Re: xrdp broken, possible directions
Nothing yet. I did manage to file a Launchpad bug with patch to get weston-rdp to build--as a separate package (weston-rdp-compositor) due to the large number of additional dependencies the RDP compositor draws in. As noted, I haven't managed to actually test it--I don't have a real Zesty environment--and mainly intended to make the component installable as a first step. https://bugs.launchpad.net/ubuntu/+source/weston/+bug/1654864 I'm not a programmer, in any case; I can try to work out a bash script to wrapper weston-rdp with an X11rdp frontend, but that's about it for me. So far, Zesty is at the point where other interested parties can readily start trying to do more-advanced things like integrate an RDP session back-end with a greeter (e.g. get LightDM to spawn under weston-rdp/xwayland or mir-rdp/xmir, if someone implements that) or use the more-advanced features of Wayland/Mir to move sessions between console and RDP (supposedly, Wayland can do things like move a session from the console to VNC or such without disrupting applications). I'm hoping to get somewhere farther with this by 18.04 LTS. That would land this on servers and Raspberry Pi distributions. As to how far... maybe I can make an X11rdp shell script work; if there's no other interest, that's as far as it's going to go. On Mon, Jan 23, 2017 at 5:47 PM, Martinx - ジェームズ <thiagocmarti...@gmail.com> wrote: > > On 7 January 2017 at 22:35, John Moser <john.r.mo...@gmail.com> wrote: > >> As per bug 220005 >> >> https://bugs.launchpad.net/ubuntu/+source/xrdp/+bug/220005 >> >> xrdp doesn't work. It used to build X11rdp by patching Xorg to write to >> an RDP session, but this no longer builds and doesn't get installed. >> >> Fundamentally, xrdp-sesman runs a command with some arguments. It has a >> configuration section in /etc/xrdp/sesman.ini like so: >> >> [X11rdp] >> param1=-bs >> param2=-ac >> param3=-nolisten >> param4=tcp >> >> Thus any X11 service can stand in. >> >> Weston typically comes with weston-rdp, although this isn't built in >> Ubuntu. This is an RDP compositor, and listens on a port for an RDP >> connection. Stacking Wayland-X on top of this would immediately give an >> xrdp replacement. >> >> As a possible forward direction, Ubuntu could: >> >> - Provide weston-rdp; >> - Provide an X11rdp which runs weston-rdp to host Wayland-X; >> - promote the necessary pieces to main; >> - provide a default configuration which listens on 3389 (RDP) and >> automatically starts an X11rdp session with a Display Manager (lightdm, >> gdm, etc.). >> >> This would allow a user to install xrdp and immediately have a system >> which gives a login screen on the RDP port. No VNC, no logging in with >> xrdp's ugly session manager; instead we would get the same functionality as >> Windows servers, using the same protocol. >> >> Even servers without a console display manager could allow login through >> RDP in this way. >> >> Obviously, this doesn't immediately provide advanced options like >> disconnecting from the RDP session and leaving it running, reconnecting to >> the same session (by logging in as the same user), sharing the session, or >> accessing the existing console session. I believe all of the pieces to >> provide basic remote RDP access are there, however; advanced functionality >> will require more code. >> >> Thoughts? >> >> -- >> Ubuntu-devel-discuss mailing list >> Ubuntu-devel-discuss@lists.ubuntu.com >> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailm >> an/listinfo/ubuntu-devel-discuss >> >> > +1000 for that! I really want to see this smooth RDP integration on > Ubuntu! Sounds awesome! > > Do you have some workaround for this problem? Maybe manually doing some > changes? > > Cheers! > Thiago > -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: My opinion on Ubuntu cancelling Intel 80386/80386-clone processor support
On Sun, 2016-09-11 at 12:52 -0400, Tom H wrote: > On Sun, Sep 11, 2016, Ralf Mardorf> wrote: > > > > > > You are quoting me out of context. The context is that the poor > > can't > > donate new computers and they can't pay for infrastructure, such as > > internet access for everyone. _BUT_ rich people could, they are > > just > > not interested in doing it, they are greedy. > You mean selfish. So what? We all are! > > I've only read a quarter (or less) of the posts in this thread so I > don't know how it went from "32-bit ISOs are being deprecated" to > social and economic pseudo-commentary (I can make an educated guess!) > but do you really think that this is the best use of > ubuntu-devel-discuss@? > As much as I enjoy discussing economics, it's really hard to separate this from political contexts. The major point of contention is whether Ubuntu targets old systems and third-world e-reuse programs. I have said an organization specifically targeting those uses and managing collection, software provision, and distribution would be more-efficient (cheaper) and more-effective (better results) than tacking on so-called "support" for an imaginary, ill-defined, and minority use case to a general-purpose effort. There is no use dragging around a boat anchor just in case you meet someone who has a boat. Someone else is already in the business of making and selling boat anchors. -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
[OT] Re: My opinion on Ubuntu cancelling Intel 80386/80386-clone processor support
On Sun, 2016-09-11 at 17:24 +0200, Ralf Mardorf wrote: > On Sun, 11 Sep 2016 15:58:44 +0300, Thierry Andriamirado wrote: > > > > Le 10 septembre 2016 20:13:47 UTC+03:00, Ralf Mardorf > >a écrit : > > > > > > > > It's not the task of the poor to help the poor. > > Of course IT IS! ;) > > I'm not so poor compared to many malagasy people, but being in a > > poor > > country, I should be one of the first to raise their hands to speak > > for these "poors" who still use old hardwares. With the help of > > those > > in rich countries. ;) > You are quoting me out of context. The context is that the poor can't > donate new computers and they can't pay for infrastructure, such as > internet access for everyone. _BUT_ rich people could, they are just > not interested in doing it, they are greedy. Stop that. Everybody loves to say "X has less and Y has more, Y is greedy!" This has lead to enormous political problems preventing any effective aid to the economically disadvantaged. To illustrate in a somewhat off-topic direction: the United States can implement the modern concept of a Universal Basic Income (UBI) as a Universal Social Security (USS) for $1 trillion lower burden on the taxpayer, without raising taxes on the rich. This can easily end homelessness and hunger across the nation; create an enormous demand for jobs (which eventually requires shorter working hours to counterbalance); and remediate an incredibly faulty welfare system that would take too long to discuss here. And yes, it really is a trillion dollars: https://bluecollarlunch.word press.com/2016/07/22/a-basic-income-is-a-trillion-dollars-cheaper/ Most UBI proponents oppose this because IT DOESN'T TAX THE RICH MORE. Many people also get angry because the income bump "doesn't make businesses pay"--your effective "minimum wage" goes up, but the evil, greedy business doesn't have to pay it, so this is wrong. In other words: people are less-interested in helping the poor and more interested in attacking people or classes of people whom they dislike. People attacked the American Red Cross WHILE THEY WERE STOPPING A CHOLERA EPIDEMIC IN HAITI, going so far as to complain that ARC hired contractors who then made a profit--never mind that they actually got food, water, sanitization, vaccination, government disaster response programs for future crises, and temporary shelter distributed to people who would be dead by now; there's evil rich people to burn, and nobody really cares about dirty poor people on some barely-developed island somewhere. Do you have any concept of how many people suffer and die every year because everyone is focused on how to pry money away from businesses and high-income individuals instead of how to effectively address societal problems by organized effort or public policy? That doesn't even go into the economic considerations. People still think money is wealth; but money is backed by the productive output of a population. Want to see how it really works? In America, we outsource a lot. We import labor and goods (ultimately labor). Even when we bring things from China, someone has to ship it, someone has to stock it, someone has to retail it. There's a huge amount of labor just in moving and selling goods. Americans have income, from jobs. When goods and services are purchased, that money is business revenue. Revenue goes to individuals (wages), other businesses (overhead), and profits. Put the wages and profits together, and you have income. All of the income in America is equivalent to all of the business productive output; import goods are bought and thus the money goes out of the country, while those goods are sold locally and the price then divided between wages and business profits, thus reflecting the production of retail and shipping services. IT services and made-in-America things (e.g. food?) are of course tangibly made here. The ability to keep importing goods, of course, predicates on our ability to produce more goods. America does trade away a lot of grain, IT services, and electronics goods (iPhones made in China by the specifications of Apple; China gets its cut, but so does the US). Take a step back and look at all the money moving around. Every dollar spent represents somethings that was made, shipped, and sold. If we produce half as much but still employed as many people for the same yearly wage, everything would cost twice as much--suddenly we're making 5,000 instead of 10,000, but we're still paying Charlie $40,000/year, and have to divvy his salary up into the price of each of these. That means Charlie ultimately can only buy half as much. So you look at these poor countries and tell me what they're missing. The answer isn't money, computers, or a modern welfare system to make their rich people pay for their poor people. The answer is technology. Man learned to sharpen a pointy stick and spend less time hunting. He learned to plant
Re: My opinion on Ubuntu cancelling Intel 80386/80386-clone processor support
On Thu, 2016-09-08 at 18:10 +0300, Thierry Andriamirado wrote: > > Le 8 septembre 2016 01:35:05 UTC+03:00, John Moser <john.r.moser@gmai > l.com> a écrit : > > > > > > > > > > There are countless very old computers running Ubuntu, in > > > Developing > > > Countries. > > > > > It's not my fault nobody counted. > It's nobody's fault: many of those Ubuntu boxes are used in villages > in the bush, and are not even connected to the Internet. Updated from > time to time via CD-Rom.. > Sorry, my socialization is kind of poor, and I never know what's going to come across. I was implying that the ideal that there are some unknown "Many" and that such things serve some dire purpose is imaginative because there aren't even estimates on program size, much less impact. Essentially, you were begging the question, and I called you on it. So what we have here is an imaginary program with an imaginary impact that is more-likely to exist the closer we get to 0 (that is: it's almost-certain someone in some bush country has 1 or more such machines; it becomes less-certain the larger we scale). Directly, the probability of size can't be known (i.e. estimates are impossible); indirectly, because the probability of size can't be known, there is a larger probability of any such thing being smaller and less-effective --two independent traits stemming from the common cause of not having a well-defined and well-operating program. It would be safe to assume OLPC is much larger in scope of impact because OLPC has a structured program working to maximize effectiveness and distribution, whereas the supposed Ubuntu systems are theoretically out there somewhere for some reason as consequence of some effort by someone. I remain unconvinced of imaginary things--including the imaginary mountain where one might expect to find at least a molehill. When you get a picture of Bigfoot, let me know. That explanation should be crass enough to sink in. > -- > Envoyé de mon téléphone Android avec K-9 Mail. Excusez la brièveté. > -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: My opinion on Ubuntu cancelling Intel 80386/80386-clone processor support
On Wed, 2016-09-07 at 15:54 +0300, Thierry Andriamirado wrote: > > Le 7 septembre 2016 04:58:44 UTC+03:00, John Moser <john.r.moser@gmai > l.com> a écrit : > > > > > > that context are uncommon by nature. That in an of itself seems to > > warrant a project specially dedicated to e-waste reuse programs, > > rather > > than a best-effort and costly nod to the concept of older systems. > There are countless very old computers running Ubuntu, in Developing > Countries. > It's not my fault nobody counted. -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: My opinion on Ubuntu cancelling Intel 80386/80386-clone processor support
On Tue, 2016-09-06 at 21:33 -0400, JMZ wrote: > Hi Ryan, > > When you say "Ubuntu 16.10" I wonder if you mean that you are > running > gnome with the unity shell or just the command line only. Running any > of > the graphical enviroments (save maybe lxde) on a 80586 would be > pretty > exceptional. > > > Pentium 4/4 HT systems (which are still 80586 chipset basically) can > be > got even at community trash dumps. If you're starting a school, > setting > up donated Pentium 4's and old dual-cores with Lubuntu or another > lxde > distro might be your best bet. This is especially true if all > you're > running is Firefox and LibreOffice, or similar. > Is this even worth the resources? There are multiple issues here, most obvious being the distinction between a current-generation operating system (Ubuntu) and a special-purpose software project (to target legacy hardware). Is legacy 32-bit support part of Ubuntu's mission, or are resources best diverted to improving the system for the other 99.99% of use cases? Like it or not, i586 is probably less than one in ten thousand installations. E-waste reuse is itself an economics issue. We like to think we can donate those systems to some poor people somewhere; but that has a huge array of complexities: * Humans have to eat, among other things, and so their labor time is at a premium: you trade the labor time to produce one good for the labor time to produce another, e.g. food, and thus any volunteered time is a real cost paid by the volunteer; * Collecting, sorting, and shipping those things takes human labor; * The logistics takes an immense amount of labor: who gets these computers, what are their requirements, how do we optimize the benefit for their particular poverty case, and so forth; * The targets of e-waste reuse are frequently poor nations with unreliable or expensive access to electricity and even waste disposal E-waste reuse can actually cost as much or more than new production, and has runtime costs because it's less-efficient to use, maintain, and even power. Collecting, inventorying, and preparing e-waste as a refurbished good incurs more labor per unit than rolling new units off an assembly line; the cost advantage depends on if the components cost more than the additional labor. Even then, there's a lot of cost in developing the logistics of using something out-of-date in a modern environment. Even if you can co-opt slave labor into the deal, is supporting this kind of specialized use costly for the Ubuntu maintainers? Just running a build of the OS as 32-bit is inadequate; with the broad range of out-of-date hardware left behind by modern system software, you'd need to respond to ad-hoc support issues with varied hardware configurations breaking because all hardware configurations used in that context are uncommon by nature. That in an of itself seems to warrant a project specially dedicated to e-waste reuse programs, rather than a best-effort and costly nod to the concept of older systems. -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Protobuf 3.0.0 instead of 2.6.1?
