Is there a kind soul to verify that this is really a problem by running the scrip on a true unix? I have both UnxUtils and cygwin installed. I cannot use UnxUtils because I cannot make its shell work interactively, and it seems like I cannot use cygwin because grep doesn´t work :-( Thanks Mårten -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
RE: Problem after fresh Cygwin installation
On 16 July 2007 15:12, Bernd Bartmann wrote: On 7/16/07, Dave Korn wrote: Bernd, please abide by the list etiquette of not quoting people's email addresses in the raw, as they end up on the web archive and get harvested by spammers. (See http://cygwin.com/acronyms#PCYMTNQREAIYR for justification). Dave, thanks for the hint. I'll try to take care of this in the future, but I really think this should be done central on the mailing list server by the mailing list software that creates the list archives. In the general case it can't, since there are an awful lot of things that are not email address but follow the format [EMAIL PROTECTED], many of which are command-line options that we really need to be able to post to the list without munging. e.g. ssh [EMAIL PROTECTED], for example. There should be no need to go that far. If you just re-run setup.exe, choosing Install from internet and then clicking Next all the way through without altering anything, it should just update your installation and, as part of that, it will verify the installed packages and attempt to install anything missing. So hopefully it'll only download anything that failed last time, or if it downloaded ok but the install step failed last time, it'll just re-run the install step. It should be much easier than redownloading the whole thing. If for any reason it doesn't work, you could try manually selecting the libintl3 package on the package chooser page to Reinstall. The system I'm trying to install to is on a separate lab network that has no direct internet access. I need to take a CD or USB stick containing the install packages to the target system. Well, the first thing to do is check whether libintl3 is there in the downloaded packages directory. It should be in package-dir/mirror-name/release/gettext/libintl3, and the md5sum of it should match what's listed in the related setup.ini in package-dir/mirror-name. If that's the case, no need to redownload; just take the directory across to the offline machine on the stick. Otherwise, yes, do the download again. cheers, DaveK -- Can't think of a witty .sigline today -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
RE: grep -f problem
On 16 July 2007 15:12, Mårten Gustafsson wrote: Hi I have a problem with grep -f. Here is my example script: #!sh echo -e calvin\nhobbes expressions.txt echo -e calvin chases\nhis favourite imaginary friend\nhobbes text.txt grep -f expressions.txt text.txt The output is: $ grepbug.sh hobbes The expected output: C:\UnxUtils\usr\local\wbinsh grepbug.sh calvin chases hobbes I am not very familiar with unix or cygwin. Is there a kind soul to verify that this is really a problem by running the scrip on a true unix? I can do better: I can verify it's Not A Bug by running the script on cygwin and seeing that it works fine. On the other hand, if I get the script to run unix2dos on 'expressions.txt' and 'text.txt' before grepping them, I get the result you were expecting. Are you on a textmode mount or something? Or do you perhaps have some dos line-endings in the grepbug script file itself? cheers, DaveK -- Can't think of a witty .sigline today -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: grep -f problem
On CygWin: $ echo -e calvin\nhobbesa $ echo -e calvin chased\nblah blah\nhobbesb $ grep -f a b calvin chased hobbes #!sh echo -e calvin\nhobbes expressions.txt echo -e calvin chases\nhis favourite imaginary friend\nhobbes text.txt grep -f expressions.txt text.txt $ ./a.sh calvin chases hobbes -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
hacked package on server
I performed a cygwin update today, and was confronted with an MD5 failure on one of the packages. The package was vim-7.1-1.tar.bz2 downloaded from mirrors.dotsrc.org As the package installed, I saw some strange behavior, I'm worried it might have been some kind of trojan. I saved the hacked package file in case a cygwin developer wants to see it. I was able to get the vim-7.1-1.tar.bz2 from another server with the correct MD5. The correct md5: df543517110fa14fcc13a207ef721459 *vim-7.1-1.tar.bz2 The md5 of the hacked package: 43f00ebc2964d7c84fde7b7150f1b3a5 *vim-7.1-1.tar.bz2-HACKED I also have a complaint: the dialog that notifies the user of the failed MD5 is not well designed. The dialog asks Do you want to skip the package? and has a yes and no button. I read it quickly and pressed no before thinking about it, the package went ahead and tried to install. I think there should be a little more effort to restrain the user from performing a dangerous action such as installing a package with a wrong MD5. -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: grep -f problem
Thanks for all replies. Now I have installed cygwin in unix mode and converted all my script files by running dos2unix *.sh. Everything works much better, thanks for all the help. I got the grep -f problem when running it in dos mode. I actually tried installing in unix mode but got lots of : No such file or directory errors trying to run my scrips, having no idea that it was the \r in my script files causing this. Mårten -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: hacked package on server
On Mon, Jul 16, 2007 at 10:30:52AM -0500, Louis Kruger wrote: I also have a complaint: the dialog that notifies the user of the failed MD5 is not well designed. The dialog asks Do you want to skip the package? and has a yes and no button. I read it quickly and pressed no before thinking about it, the package went ahead and tried to install. I think there should be a little more effort to restrain the user from performing a dangerous action such as installing a package with a wrong MD5. Good point. The message should probably be Do you want to not skip the package (No/Yes)? cgf -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: hacked package on server