Use a Docker container for now. You may need to map /tmp as a volume (to get the X11 socket) if it's an X application. It might be easier to start from a Debian or Alpine container when building the Dockerfile. On Tue, 2016-07-26 at 14:23 -0700, JIA Pei wrote: > > Hi, Canonical developers? > > Recently, I started to play with tensorflow. I prefer run code from > my native computer instead of building an virtual environment. > Therefore, I installed tensorflow from source, and happened to notice > it requires protobuf 3.0.0+ . > > However, Ubuntu comes with protobuf 2.6.1 from the repository by > default, And to thoroughly remove protobuf is headache. > > Actually, I put two questions from Ubuntuforum, please refer to: > https://ubuntuforums.org/showthread.php?t=2331702 > https://ubuntuforums.org/showthread.php?t=2331071 > > > Although now I can build my code based on tensorflow within a virtual > environment. I still prefer building everything WITHOUT a virtualenv > anyway. Can anybody give me a hand please?? > > > Thank you very much... > > > Cheers > > -- > > Pei JIA, Ph.D. > > Email: jp4w...@gmail.com > cell in Canada: +1 778-863-5816 > cell in China: +86 186-8244-3503 > > Welcome to Vision Open > http://www.visionopen.com > -- > Ubuntu-devel-discuss mailing list > Ubuntu-devel-discuss@lists.ubuntu.com > Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/l > istinfo/ubuntu-devel-discuss-- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: The Simple Things in Life
On Tue, 2016-07-19 at 15:01 -0700, Markus Lankeit wrote: > Adding my $0.02... > > If you pick "samba file server" during install, libnss-winbind > libpam-winbind are not installed by default. It took me a long to > time to track down why in 16.04 I can "join" an AD domain just fine, > but domain users get "access denied" to samba file shares. Not sure > the logic behind not installing relevant packages... > To be fair, configuring Samba is non-trivial, and I often think joining a domain as a member rather than a domain controller is some incidental feature that's a prerequisite for being a domain controller. Samba doesn't seem to support being a domain member very well at all, to the point that searching on errors and asking Google how to get a Samba domain member to authenticate to a different domain controller (because you joined on a RWDC network and now need to authenticate against a RODC) brings up documentation on configuring Samba as a domain controller. I configure Samba all the time; I have no idea how it works, and when it breaks I'm lost. To put this into perspective, I know how *everything* works, and when it breaks I can project the entire configuration and behavior and identify something I probably should have seen before--something unfamiliar, which I haven't inspected, but which I was able to assembly by simply throwing the state together in my head and making myself aware that some problem exists somewhere. I have NO IDEA why my Linux servers can authenticate to Active Directory; I just know I did things to PAM and nsswitch.conf and repeatedly ran a dozen forms of net join until, despite consistently throwing errors and failing, the server magically started authenticating. More basically, Samba can be a Samba file server without joining an AD domain. > Also, the whole network device naming scheme is just a fiasco... > Before, I could have a simple template for all my systems... now > every system requires a unique template that takes me to the HW > level to figure out what it might be. And this is supposed to be > more intuitive and/or predictable than "eth0"? > > > > Thx. > > > > -ml > > > > > On 7/19/2016 2:48 PM, John Moser wrote: > > > > > > > > > > On Tue, 2016-07-19 at 14:29 -0700, Jason Benjamin wrote: > > > > > > > > > > > > > I've > > > been irritated by so many obvious shortcomings of Ubuntu this > > > version (16.04). So many of the most obvious fixes are easily > > > attributed to configuration files. I don't know if those who > > > purchase the operating system directly from Canonical versus a > > > download are having to deal with the same problems or are > > > getting a supe> > > rior/better operating system. > > > operating system. > > > Some of my main qualms that I am unable to deal with are the > > > theming. Even using alternative themes most of them won't > > > even look right as supposed. > > > > > > > > > The > > > HIBERNATION itself seems to work fine on other closely related > > > distros (Elementary OS I tested). but Ubuntu has problems > > > with it. AFAIK the GRUB_CMDLINE breaks this if anything, and > > > alternatives such as TuxOnIce don't work either. My guess is > > > that its Plymouth and there doesn't seem to be any clear > > > pointers to a solution. After desktop session saving was > > > deprecated (or removed because of transition from Gnome?), > > > this seems like a serious and necessary *implementation* of > > > desktop application saving. > > > > > > > > > I've > > > seen a lot of these blogs that suggest installing extra > > > programs and such after the installation. Here's mine: > > > > > > > > > > > > > > > > > > > > You just listed a bunch of odd things about hiding the boot > > process. > > > > > > > > > > > > > > I've been repeatedly distressed and confused by this hidden > > boot process. I've sat and waited at blank screens and splashes > > that give no feedback, wondering if the kernel is hanging at > > initializing a driver, trying to find network, or makin
Re: The Simple Things in Life
On Tue, 2016-07-19 at 14:29 -0700, Jason Benjamin wrote: > I've been irritated by so many obvious shortcomings of Ubuntu this > version (16.04). So many of the most obvious fixes are easily > attributed to configuration files. I don't know if those who > purchase the operating system directly from Canonical versus a > download are having to deal with the same problems or are getting a > superior/better operating system. Some of my main qualms that I am > unable to deal with are the theming. Even using alternative themes > most of them won't even look right as supposed. > The HIBERNATION itself seems to work fine on other closely related > distros (Elementary OS I tested). but Ubuntu has problems with it. > AFAIK the GRUB_CMDLINE breaks this if anything, and alternatives > such as TuxOnIce don't work either. My guess is that its Plymouth > and there doesn't seem to be any clear pointers to a solution. After > desktop session saving was deprecated (or removed because of > transition from Gnome?), this seems like a serious and necessary > *implementation* of desktop application saving. > I've seen a lot of these blogs that suggest installing extra programs > and such after the installation. Here's mine: You just listed a bunch of odd things about hiding the boot process. I've been repeatedly distressed and confused by this hidden boot process. I've sat and waited at blank screens and splashes that give no feedback, wondering if the kernel is hanging at initializing a driver, trying to find network, or making decisions about a disk. There is no standard flow which can be disrupted with a new, non-error status message curtly explaining that something is happening and all is well; there is a standard flow in which the machine displays a blank, meaningless state for a fixed amount of time, and deviation in that time by any more than a few tenths of a second gives the immediate, gut-wrenching feeling that the system has hanged during boot and is terminally broken in some mysterious and completely-unknown manner. What Ubuntu needs most is a simple, non-buried toggle option to show the boot process--including displaying the bootloader, displaying the kernel load messages, and listing which services are loading and already-loaded during the graphical boot. Ubuntu's best current feature is the Recovery boot mode, aside from not having a setting to make this the standard boot mode sans the recovery prompt. "Blindside the user with a confusing and meaningless boot process and terror at a slight lag in boot time because the system may be broken" is not a good policy for boot times longer than 1 second. Even Android displays a count of system assemblies AOT cached during boots after update so as to convey to the user that something is indeed happening.-- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Snapcraft, Snappy
On Sun, 2016-07-10 at 17:11 +0200, Ralf Mardorf wrote: > Hi, > > there's an interesting counter-argument against something similar to > snapcraft/snappy. > > https://lists.archlinux.org/pipermail/arch-general/2016-July/041579.h > tml > That's the security team going off into lala land with a bunch of overblown wargarble. Basically, containers completely, 100% perfectly isolate software on the system from other software execution environments. That means the file system, devices, network stacks (tcpdump!), and so forth are all as reachable as if you're on another machine. The Security team points out that a kernel-level exploit will allow you to route around this. They take that observation to mean that containers supply zero security, and that a compromise in a container is a system level compromise. To follow that logic completely: there's no such thing as security anyway, because Linux has to accept a TCP packet into its network stack to even look at it in iptables, thus any network-reachable machine is already compromised. The argument from the security team essentially fails to create risk models and assess probability and severity of the compromises they describe. Instead of recognizing, categorizing, and accounting for those risks, they just run around flailing their arms and scream that the sky is falling into the face of every passer-by to whom they can get close enough. Whoever wrote that message isn't qualified to handle computer security concerns. > I guess snapcraft/snappy and anything similar could be useful, but > indeed, IMO those are good reasons to not become too much used to > this > approach. > > Regards, > Ralf > -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Feature request: module [pam_limits]
On 02/27/2016 04:06 PM, Ralf Mardorf wrote: > # > @foo softnproc 20 > @foo hardnproc 50 > > Every user who is _not_ in the group "foo", simply is _not_ in > this group, it makes completely no sense to introduce a negation of > being in a group, since the negation is already not being member of this > group. The short explanation here is "complexity and design decisions". The naive approach is probably to check for negations first, and skip the line if a user is in a negated group. The application of a rule to all except those in a group is a form of that: negation, all. The bigger question is what purpose does this serve? Limits are not so much a security feature as an administrative resource feature, and they're flaky as hell. They're set by a privileged process (such as login) and inherited by children. That's why MySQL or Apache can start up, set their own ulimit (as root), and then drop privileges and switch to the mysql or www-data user and keep their limits: no interposing process makes any further decisions. The general limit of "don't create 80,000 processes" stops fork bombs; everything else is academic. Even then, it just stops :(){ :|:; } and not a thread-creating perl script. I use limits to keep those little boxes around and make sure my system behaves in cases where it's being erratic. When it's under attack, ulimits don't really offer any considerable protection. They're part of a list of pointless security dogma, like running chmod go= on mount, ping, and other setuid binaries. Everyone wants a checklist so they can claim they've "hardened" their system without actually bothering to identify threats and set up things like network-level firewalling, privilege separation, and the like. It's the same reason people encrypt data in databases with the key stored in the application config file or, as with Miva Merchant, in the "AESKey" column right next to the encrypted credit card numbers: "It's encrypted and encryption is security!" -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Wishes for +Xenial