This would be more helpful: Do you want to not skip the package (No/Yes/Maybe)? The Maybe can then consult a random number routine to decide whether or not to do the operation. -Original Message- From: Christopher Faylor [EMAIL PROTECTED] Sent: Jul 16, 2007 11:52 AM To: cygwin@cygwin.com Subject: Re: hacked package on server On Mon, Jul 16, 2007 at 10:30:52AM -0500, Louis Kruger wrote: I also have a complaint: the dialog that notifies the user of the failed MD5 is not well designed. The dialog asks Do you want to skip the package? and has a yes and no button. I read it quickly and pressed no before thinking about it, the package went ahead and tried to install. I think there should be a little more effort to restrain the user from performing a dangerous action such as installing a package with a wrong MD5. Good point. The message should probably be Do you want to not skip the package (No/Yes)? cgf -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/ -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: hacked package on server
On Mon, Jul 16, 2007 at 10:30:52AM -0500, Louis Kruger wrote: I also have a complaint: the dialog that notifies the user of the failed MD5 is not well designed. The dialog asks Do you want to skip the package? and has a yes and no button. I read it quickly and pressed no before thinking about it, the package went ahead and tried to install. I think there should be a little more effort to restrain the user from performing a dangerous action such as installing a package with a wrong MD5. Good point. The message should probably be Do you want to not skip the package (No/Yes)? cgf I realize you are joking, but the wording of the message is beside the point. For an ordinary end-user, installing a file with a wrong MD5 is the wrong (and dangerous) thing to do in just about any case I can think of. Therefore it should not be equally easy to select either option. My opinion is that the setup program should abort immediately on detecting a wrong MD5 with a message that the server may have been compromised. If there is a special case where someone may actually want this, it should be something non-obvious, like a -allow-wrong-md5 flag to the setup program. thanks, Louis -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: hacked package on server
* Louis Kruger (Mon, 16 Jul 2007 11:17:43 -0500) On Mon, Jul 16, 2007 at 10:30:52AM -0500, Louis Kruger wrote: I also have a complaint: the dialog that notifies the user of the failed MD5 is not well designed. The dialog asks Do you want to skip the package? and has a yes and no button. I read it quickly and pressed no before thinking about it, the package went ahead and tried to install. I think there should be a little more effort to restrain the user from performing a dangerous action such as installing a package with a wrong MD5. Good point. The message should probably be Do you want to not skip the package (No/Yes)? I realize you are joking, but the wording of the message is beside the point. That's a valid point as skipping already contains a negation meaning not installing. Something like Do you still want to install the package (although it might have been tampered with)? If unsure choose No. [Yes/No] - with a default of No would make definitely more sense. Thorsten -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: hacked package on server
I remember an extensive discussion about the purpose MD5 sums serve for the cygwin installer[1] some time ago. My understanding (synopsis) of the thread (before I gave up reading it in disgust somewhere around Christopher Faylor's suggestion that the subject be dropped :} ) was that md5sum is only used to indicate that a particular package had been completely downloaded (someone correct me if I misunderstood, please). If that is the case, then it seems to me to be a bit quick to declare a server or package compromised based on a mismatch of md5 sums. I do think that instead of simply aborting the install with a message that the server was compromised (was it? or is something else going on?), that a more useful option would be to allow the user to select a different mirror and continue the process. -- William Sutton [1] http://cygwin.com/ml/cygwin/2007-05/threads.html#00314 On Mon, 16 Jul 2007, Louis Kruger wrote: On Mon, Jul 16, 2007 at 10:30:52AM -0500, Louis Kruger wrote: I also have a complaint: the dialog that notifies the user of the failed MD5 is not well designed. The dialog asks Do you want to skip the package? and has a yes and no button. I read it quickly and pressed no before thinking about it, the package went ahead and tried to install. I think there should be a little more effort to restrain the user from performing a dangerous action such as installing a package with a wrong MD5. Good point. The message should probably be Do you want to not skip the package (No/Yes)? cgf I realize you are joking, but the wording of the message is beside the point. For an ordinary end-user, installing a file with a wrong MD5 is the wrong (and dangerous) thing to do in just about any case I can think of. Therefore it should not be equally easy to select either option. My opinion is that the setup program should abort immediately on detecting a wrong MD5 with a message that the server may have been compromised. If there is a special case where someone may actually want this, it should be something non-obvious, like a -allow-wrong-md5 flag to the setup program. thanks, Louis -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/ -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: hacked package on server
I do think that instead of simply aborting the install with a message that the server was compromised (was it? or is something else going on?), that a more useful option would be to allow the user to select a different mirror and continue the process. Sure. I just wanted to make the point that it is important to take extra steps to protect end-user from malicious tampering. If you want to investigate this, the file is here. The file size is correct, the MD5 is not. http://mirrors.dotsrc.org/cygwin/release/vim/vim-7.1-1.tar.bz2 Louis -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
U.B.S GROUP CONSULTANTS
Micheal Huntley U.B.S Group Consultant London. Attn: I have contacted you in the hope that you can be my associate to assume the new recipent of a Fixed-Income deposit Once I file in your name as the new recipent the funds will be approved through the AUTOMATED CLEARING HOUSE (ACH) - A facility used by financial institutions to distribute electronic debit and credit entries to bank accounts and settle such entries. Under the automated clearinghouse system, banks exchange checks and drafts drawn upon each other and settle their daily balances . Credit advice will be issued in your favor and the funds will clear your account within three banking days. I hope you will be honest enough to observe my share inspite of the funds coming through your account. Regards, Micheal Huntley U.B.S. Group Consultant -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
RE: hacked package on server
DANGER: Extreme sarcasm ahead. May also be withering. No warranty, no refunds. On 16 July 2007 16:31, Chicken Licken ^W^W Louis Kruger wrote: As the package installed, I saw some strange behavior, I'm worried it might have been some kind of trojan. Are you able to actually describe strange behaviour, or did you just get an eerie spine-tingling feeling with no actual physical symptoms outside your fevered imagination? I saved the hacked package file in case a cygwin developer wants to see it. I was able to get the vim-7.1-1.tar.bz2 from another server with the correct MD5. Oh, so you know that it's hacked do you? Having considered every other possibility, from faulty mirror to transmission error, you can confidently dismiss them: they could not have happened because they aren't exciting enough! Drama queen, much? The correct md5: df543517110fa14fcc13a207ef721459 *vim-7.1-1.tar.bz2 The md5 of the hacked package: 43f00ebc2964d7c84fde7b7150f1b3a5 *vim-7.1-1.tar.bz2-HACKED I downloaded the mirrors.dotsrc version, and I downloaded the mirrorservice.org version, and verified that as you say, the md5sum is wrong on the mirrors.dotsrc version. Rather than jump to unwarranted conclusions, I decided to investigate, instead of just guessing at the most hysterical option possible and rushing to spread FUD and loathing. They are both the same length, but the corrupted one differs from the correct one in two sequences: 0x4f5000 - 0x4f8000 and 0x58a000 - 0x58c000. Note the nice round offsets and sizes. I visually examined the incorrect data in hex: it seemed statistically similar to the correct data, but was not any simple transposition, shift or reframing of it. I also tried one very basic test to see if it could be some kind of trojanized package: I tried to unpack it. It failed: -- - /tmp/cyg-package-hack/unpack $ bunzip2 vim-7.1-1.tar.bz2 bunzip2: Data integrity error when decompressing. Input file = vim-7.1-1.tar.bz2, output file = vim-7.1-1.tar It is possible that the compressed file(s) have become corrupted. You can use the -tvv option to test integrity of such files. You can use the `bzip2recover' program to attempt to recover data from undamaged sections of corrupted files. bunzip2: Deleting output file vim-7.1-1.tar, if it exists. -- - At this point, by the most trivial experiment I have thoroughly debunked the paranoid interpretation. Given that the sizes and offets are nice integer multiples of inode size, I believe the dotsrc mirror simply has some crosslinked file chains, and we're seeing a few blocks of some other package file here. (I'm afraid I didn't bother to acquire the ultimate proof here, but it would be easy enough to download an entire mirror and then search the lot to see which file these chunks came from). I also have a complaint: the dialog that notifies the user of the failed MD5 is not well designed. The dialog asks Do you want to skip the package? and has a yes and no button. I read it quickly and pressed no before thinking about it, the package went ahead and tried to install. I think there should be a little more effort to restrain the user from performing a dangerous action such as installing a package with a wrong MD5. I'm an idiot in a hurry. I didn't bother to read what was right in front of my face, and it's all your fault for not stopping me! 1) Take less stimulants. 2) Stop watching films like Sneakers. 3) Calm down, breath deeply, and try not to be so hysterical. cheers, DaveK -- Can't think of a witty .sigline today -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
When is next cygwin going to be released
Hi, I'm new to cygwin, and I have tried the current cygwin, 1.5.24. It's good and everything, but I saw that there was work on the next version of cygwin. Do you know when this will be done? Also will that one support vista? We have a lot of vista machines and it would be nice to use cygwin on those machines. Thanking you in advance, Robert -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: hacked package on server
On Mon, Jul 16, 2007 at 11:59:12AM -0400, Brian Kelly wrote: This would be more helpful: Do you want to not skip the package (No/Yes/Maybe)? The Maybe can then consult a random number routine to decide whether or not to do the operation. Good point. I obviously stick at this UI stuff. cgf -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: hacked package on server
On Mon, Jul 16, 2007 at 02:38:17PM -0400, Christopher Faylor wrote: On Mon, Jul 16, 2007 at 11:59:12AM -0400, Brian Kelly wrote: This would be more helpful: Do you want to not skip the package (No/Yes/Maybe)? The Maybe can then consult a random number routine to decide whether or not to do the operation. Good point. I obviously stick at this UI stuff. ...and stink at consistently typing 'n' while in a phone conference, too. cgf -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: [ANNOUNCEMENT] Updated: clamav-0.91-1
[EMAIL PROTECTED] schrieb: Reini Urban [EMAIL PROTECTED] wrote: The cygwin clamav packages (Clam AntiVirus - GPL anti-virus toolkit) has been updated to 0.91-1. This adds the previous experimental Phishing code (enabled in cygwin since 0.90-1) as default. Reini, thank you for your efforts. I downloaded and it runs beautifully. Many should be able to sleep bettter at night thanks to your work. With both careful, downloading and with clamscan a pretty clean machine can be maintained.. Note that the new heuristic Phishing code will result in a lot of false positives, which led to quite a lot of discussion in the clamav list. And will lead to bad sleep on your side probably :) But the 99% CPU problem in the early 0.90 releases is gone. -- Reini -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: hacked package on server