I"d just like to see Jabref work (for LyX) and MonoDevelop actually able to make an ASP.NET MVC project (install xsp-4, start MonoDevelop, create a C# ASP.NET MVC project, and it fails; any amount of finegeling only brings further failure. Works on Windows; and all the missing components are Apache licensed!). Of course those things are Universe. The latest Docker I'm happy to see coming. Bitcoin is an exercise in bad economics, media fascination, and pyramid schemes, but I get that the base users want it. On 01/25/2016 12:52 PM, Ryein Goddard wrote: > yeah thats true. I'm on 14.04 using wily kernel right now :D > > On 01/25/2016 09:20 AM, Martinx - ジェームズ wrote: >> On 23 January 2016 at 22:56, Martinx - ジェームズ >>wrote: >>> Hey guys, >>> >>> I'm wondering here about what package versions we'll have on Xenial >>> 16.04... >>> >>> So, I'm creating a wish list!:-P >>> >>> Upgrades: >>> >>> - Apt 1.2 >>> - Linux 4.4 (long term) - confirmed >>> - OpenShot 2.0 >>> - Ansible 2.0 >>> - Docker 1.10.X - better integrated with Ubuntu and with rolling >>> upgrades >>> during 16.04 life cycle (like Ubuntu Cloud archive) >>> - QEmu 2.5 - Done - With 3D support (specially for Ubuntu Desktop >>> on KVM)! >>> - Mesa 11.1 - Done >>> - Xen 4.6 - Done! >>> - DPDK 2.2 or 2.3 (new 16.04) with Xen support (for ParaVirt DomUs) - >>> confirmed! >>> - Virt-Manager 1.3 and SPICE support (Python 3 deps already in) >>> - Libvirt 1.2.21 - Done! >>> - Samba 4.3 - Done! >>> - SSSD 1.13 - Done! >>> - Wireshark 2 (QT based, no GTK) >>> - nmap 7 >>> - InfluxDB 0.9.6 (or newer) - Done! >>> - Prometheus Server 0.16 & Node Exporter (0.12) >>> - MariaDB 10.1.10 plus better support for it (move it for Main Repo) >>> - Vagrant 1.8 - Done - But fully integrated with both KVM/Libvirt and >>> VirtualBox >>> - Enlightenment 0.20 & LibEFL 1.16 - >>> https://www.enlightenment.org/download >>> with Wayland enabled ;-) >>> - Terminology 0.9.1 >>> >>> - blivet-gui: http://blog.vojtechtrefny.cz/blivet-gui instead of >>> GParted ? >>> >>> >>> And why not, new packages (specially more Go projects)? Like: >>> >>> - Consul >>> - Alertmanager (Prometheus) >>> - PromDash (Prometheus) >>> - Packer >>> >>> More: >>> >>> - KVM VirtIO Windows Drivers as ISO but, packaged as .deb >>> - Xen GPLPV Windows Drivers as ISO but, packaged as .deb >>> - Better NodeJS Integration and NPM management >>> - More Ruby Gem as Deb packages >>> >>> - Bitcoin/Litecoin Electrum Wallet >>> - Ethereum and IoT Devices? >>> - Bitcoin/Litecoin/Etc integrated with Ubuntu App Store!? >>> >>> * systemd networkd - drop ifupdowd, please. >>> >>> LXD fully supported on OpenStack. >>> >>> ** OpenStack hybrid Compute Node that supports KVM and LXD side-by-side. >>> >>> Perfect IPv6 support! Especially for OpenStack... >>> >>> Dreaming: >>> >>> - All Microsoft Open Source projects, .NET (corefx, corectr, etc), >>> Visual >>> Studio, everything... Kidding... >>> - Apple Swift available >>> >>> >>> Bug fixes for: >>> >>> * Make Linux Kernel more modular (very important and an easy one): >>> https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1475078 >>> >>> >>> * ecryptfs-utils does not work with Ubuntu 14.04.3: >>> https://bugs.launchpad.net/ecryptfs/+bug/1328689 >>> >>> * ubuntu-desktop depends on iBus, which is totally broken: >>> >>> https://bugs.launchpad.net/baltix/+source/unity-control-center/+bug/1365752 >>> >>> >>> * NM disables accept_ra for an IPv6 connection, where it should >>> enable it: >>> https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1455967 >>> >>> * Impossible to disable IPv6 auto, params "accept_ra & autoconf = 0" >>> have no >>> effect on VLAN interfaces: >>> https://bugs.launchpad.net/ubuntu/+source/ifupdown/+bug/1345847 >>> >>> * memcached unable to bind to an ipv6 address: >>> https://code.google.com/p/memcached/issues/detail?id=310 >>> >>> >>> - Samba related bugs: >>> >>> * Samba4 AD DC randomly dies (4.3 might be better, need to put it in >>> prod >>> and see): >>> https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1357471 >>> >>> * Samba4, when with 2003 default level, dies when IPv6 is enabled: >>> https://bugzilla.samba.org/show_bug.cgi?id=10730 >>> >>> * Samba has a wrong "Dual-Stack" implementation (I think) - (I'll >>> help to >>> prepare a reproducible procedure): >>> https://bugzilla.samba.org/show_bug.cgi?id=10729 >>> >>> * Samba4 get stuck after a server reboot, if IPv6 is enabled: >>> https://bugs.launchpad.net/samba/+bug/1339434/ >>> >>> >>> - A elegant solution for this: >>> >>> * Ubuntu does not honor “ignore-hosts” proxy settings for IPv6: >>> https://bugs.launchpad.net/ubuntu/+source/d-conf/+bug/1295003 >>> >>> This problem is interesting, I think that Ubuntu should provide a >>> way to, >>> if the proxy is enabled, do a DNS Look up locally, before querying local >>>
Can we have a sunset filter effect in Unity, KDE, and Compiz
I'd like to see a configuration option to uniformly reduce the blue channel in the desktop during certain hours. It's ugly, but people have had good results on other OSes with fading the screen to red-orange as it nears their bedtime, using applications such as F.lux. This prevents the brain from staying awake and excited, or so goes the hypothesis. Thoughts? -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Window Controls on the Right Side
On 05/18/2015 08:24 PM, Raphael Calvo wrote: As an engineer I can definitelly say that saddens me to see such level of argumentation towards a client/user. As an engineer, I can say you're vulnerable to the engineer's problem of coming up with some complicated way of doing things. Thinking as an engineer focused on maximizing the happiness all possible clients I would invest time to bring customization options that are safe to be tweaked and very accessible instead of deep hidden in the system. ...and this is the other problem: instead of coming up with the worst answer by overcomplication (how do I handle a file being picked up early during upload by a daemon watching a directory? Well we could write a kernel module to hide the file from that daemon), you come up with the answer catering to the engineer audience (How do we design the best plastic wrench? Well, you could sell a plastic epoxy allowing the customer to design their own wrench...). Congratulations, you managed to beat the primary engineer's problem and instead fall to a more common-mode thinking problem. Customization is its own engineering decision; it comes with presets, defaults, and a configuration setting to make new outcomes if the presets are not satisfactory. Before you can provide customization, you must provide *the* definitive default. For this particular subject IMHO there is no correct answer. Then you haven't actually asked a question. The correct place for the close, minimize and maximize controls are where the user wants it to be and not where someone think its best. That's a project management approach: If the customer has asked for the controls to be on the right, then they belong on the right. We're arguing over the engineering approach: where is the optimal place for this crap? IDEA: Could we have a drop down menu accessible by right-clicking on the Close-Minimize-Maximize button where we could choose where in the title bar we would wanted it to be placed? And once this setting is applied it becomes valid for every window already opened and for future windows? This opens a brand new battle about how much is too much. Context-based interfaces are great; but context-based interfaces with hundreds of context options are overwhelming. Now we must ask if this is the highest-priority action for the context, or if we should prune it in favor of other things to put on that context interface. Best Regards Raphael das Neves Calvo -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Window Controls on the Right Side
On 04/29/2015 08:54 PM, John Moser wrote: On 04/29/2015 08:32 PM, Clint Byrum wrote: The entire reason for them being on the left is to make the top-right Actually, no, you know what? I'm going to set decorum aside and pull a Linus here, on everyone involved. Not you, Clynt; *everyone*. First and foremost, the biggest red flag you'll ever find in the UI design sphere is Apple blahblahblah. This statement comes out of people who have no clue what they're talking about, so make an appeal to authority--typically the authority of the least-successful product produced by the least-successful desktop computer OS manufacturer. Folks seem to forget that Apple's OSX is the only broadly-marketed, consumer-targeted alternative to Microsoft Windows, and is completely trounced by them; while also conveniently forgetting that Android devices control *four* *times* the handheld device market of iOS (caveat: that's by browser detection; by sales, people have purchased 7 times as many Android devices as iOS devices, and manufacturers have shipped 8 times as many Android devices as iOS devices). Claiming that Apple does something a certain way should be an argument made *against* doing something--it would still be a bad argument, but it would at least make sense. Apple makes a shitload of money being iTunes, Inc. So let's set aside the pointless Apple fanboy arguments and do some history. Back in 10.04, Ubuntu tried moving the controls to the left. This met with huge resistance, largely in the form of complaining, whining, and people putting the controls back where they belong. Now, I can't recall who said what, but I can at least recall what I said, so we'll go with that. What did I say? Oh yeah. I said most people are right-handed, and that the easiest way to tilt your wrist or move your arm was out and away. The top-right of your screen is the easiest area of the screen to access--go ahead, try it. Those of us with civil rights in Elbonia will find I'm completely correct; lefties will find confusion, followed by the realization that they're using the wrong hand. A year later, in 11.04, Ubuntu released the Global Menu. Three days before 15.04, Ubuntu reversed a decision to disable the Global Menu by default, after preening themselves with talk about the new Locally Integrated Menus--i.e. pre-11.04, non-Apple menus. Again, more bitching. People hated on the Global Menu. A lot. It's sort of a big deal: loads of contention among users, news articles asking if Shuttleworth is insane or just stupid, everything from strategic trepidation to outright hostility. The Ubuntu developers actually had an explanation for this one. They said it puts the menus in a consistent location, so the user won't get lost trying to find File Edit blah blah blah Tools. Translation: Users are retards who have been beaten with Cricket bats until they've sustained sufficient brain damage to soil themselves uncontrollably, so we've put the menus somewhere we can train an Amoeba to find consistently. My take on the situation? Two simple things: First, if the window is maximized, the menu is obviously in the same place on the screen. If not, you have multiple windows, and it takes *two* *mouse* *clicks* to click a menu. With LIMs (you know, *normal* menus), you just click File on the window; with Global Menus, you have to click the window, then go back and click File at the top. These days, even standard Windows 7 is so screwed up that I'm not sure what window I've got selected; right now, on Ubuntu, the only difference between this window and the Thunderbird main window is this window has black title bar text and controls, while every other window on the screen has medium-dark gray text and controls. Back in the day, the title bar would be an entirely different color. You can be pretty sure the user will have to stop and verify he's looking at the right menus before he can click with confidence. Second, people don't work the way Canonical has suggested. A screen is meaningless. Say it with me: The screen is meaningless. People don't know where they are on the screen. They know they're working on a specific window; LIMs are part of that window, and share a consistent spatial relationship with that window. Everything in the window shares a specific spatial relationship with that window--mostly with the top and left of that window. The window may resize or move around, but most things--including the menus and controls--share a specific spatial relationship with the top and left of that window. Putting the menu in the same fixed position in the workspace--the screen--means you're moving it around. You have a component of the window which no longer has a fixed spatial relationship with the window, and must be located when used. The controls in the top-right have the slightest disadvantage of being affected by the width of the window; this is made up for by the fact that the user is typically well