Ugh, top-posting... Reformatted. On Mon, 16 Jul 2007, Brian Kelly wrote: -Original Message- From: Christopher Faylor [EMAIL PROTECTED] Sent: Jul 16, 2007 11:52 AM To: [EMAIL PROTECTED] http://cygwin.com/acronyms/#PCYMTNQREAIYR. Thanks. Subject: Re: hacked package on server On Mon, Jul 16, 2007 at 10:30:52AM -0500, Louis Kruger wrote: I also have a complaint: the dialog that notifies the user of the failed MD5 is not well designed. The dialog asks Do you want to skip the package? and has a yes and no button. I read it quickly and pressed no before thinking about it, the package went ahead and tried to install. I think there should be a little more effort to restrain the user from performing a dangerous action such as installing a package with a wrong MD5. Good point. The message should probably be Do you want to not skip the package (No/Yes)? cgf This would be more helpful: Do you want to not skip the package (No/Yes/Maybe)? The Maybe can then consult a random number routine to decide whether or not to do the operation. Jeez, guys. Haven't you learned ANYTHING in a UI design course? The main purpose of the UI is to give the user a warm fuzzy feeling and to overwhelm him with critical information to the point of being incapable of making rash decisions like this. Therefore, the message should read thus: Do you not want to not skip the abovementioned package? And the buttons should read Yes, No, and I need more time to decide, the last one being in the middle and more prominent. It would also help to have a fake countdown running somewhere in the window, with large black digits. Guess which button the user will go for? Igor -- http://cs.nyu.edu/~pechtcha/ |\ _,,,---,,_[EMAIL PROTECTED] | [EMAIL PROTECTED] ZZZzz /,`.-'`'-. ;-;;,_Igor Peshansky, Ph.D. (name changed!) |,4- ) )-,_. ,\ ( `'-' old name: Igor Pechtchanski '---''(_/--' `-'\_) fL a.k.a JaguaR-R-R-r-r-r-.-.-. Meow! Belief can be manipulated. Only knowledge is dangerous. -- Frank Herbert -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: hacked package on server
On Mon, 16 Jul 2007, Louis Kruger wrote: As the package installed, I saw some strange behavior, I'm worried it might have been some kind of trojan. Are you able to actually describe strange behaviour It crashed the setup program, which seemed to indicate it was installing strangely named files. It also corrupted the cygwin package directory. I could not run the setup program again even using a different mirror until I cleaned out the file /etc/setup/vim.lst.gz. Ah, now we're getting somewhere. Can you please attempt the installation again and save the copy of the vim.lst.gz (and post it as an attachment)? Setup should not crash on corrupted packages -- the fact that it did probably indicates a bug in the bzip2 library or in the setup package handling code. Your evidence seems to indicate that it is simple corruption rather than tampering. I am pleased to see that. Well, if it *were* some kind of trojan or virus, the corrupted executables would come into play when *invoking* vim, not when attempting to install it. Igor -- http://cs.nyu.edu/~pechtcha/ |\ _,,,---,,_[EMAIL PROTECTED] | [EMAIL PROTECTED] ZZZzz /,`.-'`'-. ;-;;,_Igor Peshansky, Ph.D. (name changed!) |,4- ) )-,_. ,\ ( `'-' old name: Igor Pechtchanski '---''(_/--' `-'\_) fL a.k.a JaguaR-R-R-r-r-r-.-.-. Meow! Belief can be manipulated. Only knowledge is dangerous. -- Frank Herbert -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: When is next cygwin going to be released
Robert Mithund wrote: Hi, I'm new to cygwin, and I have tried the current cygwin, 1.5.24. It's good and everything, but I saw that there was work on the next version of cygwin. Do you know when this will be done? There is nothing firm. Watch the list. Also will that one support vista? We have a lot of vista machines and it would be nice to use cygwin on those machines. Why can't you use the current version on Vista? Others are. -- Larry Hall http://www.rfk.com RFK Partners, Inc. (508) 893-9779 - RFK Office 216 Dalton Rd. (508) 893-9889 - FAX Holliston, MA 01746 _ A: Yes. Q: Are you sure? A: Because it reverses the logical flow of conversation. Q: Why is top posting annoying in email? -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: hacked package on server
On 7/16/07, Igor Peshansky [EMAIL PROTECTED] wrote: Ugh, top-posting... Reformatted. On Mon, 16 Jul 2007, Brian Kelly wrote: -Original Message- From: Christopher Faylor [EMAIL PROTECTED] Sent: Jul 16, 2007 11:52 AM To: [EMAIL PROTECTED] http://cygwin.com/acronyms/#PCYMTNQREAIYR. Thanks. Subject: Re: hacked package on server On Mon, Jul 16, 2007 at 10:30:52AM -0500, Louis Kruger wrote: I also have a complaint: the dialog that notifies the user of the failed MD5 is not well designed. The dialog asks Do you want to skip the package? and has a yes and no button. I read it quickly and pressed no before thinking about it, the package went ahead and tried to install. I think there should be a little more effort to restrain the user from performing a dangerous action such as installing a package with a wrong MD5. Good point. The message should probably be Do you want to not skip the package (No/Yes)? cgf This would be more helpful: Do you want to not skip the package (No/Yes/Maybe)? The Maybe can then consult a random number routine to decide whether or not to do the operation. Jeez, guys. Haven't you learned ANYTHING in a UI design course? The main purpose of the UI is to give the user a warm fuzzy feeling and to overwhelm him with critical information to the point of being incapable of making rash decisions like this. Therefore, the message should read thus: Do you not want to not skip the abovementioned package? And the buttons should read Yes, No, and I need more time to decide, the last one being in the middle and more prominent. It would also help to have a fake countdown running somewhere in the window, with large black digits. Guess which button the user will go for? Igor Yes, everyone now has been quite hilarious on this part of the matter, but I think it's time to get past the arrogance and, god forbid, consider that a user's reported problem, oh my god, might actually be a problem! Any time there's a report of a user having a problem with an interface, *especially* one that's _supposedly_ so easy and obvious, why not address it? Or why not AT