Re: Window Controls on the Right Side
On 04/29/2015 10:38 PM, Marc Deslauriers wrote: On 2015-04-29 10:23 PM, John Moser wrote: I said most people are right-handed, and that the easiest way to tilt your wrist or move your arm was out and away. The top-right of your screen is the easiest area of the screen to access--go ahead, try it. Right, so by that logic the close button should be as far away from that as possible, right? I mean, you definitely wouldn't want to hit it by mistake. :) This comment is competing with my Elbonia comment for most hilarious in this thread, and I think I may be losing. You see my point, of course: reaching up-left is slow and awkward; bicycling 5 miles is faster and less exhausting than walking 2 (it takes the same amount of energy to walk 1 mile as it does to bicycle 7 in the same amount of time). The menus would belong in the top-right if they weren't variable-width and, generally, wide and complex. Marc. -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Window Controls on the Right Side
On 04/29/2015 08:32 PM, Clint Byrum wrote: The entire reason for them being on the left is to make the top-right of the screen consequence free for a single click. This is to encourage the user to dig into the indicators and to help developers inform users easily in a uniform way. You encourage people to the indicators by highlighting them some way, not moving something they're actually looking for away from them. You're not going to draw attention to something by moving things actually relevant to the user away from it. Hate on it all you want, this is safer for new users, and it's almost a perfect copy of one of the things that is actually good about OS X. Doesn't seem safer. If you're talking about being able to click up at the indicators without accidentally hitting the close button... the top row of pixels is active for the indicators; you're just bluntly slamming the mouse into the top of the screen to use indicators, not precision-noodling around a bunch of small controls trying to poke things. You know. |Activities ||[X][_][0] ||File Edit Blah Blah Blah Tools || The treacherous Close/File area. I've grown accustomed now, and I prefer it this way. :) Well yeah, you've been trained now, and have those reflexes, and would then have to untrain it now. -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Window Controls on the Right Side
On 04/29/2015 10:36 PM, Marc Deslauriers wrote: On 2015-04-29 12:42 AM, John Moser wrote: On 04/29/2015 12:40 AM, Martinx - ジェームズ wrote: I am very happy with window controls on the correct (left) side. :-P It is close to the App's Menus which is why the window closes 40% of the time I try to hit File Seriously? On my 13 screen, File is about an inch away from the close button. Close button was directly at the top-left here when i upgraded to 15.04. On my 39 inch monitor, I don't believe the entire title bar is an inch high. :p I think you need a better mouse. Marc. -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Window Controls on the Right Side
On 04/29/2015 12:40 AM, Martinx - ジェームズ wrote: I am very happy with window controls on the correct (left) side. :-P It is close to the App's Menus which is why the window closes 40% of the time I try to hit File (I don't need to travel the entire screen to hit those buttons) and Unity left panel. If I'm not wrong, with Ubuntu Teak Tools, you can do that, with Ubuntu Gnome, you can do that, for sure. requires dconf-editor now Best! -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: irqbalance superfluous
IRQbalance keeps all of the IRQ requests from backing up on a single CPU. It tries to balance this out in an intelligent way accross all the CPUs and, when possible, puts the IRQ processing as close to the process as possible. On NUMA systems, you may want numad. I believe irqbalance exits if it detects NUMA. On 04/09/2015 08:14 AM, Istimsak Abdulbasir wrote: What is the irqbalance and what was the reason for using it? On Apr 9, 2015 8:09 AM, Daniel J Blueman dan...@quora.org mailto:dan...@quora.org wrote: Checked with Vivid beta on Intel i5 hardware, and it seems interrupt distribution doesn't change when I boot with irqbalance running [1], or after purging it and rebooting [2]. Finally, it can't second guess MSI interrupt setup better than the APIC driver and adds a unnecessary layer of 'intelligence'. I don't see any case common enough to warrant deploying it by default. Anyone against removing it? Dan -- [1] root@nuc:~# cat /proc/interrupts CPU0 CPU1 CPU2 CPU3 0: 18 0 0 0 IR-IO-APIC-edge timer 1: 1 1 0 1 IR-IO-APIC-edge i8042 7: 9 0 0 0 IR-IO-APIC-edge 8: 0 0 0 1 IR-IO-APIC-edge rtc0 9: 3 0 0 0 IR-IO-APIC-fasteoi acpi 12: 1 2 1 0 IR-IO-APIC-edge i8042 23: 11 1 15 6 IR-IO-APIC 23-fasteoi ehci_hcd:usb3 40: 0 0 0 0 DMAR_MSI-edge dmar0 41: 0 0 0 0 DMAR_MSI-edge dmar1 42: 0 0 0 0 IR-PCI-MSI-edge PCIe PME 43: 0 0 0 0 IR-PCI-MSI-edge PCIe PME 44: 87 25 95 23 IR-PCI-MSI-edge xhci_hcd 45: 2740 4911 4405 14870 IR-PCI-MSI-edge :00:1f.2 46: 10 10 2504 3 IR-PCI-MSI-edge eth0 47: 12 1 1 0 IR-PCI-MSI-edge mei_me 48: 8 14 3 1 IR-PCI-MSI-edge iwlwifi 49:496594290331 IR-PCI-MSI-edge i915 50:197 80 4 39 IR-PCI-MSI-edge snd_hda_intel 51:721 0 0 28 IR-PCI-MSI-edge snd_hda_intel NMI: 1 1 0 1 Non-maskable interrupts LOC: 30046 19983 13391 18318 Local timer interrupts SPU: 0 0 0 0 Spurious interrupts PMI: 1 1 0 1 Performance monitoring interrupts IWI: 0 0 0 0 IRQ work interrupts RTR: 2 0 0 0 APIC ICR read retries RES:943 1130618693 Rescheduling interrupts CAL:840699674747 Function call interrupts TLB:198205286 1241 TLB shootdowns TRM: 0 0 0 0 Thermal event interrupts THR: 0 0 0 0 Threshold APIC interrupts MCE: 0 0 0 0 Machine check exceptions MCP: 4 4 4 4 Machine check polls HYP: 0 0 0 0 Hypervisor callback interrupts ERR: 9 MIS: 0 -- [2] root@nuc:~# cat /proc/interrupts CPU0 CPU1 CPU2 CPU3 0: 20 0 0 0 IR-IO-APIC-edge timer 1: 1 0 1 1 IR-IO-APIC-edge i8042 7: 11 0 0 0 IR-IO-APIC-edge 8: 0 0 0 1 IR-IO-APIC-edge rtc0 9: 3 0 0 0 IR-IO-APIC-fasteoi acpi 12: 3 0 1 0 IR-IO-APIC-edge i8042 23: 15 10 10 0 IR-IO-APIC 23-fasteoi ehci_hcd:usb3 40: 0 0 0 0 DMAR_MSI-edge dmar0 41: 0 0 0 0 DMAR_MSI-edge dmar1 42: 0 0 0 0 IR-PCI-MSI-edge PCIe PME 43: 0 0 0 0 IR-PCI-MSI-edge
Re: Change what is considered by apt-get as major amount of disk space
Why? On multiple CentOS systems installed from the same CD using the same parameters, yum will either list updates and ask Y/n or just update/install stuff without confirmation; this irritates me, because sometimes I see updates I want to run in a separate batch for risk management, or I see that a kernel update is going to add 15MB to /boot which has 9MB free and I need to uninstall old kernels. apt is going to ask me whether to continue or not anyway; if I don't want to be asked, I'll use apt-get -y. It may as well be informative about it, listing all packages to be installed, removed, and updated, as well as the disk space impact. What do you want apt to say instead? After this operation, some voodoo will happen that you don't need to worry about! Continue? [Y/n] On 03/25/2015 08:42 AM, Mateusz Konieczny wrote: apt-get will ask user about using significant amounts of disk space but it seems that what is considered as significant needs adjustment, for me major amount of disk space is about 200MB but apt-get will ask questions like After this operation, 9805 kB of additional disk space will be used. Do you want to continue? [Y/n]. I propose increasing this threshold to 50MB. I know that I can use parameters (with aliases or apt.conf I can even make it permanent) to completely skip this check. I am not aware about any way that allows user to configure this threshold (see http://askubuntu.com/questions/596691/how-can-i-stop-apt-get-from-asking-about-using-minor-amounts-of-additional-disk ). Note: i was directed to this mailing list by https://help.ubuntu.com/community/ReportingBugs (Discussing features and existing policy) linked from https://bugs.launchpad.net/ubuntu/ -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Change what is considered by apt-get as major amount of disk space
You want apt-get to go from This will take 9,205kB disk space. Continue? [Y/n] to Continue? [Y/n] ?? That's pointless. That would create multiple layouts, requiring me to assess what the output format is before reading the information from it. It would slow down my assessment of what Apt is telling me, because the information would be in a different format. You may as well randomly scramble the menu order on Firefox while you're at it. On 03/25/2015 09:06 AM, Mateusz Konieczny wrote: No, I want to stop apt-get from asking dumb questions. Asking whatever it is OK to use 1/25000 of disk is a dumb question that should not be asked. At the same time it makes sense to ask for confirmation about installing 2GB of new programs, so -y is not a proper solution in that case (also, I mentioned I know that I can use parameters (with aliases or apt.conf I can even make it permanent) to completely skip this check.). 2015-03-25 13:47 GMT+01:00 John Moser john.r.mo...@gmail.com mailto:john.r.mo...@gmail.com: Why? On multiple CentOS systems installed from the same CD using the same parameters, yum will either list updates and ask Y/n or just update/install stuff without confirmation; this irritates me, because sometimes I see updates I want to run in a separate batch for risk management, or I see that a kernel update is going to add 15MB to /boot which has 9MB free and I need to uninstall old kernels. apt is going to ask me whether to continue or not anyway; if I don't want to be asked, I'll use apt-get -y. It may as well be informative about it, listing all packages to be installed, removed, and updated, as well as the disk space impact. What do you want apt to say instead? After this operation, some voodoo will happen that you don't need to worry about! Continue? [Y/n] On 03/25/2015 08:42 AM, Mateusz Konieczny wrote: apt-get will ask user about using significant amounts of disk space but it seems that what is considered as significant needs adjustment, for me major amount of disk space is about 200MB but apt-get will ask questions like After this operation, 9805 kB of additional disk space will be used. Do you want to continue? [Y/n]. I propose increasing this threshold to 50MB. I know that I can use parameters (with aliases or apt.conf I can even make it permanent) to completely skip this check. I am not aware about any way that allows user to configure this threshold (see http://askubuntu.com/questions/596691/how-can-i-stop-apt-get-from-asking-about-using-minor-amounts-of-additional-disk ). Note: i was directed to this mailing list by https://help.ubuntu.com/community/ReportingBugs (Discussing features and existing policy) linked from https://bugs.launchpad.net/ubuntu/ -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com mailto:Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: A Jumble of Lines - Because that's what systemD is.
On 11/05/2014 12:27 PM, Chateau DuBlanc wrote: A Jumble of Lines - Because that's what systemD is. More code .: better youtu.be/ACDi1YOcupk SystemD introduces (further) systemic vulnerabilities into Gnu/Linux. Here is a song feeling that situation out. Take this immaturity elsewhere. I thought I was being spammed by YouTube again. (C) Gnu GPL v2 GPL is not an appropriate media license; it is a license for source code. This usage shows you like to make statements about things you don't understand; thus your assessments of systemd are immediately suspect, and readily assumed misguided. In other words: you obviously don't know what you're talking about, and your input on any matter is valueless. -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: A Jumble of Lines - Because that's what systemD is.