LEAST take a thought and say to yourself, if something is supposed to be so simple and obvious, and yet someone is having a problem with it, maybe *I* am making an assumption about the simplicity of it? In this case, a user running an installer is in the frame of mind of *installing* things, not *skipping* things. So when they are asked a question, they should be asked questions about *installing*, not *skipping*, and the answers should be taken in that context. Yes should do the install, while No should not. Switching the context to skipping causes the type of confusion that is going on here. If it's so minor, be glad that someone actually reported it and now you have the chance to make the project better. Most people would just get confused, stop, reread, hopefully make the right choice, and move on, but retain the impression that it's hard to use and confusing. This may affect their decision to use it in the future, or their decision to recommend it to others, etc... Isn't that a much more intelligent response than, Wow, our users are such idiots! I'm so much better than them because I'm a such a smart computer guy! PS. This same concept applies to the recent discussion about documentation, and all the previous ones as well. If something is not obvious enough for people to find it, then it should be made more obvious (or at least some consideration given to the request). One does not have control over the ways people approach a problem. This project does have control over how/where documentation is located, and the ease of finding it. Focus on what you have control over. -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: Latest snapshot revamps pipe/fifo handling
On Jul 9 07:52, Karl M wrote: Hi All... From: Christopher Faylor Subject: Latest snapshot revamps pipe/fifo handling Date: Sat, 7 Jul 2007 13:55:47 -0400 I've checked in a fairly major change to cygwin today. [...] I tried out the July 8, 2007 snapshot cygwin1.dll and had the following issue (I replaced just the cygwin1.dll file). I typed ssh localhost and got as far as the login banner and then it hung there. The bash process started by sshd was consuming all avaliable CPU. I got the same result if I used ssh to login from another machine. When I tried two simultaneous ssh connections, the created bash processes seemed to share the CPU equally (by observing them in the taks manager). I use ssh agent forwarding in case that is relevant. Did you run this as administrative user or as normal, non-privileged user? I fixed a problem in current CVS which might be the actual cause of this hang, and which has nothing to do with cgf's pipe changes. I found this while looking for an entirely unrelated problem, when trying to login as non-privileged user resulted in a hang the same way you describe it above. My patch solved the hang for me, but it might be something different in your case. Please test with the next snapshot again. Thanks, Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Project Co-Leader cygwin AT cygwin DOT com Red Hat -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: cygwin on XP home edition (Please help i cant get further with this)
On Jul 15 14:11, Hennie wrote: Is nobody using XP home edition in combination with cygwin? Not voluntarily, no. Then throw it out of the group users. you can do this in a windows cmd box with. net localgroup users USERNAME /DEL And after that do a mkpassword and mkgroup in cygwin mkuser -l /etc/passwd mkgroup -u -l /etc/group login (via ssh preferably) as that user and give the command $groups Is it according to cygwin still in the group users ? If so is this a behaviour of XP home edition? Does this allso happen in XP professional? It also happens on XP Professional. I have no idea why yet. There's nothing special with the users group in Cygwin. The group list is taken from the returned user/group lists of the Win32 API. I'm wondering if Windows adds the Users group to the list if the user is not in any local group. I'll investigate this further at one point. Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Project Co-Leader cygwin AT cygwin DOT com Red Hat -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: Latest snapshot revamps pipe/fifo handling
On Mon, Jul 16, 2007 at 10:12:58PM +0200, Corinna Vinschen wrote: On Jul 9 07:52, Karl M wrote: Hi All... From: Christopher Faylor Subject: Latest snapshot revamps pipe/fifo handling Date: Sat, 7 Jul 2007 13:55:47 -0400 I've checked in a fairly major change to cygwin today. [...] I tried out the July 8, 2007 snapshot cygwin1.dll and had the following issue (I replaced just the cygwin1.dll file). I typed ssh localhost and got as far as the login banner and then it hung there. The bash process started by sshd was consuming all avaliable CPU. I got the same result if I used ssh to login from another machine. When I tried two simultaneous ssh connections, the created bash processes seemed to share the CPU equally (by observing them in the taks manager). I use ssh agent forwarding in case that is relevant. Did you run this as administrative user or as normal, non-privileged user? I fixed a problem in current CVS which might be the actual cause of this hang, and which has nothing to do with cgf's pipe changes. I found this while looking for an entirely unrelated problem, when trying to login as non-privileged user resulted in a hang the same way you describe it above. My patch solved the hang for me, but it might be something different in your case. Please test with the next snapshot again. Thank you! I kept meaning to ask if you'd seen this. I went over and over my changes trying to see how I could have introduced something like this but I never could see anything. I also meant to ask you if I was using the security stuff correctly. Did you ever look at that? cgf -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
RE: hacked package on server