On 11/05/2014 01:01 PM, Castle OfWhite wrote: It's licensed elsewhere under CC-BY-SA aswell, just for such an occasion. The GPL is a fine media license when said media is a part of a program (game etc). In such cases Judges usually see the entire thing as a whole rather than a collection of parts. That's a weak argument. It's an appeal to authority and to tradition. The GPL directly describes considerations for linking and source code, as well as program executable modules. While it makes some sense to include resources in the definition of the program in general, extracting the media from the program immediately creates confusion about what exactly was violated; the only proper interpretation is that distributing the media with the program is allowed, while the media without being part of the program is not under any permissive license and, thus, distributing it is a copyright violation. I do know what I'm doing, and You show your ignorance :). I've been writing programs and making free/opensource media from before the CC license were created. Back then we just licensed our stuff under the GPL, the BSD license, or the gnu FDL. (or all of them) Worked fine. People understood. SO FUCK YOU! Go fuck yourself you pro-feminist pro-systemd piece of shit. (I remeber when there weren't feminists in free/opensource too) (nor better-than-thou systemd loving assholes) I hope Mr Cook is edged out because he supports your beliefs (and that is leading to a ban in russia of apple products) You people need to be fought back against. You've ruined the world for regular men. Okay, civilized conversation has broken down. On 11/05/2014 12:27 PM, Chateau DuBlanc wrote: A Jumble of Lines - Because that's what systemD is. More code .: better youtu.be/ACDi1YOcupk SystemD introduces (further) systemic vulnerabilities into Gnu/Linux. Here is a song feeling that situation out. Take this immaturity elsewhere. I thought I was being spammed by YouTube again. (C) Gnu GPL v2 GPL is not an appropriate media license; it is a license for source code. This usage shows you like to make statements about things you don't understand; thus your assessments of systemd are immediately suspect, and readily assumed misguided. In other words: you obviously don't know what you're talking about, and your input on any matter is valueless. -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
NFS and fscache always crashes
Has anyone ever got cachefilesd and fsc to actually work? On any combination of servers (glusterfs, CentOS 6, Ubuntu 14.04) and clients (CentOS 6, Ubuntu 14.04), an NFS mount as simple as nfs4 with option 'fsc' always locks up the system. You can do a few things; but as soon as you get to any level of activity (try running an rsync against it, or using it for /home and logging in/running Chromium/etc.), the client locks up hard without even throwing a panic. I'm using 64-bit Ubuntu 14.04 client, running inside VMware ESXi 5.5 here. -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Increase default nofile ulimit
On 06/09/2014 07:10 AM, Robie Basak wrote: AIUI, there are security implications for raising this limit system-wide by default, since applications that use select() are often broken and will become vulnerable with a higher limit. See https://lists.ubuntu.com/archives/ubuntu-devel/2010-September/031446.html for the previous discussion. That looks like a glibc bug from 2010. Is that still relevant? If so, why has this not been fixed? The simple fix is to replace the 1024 spec with the result of getrlimit() for the hard limit; however, Linux supplies a non-POSIX function to raise the hard limit of an arbitrary process. Likewise, the limit may be excessively large, thus wasteful of memory. I am certain the glibc developers are competent to dynamically grow the buffer when full, and could write such code within a four year time span. Whether they have or not is a different matter, but ... that's the question. Have they? -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Increase default nofile ulimit
The default nofile ulimit is 1024 soft, 4096 hard. As you know, the soft limit is *the* limit. A hard limit specifies how high a process may increase the ulimit; many processes don't attempt this. Apache on CentOS 6, for example, will easily run over the 1024 soft limit after just 55 server side includes (not attempted on Ubuntu), and does not attempt to raise the ulimit to the 4096 maximum. I have had some issues with Web browsers running out of open files because of sites with keepalive sockets (websockets), cache, plug-ins using local storage in crazy ways, and so on. Perhaps it is prudent to set limits in /etc/security/limits.conf by default to a higher value, such as 32767 soft and 65535 hard for open files. The original limits came about on 32-bit systems with less than 16GB of RAM and 4TB of hard drive space. -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: core unix command broken in latest updates
On 05/13/2014 01:04 PM, Dale Amon wrote: It just seems strange that something like this could slip past in a set of updates to a package... but the dh command is not working after the last security update I did via dselect. dh is not a core Unix command. Strongly suggested reading: http://www.catb.org/esr/faqs/smart-questions.html -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Those extra packages on the live CD
On 02/17/2014 04:26 PM, Tong Sun wrote: Hi, I have never taken a closer look at what's inside the Lubuntu CD, until now when I discovered that there is bunch of packages on the CD that is not packed in the filesystem.squashfs file. There are *quite* a few of them (ref 1). What's the purpose of having those packages loose on the disk instead of installing them and have them in compressed squashfs file? deb files are compressed, now with LZMA2 (xz) instead of old gzip. There is no imperative to install packages to a live system; it just saves time, since you can copy the base image directly to disk. Naturally, packages which may not be needed but would be needed in common configurations are included. What bugs me more is the uninstallation of live system packages after install. The squashfs is a liveCD installation, and it's unpacked to disk and then fixed up into a fixed installation. I've never understood why it's not a base squashfs, union mount on top a squashfs made from a union mount on that which has been modified into a LiveCD, then union mount tmpfs on top of that. Shaves 5 minutes off installation--which takes 15 minutes anyway. Thanks Tong ref 1: package list: ./pool ./pool/main ./pool/main/b ./pool/main/b/build-essential ./pool/main/b/build-essential/build-essential_11.6ubuntu5_amd64.deb ./pool/main/d ./pool/main/d/dpkg ./pool/main/d/dpkg/dpkg-dev_1.16.12ubuntu1_all.deb ./pool/main/e ./pool/main/e/eglibc ./pool/main/e/eglibc/libc-dev-bin_2.17-93ubuntu4_amd64.deb ./pool/main/e/eglibc/libc6-dev_2.17-93ubuntu4_amd64.deb ./pool/main/f ./pool/main/f/fakeroot ./pool/main/f/fakeroot/fakeroot_1.20-1_amd64.deb ./pool/main/g ./pool/main/g/gcc-4.8 ./pool/main/g/gcc-4.8/g++-4.8_4.8.1-10ubuntu8_amd64.deb ./pool/main/g/gcc-4.8/gcc-4.8_4.8.1-10ubuntu8_amd64.deb ./pool/main/g/gcc-4.8/libasan0_4.8.1-10ubuntu8_amd64.deb ./pool/main/g/gcc-4.8/libatomic1_4.8.1-10ubuntu8_amd64.deb ./pool/main/g/gcc-4.8/libgcc-4.8-dev_4.8.1-10ubuntu8_amd64.deb ./pool/main/g/gcc-4.8/libitm1_4.8.1-10ubuntu8_amd64.deb ./pool/main/g/gcc-4.8/libstdc++-4.8-dev_4.8.1-10ubuntu8_amd64.deb ./pool/main/g/gcc-4.8/libtsan0_4.8.1-10ubuntu8_amd64.deb ./pool/main/g/gcc-defaults ./pool/main/g/gcc-defaults/g++_4.8.1-2ubuntu3_amd64.deb ./pool/main/g/gcc-defaults/gcc_4.8.1-2ubuntu3_amd64.deb ./pool/main/l ./pool/main/l/linux ./pool/main/l/linux/linux-libc-dev_3.11.0-12.19_amd64.deb ./pool/main/l/lupin ./pool/main/l/lupin/lupin-support_0.54_amd64.deb ./pool/main/liba ./pool/main/liba/libalgorithm-diff-perl ./pool/main/liba/libalgorithm-diff-perl/libalgorithm-diff-perl_1.19.02-3_all.deb ./pool/main/liba/libalgorithm-diff-xs-perl ./pool/main/liba/libalgorithm-diff-xs-perl/libalgorithm-diff-xs-perl_0.04-2build3_amd64.deb ./pool/main/liba/libalgorithm-merge-perl ./pool/main/liba/libalgorithm-merge-perl/libalgorithm-merge-perl_0.08-2_all.deb ./pool/main/m ./pool/main/m/manpages ./pool/main/m/manpages/manpages-dev_3.54-1ubuntu1_all.deb ./pool/main/m/mouseemu ./pool/main/m/mouseemu/mouseemu_0.16-0ubuntu9_amd64.deb ./pool/main/u ./pool/main/u/ubiquity ./pool/main/u/ubiquity/oem-config-gtk_2.15.26_all.deb ./pool/main/u/ubiquity/oem-config_2.15.26_all.deb ./pool/main/u/user-setup ./pool/main/u/user-setup/user-setup_1.48ubuntu1_all.deb ./pool/multiverse ./pool/multiverse/d ./pool/multiverse/d/drdsl ./pool/multiverse/d/drdsl/drdsl_1.2.0-1build1_amd64.deb ./pool/universe ./pool/universe/c ./pool/universe/c/caspar ./pool/universe/c/caspar/caspar_20120530-1_all.deb ./pool/universe/i ./pool/universe/i/isdnutils ./pool/universe/i/isdnutils/capiutils_3.12.20071127-0ubuntu11_amd64.deb ./pool/universe/i/isdnutils/isdnutils-base_3.12.20071127-0ubuntu11_amd64.deb ./pool/universe/i/isdnutils/isdnutils-xtools_3.12.20071127-0ubuntu11_amd64.deb ./pool/universe/i/isdnutils/libcapi20-3_3.12.20071127-0ubuntu11_amd64.deb ./pool/universe/i/isdnutils/libcapi20-dev_3.12.20071127-0ubuntu11_amd64.deb ./pool/universe/i/isdnutils/pppdcapiplugin_3.12.20071127-0ubuntu11_amd64.deb -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
DT_RUNPATH settings for all libraries
Can we move to a DT_RUNPATH scheme for all libraries as below? COMPATIBILITY This change alone does almost nothing: with the system files arranged as they are now, there is no change in how linking works. ADVANTAGE This change allows us to switch around libraries and to use different versions of the same library. This allows for increased compatibility. For example: every version of libfoo.so.2 should be compatible--libfoo.so.2.15 should link properly with a program compiled for libfoo.so.2.0. On occasion and for various reasons, this sometimes doesn't happen; it become useful to have different versions of the same library installed, yet they conflict. We have conflicting lib* packages. DESCRIPTION On load, ld.so links dynamic libraries in the following order: 1. DT_RPATH if DT_RUNPATH does not exist 2. LD_LIBRARY_PATH environment if not SUID/SGID 3. DT_RUNPATH 4. ld.so.cache file from ldconfig 5. /lib and then /usr/lib This means that a binary (a main executable file, including a shared object that may execute as a main executable file) specifying dynamic linking to libfoo.so.2 will currently link against the first one of the below: 1. $LD_LIBRARY_PATH/libfoo.so.2 2. The library specified in ld.so.cache 3. /lib/libfoo.so.2 4. /usr/lib/libfoo.so.2 A binary with DT_RPATH set will pre-empt $LD_LIBRARY_PATH, which breaks that entire functionality. We don't want that. A binary with DT_RUNPATH set will insert a new step. If DT_RUNPATH contains /var/lib/cat1:/var/lib/cat2 then the above checks the following instead: 1. $LD_LIBRARY_PATH/libfoo.so.2 2. /var/lib/cat1/libfoo.so.2 3. /var/lib/cat2/libfoo.so.2 4. The library specified in ld.so.cache 5. /lib/libfoo.so.2 6. /usr/lib/libfoo.so.2 In this way, placing a different library at (2) or (3), or a symlink to such, will cause that library to load instead. PROPOSAL Section 5.1 of the Filesystem Hierarchy Standard v2.2 ends in the following stipulation: Applications must generally not add directories to the top level of /var. Such directories should only be added if they have some system-wide implication, and in consultation with the FHS mailing list. I have investigated /var/lib, /var/cache, and /var/run and determined that none of these is particularly suitable for this proposal. /var/lib looks close; however, the system is managing these contents without concern for what the application expects to see there. /var/run is for the system state since boot, not persistent. /var/cache is just the wrong application. Leveraging the above, I propose that the DT_RUNPATH of each application be set as follows: /var/sys/$PACKAGE/lib:/var/sys/current-system/lib For x86_64: /var/sys/$PACKAGE/lib64:/var/sys/current-system/lib64 In the future, it may become possible to install conflicting libraries to support binaries mutually non-conflicting save for dependencies on conflicting libraries. To do so, a symlink to the conflicting library wold be installed in the proper /var/sys/$PACKAGE/lib[64] directory. The ability to do this depends on this proposal. It also depends on rewiring dpkg and apt to recognize and manage conflicts as alternatives, or to package conflicting libraries as alternatives and improve the dpkg-alternatives system to recognize when the majority of installed packages in a system rely on package X and a minority rely on package Y. After all, somehow you need to decide which is the main package and which is installed for compatibility, and for what, and how to handle that. The change proposed is harmless, non-standards-breaking, and compatible with Debian, Ubuntu, Mint, and ELF-based distributions in general. It is heavily influenced by NixOS, although the particular mechanism comes from a side project I never got started much (I don't like how NixOS does it). It is expandable to achieve similar goals to NixOS by setting DT_RUNPATH to: /var/sys/$PACKAGE/$VERSION/lib:/var/sys/$PACKAGE/default/lib:/var/sys/current-system/lib ('default' is of course a misnomer; it's not straight 'lib' because you may also mess with $PATH and put a bin and sbin in there, but that's a big stretch) Other ways to achieve the main goals of NixOS--running i.e. postgresql 7 8 9 and 10 at the same time--would be to use lxc, which is probably the right way to do that. Between that and other factors, I haven't proposed that. Thoughts? -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Qubes-OS
http://qubes-os.org/trac/wiki/QubesArchitecture This looks interesting. Can we learn anything from this? -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Qubes-OS
On 01/08/2014 11:08 AM, Anca Emanuel wrote: No, until you demo something useful. Well, they have a large amount of stuff showing how they've demonstrated VM isolation under a paravirtualizing hypervisor to separate out security zones on a single system. X11 is in one VM, some user applications are in another VM, other user applications have their own VM... That's not entirely useful unless: 1) the VMs are substantially isolated--having (write) access to network, disk, and files is basically un-isolated; and 2) You can't accomplish the same at the kernel level. If it were i.e. Minix, I'd say that a microkernel can easily apply its own security policies--essentially that's what Xen is, with full operating systems running as OS services; a uK would accomplish the same by having separate disk/FS/network services for different security domains. But we're not moving to Minix and we're not rewriting Linux as a microkernel; thus the concern of what if you hacked the kernel? is real. The other concern is just how isolated are multi-VMs? The only real advantage is a kernel exploit doesn't show you the full memory space of the operating system. I guess that means your browser that's doing banking has memory mapped to domBankStuff that's not accessible by the kernel in domUntrustedBrowsing at all. But as far as system compromise goes, what kind of write access do you have? Can you write files to /home, shared across domains? Or what? Do you have different /home directories? It's an interesting concept. The question, Can we learn anything from this? addresses the many questions starting with Does this do anything useful? and How useful is that? and then moving on to Can we incorporate this and leverage it to any benefit? There's a reason why I don't just show up drooling over the isolation and security that virtualization provides: it sure does provide that when running 4 different server OSes on one host, but you start reducing the benefits when you break down the isolation. Peoples' holy grail ideal of we'll run a browser in this VM, and it can save files to your main home directory is really pointless: if it can do that, why not just run it with all the other stuff? It obviously has compromising access to your stuff. So the question comes up: can we learn anything from this? Even if we inspect it and come out with just the realization that all the Security provided in this model is illusionary, that's something. I mean hell, even Microsoft created a bunch of chatter talking about how Vista was going to let you use Hyper-V to run some software in a secure VM instead of directly, on the same model. Sobering up to the realization that it's either A) a good idea or B) completely stupid and pointless would be enlightening. On Wed, Jan 8, 2014 at 6:02 PM, John Moser john.r.mo...@gmail.com wrote: http://qubes-os.org/trac/wiki/QubesArchitecture This looks interesting. Can we learn anything from this? -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
ffmpeg vs libav: Please clarify the situation
I've stumbled across this: http://blog.pkh.me/p/13-the-ffmpeg-libav-situation.html I did some more digging and got the same from the other side. The short version is they all hate each other and they each claim that they're merging perfect, well-reviewed, properly-designed code and the other side is merging piles of crap and refusing to play nice. Okay so: - libav is garbage, full of hacks, loaded with massive security concerns, breaks things for existing users, and is only used by Ubuntu because it's in Debian and/or because some key Ubuntu/Debian developers are also libav developers. - ffmpeg is old garbage, run by idiots, filled with useless crap to make it look good, and loaded with garbage code that undergoes no review. Plus they steal from libav without attribution. - libav gets a lot more developer attention, reviews everything, and merges everything that goes into ffmpeg. They're careful to fix anything broken and ugly. - ffmpeg has grown much faster than libav, has better code review, and carries a lot more features without breaking things. This can't all parse at once. Something is wrong here. Will somebody please explain what's going on? -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: PIE on 64bit
On 04/19/2013 08:25 AM, Matthias Klose wrote: Am 18.04.2013 20:25, schrieb John Moser: Meant to go to list On Apr 18, 2013 2:15 PM, John Moser john.r.mo...@gmail.com wrote: On Apr 18, 2013 2:07 PM, Insanity Bit colintre...@gmail.com wrote: On 64bit multiple services (pulseaudio, rsyslogd, many others) are shipping without Position Independent Code. On 32bit there is a potential performance hit for startup time... but there shouldn't be any performance hit (or negligible) on 64bit. There is a continuous performance hit of under 1% without -fomit-frame-pointer and under 6% with -fomit-frame-pointer on IA-32. The impact is statistically insignificant (i got 0.002% +/- 0.5%) on x86-64. The performance hit on IA-32 only applies to main executable code because library code is PIC already. This accounts for under 2% runtime, except in X where it used to be 5%. That makes the overall impact 2% of 6% or 0.12%--which is non-existent if your CPU is ever at less than 99.88% load because you would swiftly catch up. In other words: there is NO PERFORMANCE HIT for PIE in any non-laboratory, non-theoretical situation. (Theo de Raadt argued this with me once, using the term very expensive a lot. I built two identical Gentoo boxes and profiled them both extensively with oprofile. It is exactly a theoretical cost, and the performance concerns come from people who have no clue what the execution flow of modern software looks like) I'm tired to repeat that there *is* a performance penalty. Building the python interpreters with -fPIE results in about 15% slower benchmarks. Building GCC with -fPIE slows down the build times by 10-20%. So maybe you want to have a python interpreter with -fPIE, accepting this performance penalty, and gaining some security? But what else do you gain by building GCC with -fPIE besides forcing longer build times on developers? On x86-64 PIC is handled fast natively with additional registers, and non-PIC has a higher penalty to load and execute (because of more RAM usage and so occasional page faults to read from swap, since the main executable .text is not shared). What are your Python benchmarks? Loading/unloading a program? Most of Python's modules are *in* Python. Do you mean to indicate that building gcc with a gcc built with -fPIE is slower, or that building gcc with -fPIE is slower? The first is an actual legitimate test; the second is making gcc itself do more work during build. Who ran these benchmarks? What do they actually measure? I don't think that -fPIE is ready to be enabled by default, but maybe we need to think about a better or easier way to enable it. However the current method using the hardening-wrapper seems to work fine. Matthias -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: PIE on 64bit
Meant to go to list On Apr 18, 2013 2:15 PM, John Moser john.r.mo...@gmail.com wrote: On Apr 18, 2013 2:07 PM, Insanity Bit colintre...@gmail.com wrote: On 64bit multiple services (pulseaudio, rsyslogd, many others) are shipping without Position Independent Code. On 32bit there is a potential performance hit for startup time... but there shouldn't be any performance hit (or negligible) on 64bit. There is a continuous performance hit of under 1% without -fomit-frame-pointer and under 6% with -fomit-frame-pointer on IA-32. The impact is statistically insignificant (i got 0.002% +/- 0.5%) on x86-64. The performance hit on IA-32 only applies to main executable code because library code is PIC already. This accounts for under 2% runtime, except in X where it used to be 5%. That makes the overall impact 2% of 6% or 0.12%--which is non-existent if your CPU is ever at less than 99.88% load because you would swiftly catch up. In other words: there is NO PERFORMANCE HIT for PIE in any non-laboratory, non-theoretical situation. (Theo de Raadt argued this with me once, using the term very expensive a lot. I built two identical Gentoo boxes and profiled them both extensively with oprofile. It is exactly a theoretical cost, and the performance concerns come from people who have no clue what the execution flow of modern software looks like) PIE on x86_64 does not have the same penalties, and will eventually be made the default, but more testing is required. - https://wiki.ubuntu.com/Security/Features#pie Is there an open bug for testing? A way for users to test and give feedback without recompiling massive projects like pulseaudio? 13.04 still doesn't ship PIE. I would expect this would be something you'd want to put in *before* an LTS release? -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Extra Pane in Nautilus
Will all of you stop top-posting? This isn't a business exchange server, we're not stuck in the stone-age of suits who haven't learned to effectively communicate and think doing things right isn't professional. /slightly frustrated //back to Fark with me On 07/04/13 17:08, Thomas Novin wrote: Thanks for the tip. Updated to Raring today and wow, how is it possible to make something suck that bad (nautilus 3.6.3). nemo on the other hand was great. Delete to go one step up in the filesystem has been removed. No option to enable it, not even via gsettings (AFAIK).. I mean.. why? Rgds//Thomas On Fri, Mar 29, 2013 at 11:46 PM, Frank Cheung fcuk...@gmail.com wrote: Nemo (Nautilus fork by Linux Mint team) looks like a potential (interim) solution... More info here: http://www.webupd8.org/2012/12/how-to-install-nemo-file-manager-in.html Cheers, Frank. On 29/03/13 22:35, Greg Williams wrote: man that's disappointing. We so need a new File Manager. Nautilus is rapidly going down hill. I wish it could get forked to a version that keeps all the good stuff like Extra Pane From: clan...@googlemail.com Date: Fri, 29 Mar 2013 22:22:06 + Subject: Re: Extra Pane in Nautilus To: mttbrns...@outlook.com CC: ubuntu-devel-discuss@lists.ubuntu.com On 29 March 2013 22:12, Greg Williams mttbrns...@outlook.com wrote: Why won't the Ubuntu-Developers switch to the Marlin File-Browser? Why are they continuing to use Nautilus with such a weakening feature base? I understand that the problem is that Nautilus also handles the desktop and other stuff. It is not just the file manager. There is nothing to stop you installing Marlin of course. When I tried it, however, it seemed rather deficient in some areas. I submitted some bugs but there has been little response. There does not seem to be a lot of activity on the source. Colin -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Puppet version bump
On Mon, Feb 11, 2013 at 1:11 PM, Stig Sandbeck Mathisen s...@debian.org wrote: John Moser john.r.mo...@gmail.com writes: While we're at it, why is etckeeper stuff in the package? The Puppetlabs guys said because it's in Debian's package and Debian packagers are fruitbats, so they're imitating for compatibility. The etckeeper integration is a contribution from the Ubuntu packaging. See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=571127 If etckeeper is not installed, the hooks in the default configuration do nothing. Interesting. That's a more in-depth (but less amusing) explanation than the one I received previously. -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: kexec and Grub
On 02/10/2013 06:22 PM, Dmitrijs Ledkovs wrote: Yes, it might be mine or someone else's. There's an ANCIENT spec for RapidReboot Nah, I was thinking about more recent stuff which is exactly what's proposed in the quickly reboot. https://wiki.ubuntu.com/SessionHandling#Restart https://wiki.ubuntu.com/StartupSettings I wish I could un-see that second one. I'm completely baffled as to what startup software is (I'd imagine that would be the bootloader, kernel, systemd, all systemd/init scripts, and in Ubuntu's case X11 as well, along with everything in /bin and /sbin and /lib according to how Unix systems are lain out--everything required for system start-up belongs there, while everything not required for system start-up goes into /usr/) tbh repair systems are a good idea, but they belong in their own place. Don't care for Here is a dialog to configure X system aspect. Also if your system is broken you can fix this part from here. Where is the Troubleshoot my system dialog? Anyway, off-topic. Although later deals with grub customisation bugs as well. Regards, Dmitrijs. -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: kexec and Grub