Christopher Faylor wrote: On Mon, Jul 16, 2007 at 03:44:51PM -0400, Brian Mathis wrote: Yes, everyone now has been quite hilarious on this part of the matter, but I think it's time to get past the arrogance and, god forbid, consider that a user's reported problem, oh my god, might actually be a problem! You did receive one response with a suggestion: http://cygwin.com/ml/cygwin/2007-07/msg00396.html I don't see how it's productive for you to assume humor-as-arrogance and respond to that but avoid responding to the suggestion. Any time there's a report of a user having a problem with an interface, *especially* one that's _supposedly_ so easy and obvious, why not address it? Or why not AT LEAST take a thought and say to yourself, if something is supposed to be so simple and obvious, and yet someone is having a problem with it, maybe *I* am making an assumption about the simplicity of it? Ok. I'll bite. Has anyone done a google search to see if anyone else was confused by this message? The message seems pretty clear to me and not something that I would misinterpret. It doesn't seem like this is something that anyone should take a lot of time fixing if we've only gotten one complaint. OTOH, if more people have been confused by the message then possibly it is something worth changing. cgf Well in my opinion It could even be better to have an unchecked checkbox like: Wrong MD5 sum detected. This package look broken. Try another mirror. ( ) Yes I Really want to install this even if it looks broken. OK Or something like that. Then its two clicks or several keystrokes before one can continue. -- tel 0920 49 1894 Bengt-Arne Fjellner -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: hacked package on server
On Tue, Jul 17, 2007 at 12:47:50AM +0200, Bengt-Arne Fjellner wrote: Or something like that. Then its two clicks or several keystrokes before one can continue. If you want to help, then dig up multiple googled cases of previous confusion. Then we can quibble about wording. cgf -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: hacked package on server
Bengt-Arne Fjellner wrote: Well in my opinion It could even be better to have an unchecked checkbox like: Wrong MD5 sum detected. This package look broken. Try another mirror. ( ) Yes I Really want to install this even if it looks broken. OK Or something like that. Then its two clicks or several keystrokes before one can continue. yes, and having something like: are you sure yes|no (user clicks yes) are you really sure? yes|no (user clicks yes again) are you really, really sure? yes|no ... also makes it several clicks. The best solution, would be to replace the yes/no buttons with verbs/actions, like skip/'install anyway'/abort. I haven't looked at the code, but it is probably using MessageBox(Ex), which doesn't allow that. Coding an extended messagebox isn't *that* hard, but, it is still work that takes motivation to do. The second best, and quickest, would be for a patch to show up implementing Thorsten's suggestion that cfg pointed out. Until someone steps up to do the work, this discussion is just going to fade out and die. Cheers, Pedro Alves -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: hacked package on server
On Tue, Jul 17, 2007 at 12:20:19AM +0100, Pedro Alves wrote: The second best, and quickest, would be for a patch to show up implementing Thorsten's suggestion that cfg pointed out. Until someone steps up to do the work, this discussion is just going to fade out and die. Urp. How could I have missed the opportunity to point something like that out? I must be slipping. Of course, I would hate to trade what I consider to be a perfectly understandable message for another understandable message if this is really a non-issue. cgf -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: hacked package on server
On Tue, 17 Jul 2007, Pedro Alves wrote: Bengt-Arne Fjellner wrote: Well in my opinion It could even be better to have an unchecked checkbox like: Wrong MD5 sum detected. This package look broken. Try another mirror. ( ) Yes I Really want to install this even if it looks broken. OK Or something like that. Then its two clicks or several keystrokes before one can continue. yes, and having something like: are you sure yes|no (user clicks yes) are you really sure? yes|no (user clicks yes again) are you really, really sure? yes|no ... also makes it several clicks. Indeed. The best solution, would be to replace the yes/no buttons with verbs/actions, like skip/'install anyway'/abort. I haven't looked at the code, but it is probably using MessageBox(Ex), which doesn't allow that. Coding an extended messagebox isn't *that* hard, but, it is still work that takes motivation to do. Yes, the code does use MessageBox. However, there already exists, in fact, a bit of code implementing a custom MessageBox (or, rather, overriding the button labels) for the Retry on in-use files functionality. Interested parties should look at lines 181-217 of install.cc (which adds an MB_RETRYCONTINUE message box type). The second best, and quickest, would be for a patch to show up implementing Thorsten's suggestion that cfg pointed out. Until someone steps up to do the work, this discussion is just going to fade out and die. That is exactly the right approach. http://cygwin.com/acronyms/#PTC drives the open-source world more than anything else. So, any volunteers? There isn't even a need to fill out a copyright assignment for setup contributions... Igor -- http://cs.nyu.edu/~pechtcha/ |\ _,,,---,,_[EMAIL PROTECTED] | [EMAIL PROTECTED] ZZZzz /,`.-'`'-. ;-;;,_Igor Peshansky, Ph.D. (name changed!) |,4- ) )-,_. ,\ ( `'-' old name: Igor Pechtchanski '---''(_/--' `-'\_) fL a.k.a JaguaR-R-R-r-r-r-.-.-. Meow! Belief can be manipulated. Only knowledge is dangerous. -- Frank Herbert -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
RE: hacked package on server
From: Brian Mathis [snip] Yes, everyone now has been quite hilarious on this part of the matter, but I think it's time to get past the arrogance and, god forbid, consider that a user's reported problem, oh my god, might actually be a problem! snort! Heheheh! He thinks he's on the [insert name of any other project here] mailing list! -- Gary R. Van Sickle -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: hacked package on server