Ah this is finally becoming a thing then :) I am glad to see progress after a decade of having a tool written just for this On 02/08/2013 05:04 AM, Sergey Shnatsel Davidoff wrote: Nice... Now can you tell grub to boot entry 1, 3, 7, etc? Read an alternate grub.conf? Rapid reboot :) Yes, you can, with grub-reboot command. You should probably team up with the script kitties behind Unity Reboot (http://www.webupd8.org/2013/01/unity-reboot-launcher-to-quickly-reboot.html) and implement a faster reboot sequence. I believe it would be beneficial for both parties. -- Sergey Shnatsel Davidoff -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: kexec and Grub
On 02/08/2013 02:27 PM, Dmitrijs Ledkovs wrote: On 8 February 2013 10:04, Sergey Shnatsel Davidoff ser...@elementaryos.org wrote: Nice... Now can you tell grub to boot entry 1, 3, 7, etc? Read an alternate grub.conf? Rapid reboot :) Yes, you can, with grub-reboot command. You should probably team up with the script kitties behind Unity Reboot (http://www.webupd8.org/2013/01/unity-reboot-launcher-to-quickly-reboot.html) and implement a faster reboot sequence. I believe it would be beneficial for both parties. Wait a second. There is a whole plan and design to integrated Reboot into in the g-s-d panel and the reboot popup. Yes, it might be mine or someone else's. There's an ANCIENT spec for RapidReboot https://wiki.ubuntu.com/RapidReboot It looks like revision 1 was indeed me ... in 2006. And I was late to the party. Again, kexec was made for rebooting is slow, there's ten million server bioses. We want this in ubuntu as well =) Mpt, can you point where the designs are? Since technically the utility exists and prof of concept it should be quick to integrate. Regards, Dmitrijs. -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: kexec and Grub
On Feb 6, 2013 7:12 AM, Colin Watson cjwat...@ubuntu.com wrote: On Tue, Feb 05, 2013 at 04:07:58PM -0500, John Moser wrote: Has anyone gotten Grub2 to load via Linux Kexec? It used to be possible to kexec grub.exe for some reason. kexec can boot multiboot images, according to kexec(8); so you should be able to kexec core.img, which has a multiboot header. I suggest trying it first on a non-production system. :-) Nice... Now can you tell grub to boot entry 1, 3, 7, etc? Read an alternate grub.conf? Rapid reboot :) -- Colin Watson [cjwat...@ubuntu.com] -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Puppet version bump
On Tue, Feb 5, 2013 at 12:55 PM, Alec Warner anta...@google.com wrote: On Tue, Feb 5, 2013 at 4:52 AM, Robie Basak robie.ba...@canonical.com wrote: On Sun, Jan 27, 2013 at 11:23:37AM -0500, John Moser wrote: OK further research yields that Debian is not updating Sid due to Can we see this imported to 13.04? What would the implications be of an update to puppet 3 in the archive for installations using older LTS releases running older versions of puppet? Can an agent continue to run 2.7 and be served by a 3 puppetmaster? As long as the server version is = the client version, things are OK. If the client version is the server version, things can go wrong very quickly. 'Wrong' tends to mean 'clients will fail to get updates'. This is correct and important. I'm just trying to identify if there are any cases where it could be painful for users to find that puppet has been updated, for any reasonable upgrade path. Are there any complications that I haven't thought of, or would everything be fine? I run puppet on thousands of nodes. If you updated puppet in the middle of an LTS; I would be *pissed* as all hell. Yes and I am absolutely *not* recommending they update the LTS. I'm recommending the latest up-and-coming release of Ubuntu get the new Puppet. If you want to continue using an LTS with Puppet, you have three choices: 1. Keep your shop LTS. When a new LTS comes out, upgrade your Puppetmaster FIRST (after all staging of course), then roll out the LTS updates to the clients. 2. Convince Ubuntu to put the newest Puppetmaster in Backports. I am not advocating this either. 3. Use the Puppetlabs repos on your LTS Puppetmaster I have no sympathy for the use case of running your Puppetmaster as LTS and expecting the next five years of Ubuntu releases to hold back updating Puppet just so you can mix and match LTS server with latest-release clients. Among other things, this would cause an issue where overlapping LTS (i.e. 3 years between) would require the new LTS stay on the old Puppet, which means that Puppet never gets upgraded since there is always an in-life LTS holding back Puppet for all further releases when a new LTS comes out. I do have sympathy for the use case of staying on an LTS for the whole network. If you use LTS Puppetmaster to administrate LTS servers, this should not break. Mind you if an update to Puppet comes down to the LTS, the Puppetmaster will update; but maybe you don't WANT to move forward--that's why you're on LTS. Yes I understand this use case and yes it is problematic in many ways, but it can be handled stably at the discretion of the administrator--it's up to you to decide to update your server to a newer version, move to a newer Puppetmaster, update your modules and other Puppet code to work with the newest Puppetmaster, and then perform your roll-outs. We don't need to throw down HERE IS PUPPET 3.1 FOR LTS ENJOY YOUR BREAKAGE at people. My advice to you: If your LTS Puppetmaster isn't going to handle Puppet 3.0 or 3.1 clients, don't upgrade your administrated servers to Raring. Wait for the next LTS; go Puppetlabs repos; or upgrade your Puppetmaster to Raring first. Robie -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Puppet version bump
On Tue, Feb 5, 2013 at 2:09 PM, Alec Warner anta...@google.com wrote: On Tue, Feb 5, 2013 at 10:07 AM, John Moser john.r.mo...@gmail.com wrote: I have no sympathy for the use case of running your Puppetmaster as LTS and expecting the next five years of Ubuntu releases to hold back updating Puppet just so you can mix and match LTS server with latest-release clients. Among other things, this would cause an issue where overlapping LTS (i.e. 3 years between) would require the new LTS stay on the old Puppet, which means that Puppet never gets upgraded since there is always an in-life LTS holding back Puppet for all further releases when a new LTS comes out. I don't think any sane customers expect this (and I do not.) Letter updates (P - Q, Q - R) are when I expect changes (and pain!) But that is why we are on a release based OS and not a rolling release like Arch ;) Oh good, then we're on the same page. On a related note, Puppet 3.1 came out ... yesterday. So next debate: 3.0.2 or 3.1 into Debian experimental? (I've been trying to get it brought in) 3.1 did not include https://projects.puppetlabs.com/issues/16856 or I would be lobbying heavily for 3.1 into Experimental and then directly into Ubuntu. As is, there are good arguments for sticking to 3.0.2 in this scenario (notably: stuff was deprecated in 3.0; it is GONE in 3.1, and now Ubuntu/Debian have to make a jump since next Stable will be 2.7 for Debian and the last was 2.7 for Ubuntu. The 2.7 - 3.1 jump is nasty). Alec, I'm sure you can appreciate the implications, as well as the challenging difficulties now faced due to failure to keep up with a fast moving target. If it's that important, we may need to just throw down 3.0 and 3.1 and meta-packages for a while here. This is all kinds of badness, too: 3.0 is dead; 3.0.2 is the last and there will be no more updates to the branch (think Apple Quicktime, you know the drill), so we definitely don't want to support Puppet 3 for an extended time because no bugfixes. TBH, for Puppet in general, your task is to keep up; like Pacemaker, Corosync, and Heartbeat, Puppet is racing towards advancement and things are rapidly changing. You should see the mess that is Pacemaker/Corosync, trying with RHEL5 and RHEL6 and SuSE and Debian gets you many different procedures and different configurations required. It's now somewhat stabilized, and has grown into something awesome. Puppet is doing that right now and pain will come. -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
kexec and Grub
Has anyone gotten Grub2 to load via Linux Kexec? It used to be possible to kexec grub.exe for some reason. I have been tasked tonight to reboot a very critical production server during a short window. It's long enough, but at the moment our big issue is that the reboot will be somewhere between 3-5 minutes up to 18 minutes (we don't know) because server hardware does a ton of self-check and has RAID, Video, bootrom, etc BIOS crap to go through. Years ago, this came up and Kexec was written. Nobody uses it. We use it for fancy debugging but that's it. So I propose: We must find a method of rebooting into A) a bootloader entry; or B) directly into Grub2 and let it boot the system. (B) would be less fragile, as any incorrectness in (A) will at best make kexec fail during late-stage shutdown and at worst load the kernel with invalid parameters and cause a panic before mounting rootfs (a nightmare without remote console). Loading the bootloader can only fail in general, in which case we can go as far as re-initializing init onto an operating runlevel and come back up without a reboot (white hot reboot). So: - Cold boot (physical power cycle) - Warm boot (ACPI reboot) - Red hot boot (drop back and reload the kernel/bootloader) - White hot boot (shutdown completely, then go back into a live runlevel rather than halt or reboot) We're attempting a red hot boot, and on soft failure coming out via a white hot boot. If Linux can respond to panic() by warm boot, that would be very optimal. (Spoiler: the next logical step would be porting freeze/thaw from Dragonfly so you can reboot into a new kernel without closing your desktop session. Yes, this is totally doable. You would not believe the insanity that is physically possible.) -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Puppet version bump
On Tue, Feb 5, 2013 at 4:07 PM, Jordon Bedwell jor...@envygeeks.com wrote: On Tue, Feb 5, 2013 at 3:00 PM, John Moser john.r.mo...@gmail.com wrote: On a related note, Puppet 3.1 came out ... yesterday. So next debate: 3.0.2 or 3.1 into Debian experimental? (I've been trying to get it brought in) If it were me, I would rather fight to upgrade once, not twice. 3.1 did not include https://projects.puppetlabs.com/issues/16856 or I would be lobbying heavily for 3.1 into Experimental and then directly into Ubuntu. As is, there are good arguments for sticking to 3.0.2 in this scenario (notably: stuff was deprecated in 3.0; it is GONE in 3.1, and now Ubuntu/Debian have to make a jump since next Stable will be 2.7 for Debian and the last was 2.7 for Ubuntu. The 2.7 - 3.1 jump is nasty). Exactly my point, I would rather fight once to upgrade then fight once to upgrade then have to fight again to figure out what hell broke in the next upgrade though most of the time it can be somewhat straight forward if treading carefully. I'd rather it all fall down at once during a test-run and it be fixed than me have to do those runs twice in the same year. I work in a place without staging, and we desperately need it, and I am becoming slowly more aggressive and will be making arguments after I torch my burn down charts. Think about that though. No testing environment. So much pain. With a testing environment, massive breakage to me is just a playground and casual Friday. -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: kexec and Grub
On Tue, Feb 5, 2013 at 4:44 PM, Felix Miata mrma...@earthlink.net wrote: On 2013-02-05 16:07 (GMT-0500) John Moser composed: Has anyone gotten Grub2 to load via Linux Kexec? It used to be possible to kexec grub.exe for some reason. This question makes me think either you haven't read the kexec man page, or one of misunderstands it. Why need any bootloader be involved with kexec usage? Oh I understand it. Just jumping straight to the bootloader is a desirable use case. Also covered in my message, you are less error prone going through the bootloader. Consider these two possible paths to solve the above problem: SOLUTION A: - Write yourself a Grub parser (maybe even something that runs grub itself and gets it to spit out a list of boot options, a select boot option, or the default boot option) - Parse the data you get into viable arguments to pass to kexec for loading the kernel, initrd, setting parameters, etc. - Shut down the system to a halt state and call kexec as your termination (halt, reboot, etc) command. SOLUTION B: - Load Grub into kexec - Shut down the system into a halt state and call kexec as your termination (halt, reboot, etc) command Which of these looks easier? -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Puppet version bump