Brian Mathis wrote: In this case, a user running an installer is in the frame of mind of *installing* things, not *skipping* things. Perhaps this is in your case, certainly not everyone in this mailing list. So when they are asked a question, they should be asked questions about *installing*, not *skipping*, and the answers should be taken in that context. Yes should do the install, while No should not. Switching the context to skipping causes the type of confusion that is going on here. The OP said: Do you want to skip the package? and has a yes and no button. I read it quickly and pressed no before thinking about it ^^ So you see, it's a problem of thought. The UI message *is* very clear. One simply needs to think before acting. Thank you very much. Best Regards, Carlo -- Carlo Florendo Softare Engineer/Network Co-Administrator Astra Philippines Inc. UP-Ayala Technopark, Diliman 1101, Quezon City Philippines http://www.astra.ph -- The Astra Group of Companies 5-3-11 Sekido, Tama City Tokyo 206-0011, Japan http://www.astra.co.jp -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: hacked package on server
Louis Kruger wrote: As the package installed, I saw some strange behavior, I'm worried it might have been some kind of trojan. Are you able to actually describe strange behaviour It crashed the setup program, which seemed to indicate it was installing strangely named files. It also corrupted the cygwin package directory. I could not run the setup program again even using a different mirror until I cleaned out the file /etc/setup/vim.lst.gz. Your evidence seems to indicate that it is simple corruption rather than tampering. I am pleased to see that. And this evidence indicates that your system is infected *before* you even run setup.exe. So beware. ;-) Thank you very much. Best Regards, Carlo -- Carlo Florendo Softare Engineer/Network Co-Administrator Astra Philippines Inc. UP-Ayala Technopark, Diliman 1101, Quezon City Philippines http://www.astra.ph -- The Astra Group of Companies 5-3-11 Sekido, Tama City Tokyo 206-0011, Japan http://www.astra.co.jp -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: hacked package on server
Hi, Carlo Florendo wrote: Brian Mathis wrote: The OP said: Do you want to skip the package? and has a yes and no button. I read it quickly and pressed no before thinking about it ^^ So you see, it's a problem of thought. The UI message *is* very clear. One simply needs to think before acting. the message is clear. The user answers that he wants to install. As I understand this threat, the message is misleading in this case. I noticed this many times with the installer. A person who knows the installer, can give the proper answer. A normal user will answer the question as he understands it using plain English. Do you want to skip the package? No! Why did I start the installer in the first place? To install the package. Erich -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: hacked package on server
Erich Dollansky wrote: Hi, Carlo Florendo wrote: Brian Mathis wrote: The OP said: Do you want to skip the package? and has a yes and no button. I read it quickly and pressed no before thinking about it ^^ So you see, it's a problem of thought. The UI message *is* very clear. One simply needs to think before acting. the message is clear. The user answers that he wants to install. As I understand this threat, the message is misleading in this case. It's not. I noticed this many times with the installer. A person who knows the installer, can give the proper answer. A normal user will answer the question as he understands it using plain English. What's the difference between a proper answer and an answer from someone who understands it using plain English? Do you want to skip the package? No! Precisely. That's why the question was asked. Thank you very much. Best Regards, Carlo -- Carlo Florendo Softare Engineer/Network Co-Administrator Astra Philippines Inc. UP-Ayala Technopark, Diliman 1101, Quezon City Philippines http://www.astra.ph -- The Astra Group of Companies 5-3-11 Sekido, Tama City Tokyo 206-0011, Japan http://www.astra.co.jp -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: hacked package on server
Erich Dollansky wrote: Carlo Florendo wrote: Brian Mathis wrote: The OP said: Do you want to skip the package? and has a yes and no button. I read it quickly and pressed no before thinking about it ^^ So you see, it's a problem of thought. The UI message *is* very clear. One simply needs to think before acting. the message is clear. The user answers that he wants to install. As I understand this threat, the message is misleading in this case. I noticed this many times with the installer. A person who knows the installer, can give the proper answer. A normal user will answer the question as he understands it using plain English. Do you want to skip the package? No! Why did I start the installer in the first place? To install the package. Perhaps the screen should flash, and a loud beep should sound every time a MessageBox not related to install to package wants to show up. Then wait 3 seconds, show a warning, going out of install mode MessageBox, sleep a bit more, and only then show the skip message box. I mean, there has got to be a way to for the program to ask the user a non install related package, right? Seriously: Everyone's clicked on a wrong button before. I know I have - I just don't remember the last time. The switch from: do you want to format your drive?: +-+ +-+ + yes + + no + +-+ +-+ to: do you want to format your drive?: ++ +-+ + format + + cancel + ++ +-+ ... Makes it much easier to understand what the software's up to. And, paint the pushbuttons the same color you've done your bikeshed. Cheers, Pedro Alves -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: hacked package on server
Pedro Alves wrote: Perhaps the screen should flash, and a loud beep should sound every time a MessageBox not related to install to package wants to show up. Then wait 3 seconds, show a warning, going out of install mode MessageBox, sleep a bit more, and only then show the skip message box. Thank you Pedro. This is the most ideal solution :) I mean, there has got to be a way to for the program to ask the user a non install related package, right? Seriously: Everyone's clicked on a wrong button before. I know I have - I just don't remember the last time. The switch from: do you want to format your drive?: +-+ +-+ + yes + + no + +-+ +-+ to: do you want to format your drive?: ++ +-+ + format + + cancel + ++ +-+ ... Makes it much easier to understand what the software's up to. That's right. It's sad that I never thought of this before. With this suggestion of yours, all doubts will be erased about the true nature of Cygwin. Problems such as not knowing the answer to a clear question will eventually disapper from the mailing list and we will all be happier. Thanks again! Best Regards, Carlo -- Carlo Florendo Softare Engineer/Network Co-Administrator Astra Philippines Inc. UP-Ayala Technopark, Diliman 1101, Quezon City Philippines http://www.astra.ph -- The Astra Group of Companies 5-3-11 Sekido, Tama City Tokyo 206-0011, Japan http://www.astra.co.jp -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: hacked package on server
Hi, Pedro Alves wrote: Erich Dollansky wrote: Carlo Florendo wrote: Brian Mathis wrote: The OP said: Do you want to skip the package? and has a yes and no button. I read it quickly and pressed no before thinking about it ^^ So you see, it's a problem of thought. The UI message *is* very clear. One simply needs to think before acting. the message is clear. The user answers that he wants to install. As I understand this threat, the message is misleading in this case. I noticed this many times with the installer. A person who knows the installer, can give the proper answer. A normal user will answer the question as he understands it using plain English. Do you want to skip the package? No! Why did I start the installer in the first place? To install the package. Perhaps the screen should flash, and a loud beep no, this is not the idea behind. The switch from: do you want to format your drive?: +-+ +-+ + yes + + no + +-+ +-+ to: do you want to format your drive?: ++ +-+ + format + + cancel + ++ +-+ ... Makes it much easier to understand what the software's up to. when I start a disk formating program, I understand the question just as a confirmation. When I start an installation program, I will also understand simple questions like this as an confirmation. But the question appears this time not as a confirmation but as an error message. Displaying the short message give the normal user even more the impression that it is just a simple confirmation of what he is intending to do anyway. So, he answers with his intend in mind. Erich And, paint the pushbuttons the same color you've done your bikeshed. Cheers, Pedro Alves -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/ -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: hacked package on server
Pedro Alves wrote: The switch from: do you want to format your drive?: +-+ +-+ + yes + + no + +-+ +-+ to: do you want to format your drive?: ++ +-+ + format + + cancel + ++ +-+ ... Makes it much easier to understand what the software's up to. sarcasm off This sort of thing is exactly what the KDE usability group is pushing for in 4.0, but... sarcasm on ...obviously those usability people just don't know anything. -- Matthew Every cloud has a silver lining (except for the mushroom shaped ones, which have a lining of iridium and strontium 90) -- Sean Dwyer -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: hacked package on server
Carlo Florendo wrote: The switch from: do you want to format your drive?: +-+ +-+ + yes + + no + +-+ +-+ to: do you want to format your drive?: ++ +-+ + format + + cancel + ++ +-+ ... Makes it much easier to understand what the software's up to. That's right. It's sad that I never thought of this before. With this suggestion of yours, all doubts will be erased about the true nature of Cygwin. Problems such as not knowing the answer to a clear question will eventually disapper from the mailing list and we will all be happier. It seems that there are people that like to bash everyone. I don't care a bit about this message box. I read my dialogs, thank you. Modern GUIs are changing to use verbs/actions in dialogs, instead of the simple yes/no, that forces the reader to do an indirection. Unfortunately, the Windows doesn't provide an easy facility (read 1 line of code) to do it, so most Windows apps don't. Take a look at kde, or gnome, and you'll see it everywhere. Heck, it's even in the some UIG. Shocking! http://developer.kde.org/documentation/design/ui/summary.html 'Dialogues that ask questions should not use Yes/No; this forces the user to tke an extra mental step such as Am I saying Yes to deleting this file, or am I saying yes to keeping this file?' Again, I don't care a bit about this use case. I've spent more time replying to this thread then I initially thought I would. So, ta da! Pedro Alves -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Doc change request
Could I ask someone to do a search and replace on the docs and change all occurrences of /usr/man and /usr/doc to /usr/share/man and /usr/share/doc? Brian, do you have time to do this? I think you touched the documentation list so you're it. cgf -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: Doc change request
On Tue, Jul 17, 2007 at 12:03:09AM -0400, Christopher Faylor wrote: Could I ask someone to do a search and replace on the docs and change all occurrences of /usr/man and /usr/doc to /usr/share/man and /usr/share/doc? Brian, do you have time to do this? I think you touched the documentation list so you're it. last cgf -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Updated: clamav-0.91-1
The cygwin clamav packages (Clam AntiVirus - GPL anti-virus toolkit) has been updated to 0.91-1. This adds the previous experimental Phishing code (enabled in cygwin since 0.90-1) as default. About == Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software. See http://freshmeat.net/projects/clamav/ ChangeLog: http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog The clamav package comes in three parts: clamav: the executables and binaries libclamav2: the shared library since 0.90.1 libclamav-devel: development resources (headers, static- and import libraries) Cygwin Package Changes: * remove untouched /etc files with preremove To update your installation, click on the Install Cygwin now link on the http://cygwin.com/ web page. This downloads setup.exe to your system. Then, run setup and answer all of the questions. *** CYGWIN-ANNOUNCE UNSUBSCRIBE INFO *** If you want to unsubscribe from the cygwin-announce mailing list, look at the List-Unsubscribe: tag in the email header of this message. Send email to the address specified there. It will be in the format: [EMAIL PROTECTED] If you need more information on unsubscribing, start reading here: http://sources.redhat.com/lists.html#unsubscribe-simple Please read *all* of the information on unsubscribing that is available starting at this URL.