On 02/05/2013 07:45 PM, Ryan Tandy wrote: John Moser john.r.moser at gmail.com writes: 2. Convince Ubuntu to put the newest Puppetmaster in Backports. I am not advocating this either. Slightly off-topic, but FWIW I would be happy to see raring's puppet (whatever version that ends up being) in precise-backports. lucid-backports has puppet 2.7 and that made my life a LOT easier since my puppetmaster runs precise and I am using some recent modules. Having backports available but not installed by default is really quite nice. Furthermore it's quite likely that at some point I'll have some clients running a newer Ubuntu than the puppetmaster, and it would be great to be able to support it just by upgrading puppetmaster to a backports version. http://apt.puppetlabs.com/ While we're at it, why is etckeeper stuff in the package? The Puppetlabs guys said because it's in Debian's package and Debian packagers are fruitbats, so they're imitating for compatibility. -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Puppet version bump
On 02/05/2013 07:58 PM, Alec Warner wrote: On Tue, Feb 5, 2013 at 4:50 PM, John Moser john.r.mo...@gmail.com wrote: On 02/05/2013 07:45 PM, Ryan Tandy wrote: John Moser john.r.moser at gmail.com writes: 2. Convince Ubuntu to put the newest Puppetmaster in Backports. I am not advocating this either. Slightly off-topic, but FWIW I would be happy to see raring's puppet (whatever version that ends up being) in precise-backports. lucid-backports has puppet 2.7 and that made my life a LOT easier since my puppetmaster runs precise and I am using some recent modules. Having backports available but not installed by default is really quite nice. Furthermore it's quite likely that at some point I'll have some clients running a newer Ubuntu than the puppetmaster, and it would be great to be able to support it just by upgrading puppetmaster to a backports version. http://apt.puppetlabs.com/ While we're at it, why is etckeeper stuff in the package? The Puppetlabs guys said because it's in Debian's package and Debian packagers are fruitbats, so they're imitating for compatibility. I know Nigel Kirsten and Andrew Pollock, so if there is stuff wrong in the debian packaging I am happy to chat with them. I'm just relaying what I got from #puppet on freenode. There seems to be no purpose to hooking etckeeper--at least, none that warrants hooking it into puppet by default. -A -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Puppet version bump
On 01/26/2013 02:19 PM, John Moser wrote: I'm noticing that 2.7 is still the version of Puppet in Raring; however, version 3.0 was released October 1, 2012, before release of 12.04: https://groups.google.com/forum/#!topic/puppet-users/lqmTBX9XDtw/discussion Does this package currently not have a maintainer, or is it just slow in Debian as well? 3.0 is an important release. (Every Puppet release is an important release; Puppet is rather volatile.) New features include integration of Hiera and deprecation of stored configurations in favor of PuppetDB for the same task. Also the kick feature is deprecated in favor of mcollective. Deprecated features still work, but the transition must be made before they become non-existent. You cannot jump from 2.7 to future 3.5 without pain; 3.0 still allows some things that are going away, but provides their replacements, so you can move smoothly. OK further research yields that Debian is not updating Sid due to feature freeze for Testing. However, Mathisain notes this: On the other hand, the master packaging branch at http://anonscm.debian.org/gitweb/?p=pkg-puppet/puppet.git;a=summary yields a working set of puppet 3.0.2 debs, they're just not tagged with a debian release. Feel free to use that until we can upload to sid. Can we see this imported to 13.04? -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Puppet version bump
I'm noticing that 2.7 is still the version of Puppet in Raring; however, version 3.0 was released October 1, 2012, before release of 12.04: https://groups.google.com/forum/#!topic/puppet-users/lqmTBX9XDtw/discussion Does this package currently not have a maintainer, or is it just slow in Debian as well? 3.0 is an important release. (Every Puppet release is an important release; Puppet is rather volatile.) New features include integration of Hiera and deprecation of stored configurations in favor of PuppetDB for the same task. Also the kick feature is deprecated in favor of mcollective. Deprecated features still work, but the transition must be made before they become non-existent. You cannot jump from 2.7 to future 3.5 without pain; 3.0 still allows some things that are going away, but provides their replacements, so you can move smoothly. -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Puppet version bump
On 01/26/2013 02:29 PM, Jordon Bedwell wrote: On Sat, Jan 26, 2013 at 1:19 PM, John Moser john.r.mo...@gmail.com wrote: I'm noticing that 2.7 is still the version of Puppet in Raring; however, version 3.0 was released October 1, 2012, before release of 12.04: https://groups.google.com/forum/#!topic/puppet-users/lqmTBX9XDtw/discussion Does this package currently not have a maintainer, or is it just slow 12.04 was released on 26/4/12 not in October. 12.10 was released in Yes typo, can't keep number straight in my head like this. October and Puppets release was after the feature freeze. You will need to wait until 13.04. It has nothing to do with being slow, it has to do with them either releasing before the feature freeze or having to wait until the next release cycle. Typically a feature It is still 2.7 in 13.04 http://packages.ubuntu.com/raring/admin/puppet freeze happens 1-2 months before release... so if puppet releases 3.0 in October there is no reason for it to make it into 12.10 (in that case) because there were probably no super important security updates that mandated an extreme exception. No, but there is reason to immediately update it in 13.04 after dropping the 12.10 release. Packages are available in their own repositories, as well as source debs and SRPMs. It makes little sense for a package that was outdated before the last release of Ubuntu to remain in the current release, in Main, when there is a compelling reason to update the package. The only interesting assumptions are that either the Ubuntu or the Debian maintainers (or both) aren't paying attention; it's not like puppet gets as much focus as openssh or firefox. -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Puppet version bump
On 01/26/2013 04:01 PM, Tom H wrote: On Sat, Jan 26, 2013 at 2:19 PM, John Moser john.r.mo...@gmail.com wrote: I'm noticing that 2.7 is still the version of Puppet in Raring; however, version 3.0 was released October 1, 2012, before release of 12.04: I assume that you mean 13.04. I meant 12.10. Point being this stuff was out before the last version was released, should have been a bump after release since all the feature freezes come off for the new dev cycle. the numbers. They flip flop a lot. These are not the binary digits you are looking for. https://groups.google.com/forum/#!topic/puppet-users/lqmTBX9XDtw/discussion Does this package currently not have a maintainer, or is it just slow in Debian as well? There were two puppet 3.0.0-rcX uploads to Debian experimental in May and they'll move to unstable, and therefore be inheritable by Ubuntu, once Debian 7's released. They're past -rc, it's at 3.0.2 now. I would avoid an -rc update; at least 3.0.0 stable. -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Ubuntu and derivatives (Re: Ubuntu.com Download Page)
On 01/25/2013 06:17 PM, Jordon Bedwell wrote: On Fri, Jan 25, 2013 at 5:13 PM, Allison Randal alli...@ubuntu.com wrote: On 01/25/2013 02:38 PM, Scott Kitterman wrote: Each flavor has a dedicated landing page: kubuntu.org, edubuntu.org, xubuntu.org, ubuntustudio.org, mythbuntu.org, lubuntu.net. The one for *U*buntu (with *U* for Unity is ubuntu.com. By that flawed and short-sighted logic how do you explain Ubuntu with a G for GNOME up until a couple of years ago? Mark Shuttleworth hadn't figured out what direction he wanted to take his megalomania in yet and was biding his time for something disruptive to happen so he could try to usurp GNOME's position. (Honestly, Unity gets criticized, laughed at, and used as a primary example of how Ubuntu is nothing more than a new love child of Microsoft Embrace-Extend-Extinguish and RedHat Not-Invented-Here mentalities. Do you think it would have lasted more than a week if they had rolled that out without major disruptive changes in GNOME a la Gnome-Shell? People jumped ship as-is.) -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Promote puppet to main?
Are there any specific reasons for not promoting Puppet and/or Chef to main in the next release or two? I'm leaning on Puppet because that's what I'm using, because it's easier to learn somehow (more books about it, better documentation, and just falls together); Chef, Ansible, and cfengine are fairly popular as well. These tools centralize configuration. Puppet is declarative (you tell it what you want the system to look like) and idempotent (you WILL get the same results no matter what order things are executed in, no matter how many times you execute them); Chef is imperative (you tell it how to do it); the others are unknown to me. In Puppet specifically, a pile of stuff goes into the modules describing what the system should look like and which bits depend on which other bits. The modules specify packages to install, configuration files (from files or from templates modified by parameters), services that must be running, and relationships (dependencies, alerts i.e. for the purpose of restarting services when a configuration file is changed, etc). Classes in the modules may take parameters, allowing for interesting configuration--a Web server node could include nodes/web-01.example.com/vhosts/*, which are a bunch of .pp files importing the apache::config::vhost class with different parameters, thus generating a bunch of files for the vhosts configured on the server. This allows you to stand up a system instantly by pointing the Puppet agent at Puppetmaster. All required packages are installed, configuration files are brought in, and services are started. Modifying any configuration files on the Puppetmaster server will produce updates on the given node; these updates may cause services to restart, if necessary. Puppet examines the remote system and makes decisions about what kind of configuration it needs. It can decide if apt-get, emerge, yum, pkginst, or the like is needed to install a package. It will inform the modules of many OS parameters including type, version, processor type, and other things, so that decisions can be made--for example, to use a RedHat specific config file, or to use a different package name on Solaris than on Ubuntu, or to generate the /etc/apt/sources.list.d/ files with 'debian' or 'ubuntu' and with 'squeeze' or 'edgy' or 'precise'. A TLS certificate is generated, signed by the puppet server, and placed on the remote server; the common name in the certificate is used as the node name. Puppet can automatically generate a signed certificate for a new node, using its hostname as a common name, and push it to the agent. It is preferable to manually generate the certificate in high-security settings. Puppet has an access control list based on whether an agent is authenticated (i.e. presents a signed, known certificate) or not, which provides four of the primary security guarantees (Authentication, Authorization, Confidentiality, Integrity). You can also create a subversion repository for /etc/puppet/modules and /etc/puppet/manifests. Check out your modules or your manifests, make changes, then check them in and have subversion respond to a check-in by pushing an update to the Puppet server. Chef allows you to store Cookbooks in a git repository, so you can always roll back to a previous Cookbook version and apply different versions of Cookbooks to different servers. Bringing Puppet into main and giving puppet and puppetmaster their own Tasksel entries in Ubuntu Server would represent a significant step forward. Chef is more of an unknown to me, as I had difficulty getting started with it; I know of a few places that do use Chef and, as well, Ansible and cfengine, so there is market for all such tools. Puppet seems to have the greatest mind share at the moment; and of course, obviously, as stated, I have my own preference for it at the moment. There are also excellent books on Puppet such as Pro Puppet by John Turnbull. And whatnot. Did anybody actually not know what these things are? -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Promote puppet to main?
On 12/24/2012 10:23 PM, John Moser wrote: [Inane rambling] Somehow I missed that puppet is ALREADY IN MAIN. Okay, can we just get a tasksel for puppet and puppetmaster on Ubuntu Server then? *hides face* *wanders off* -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Fwd: Chef-server
Gentlemen, It appears that Chef packages are hit-and-miss in Universe in Ubuntu. They are also not entirely present in Debian, although present in earlier Ubuntu installations. See Debian: http://packages.debian.org/search?suite=defaultsection=allarch=anysearchon=nameskeywords=chef-server And Ubuntu: http://packages.ubuntu.com/search?keywords=chef-server Packages and source tarballs appear available from this location: http://apt.opscode.com/pool/main/ Potentially these are appropriate for multiverse, if the Chef developers are willing to submit them. Some packages in Debian have DFSG designation, so I assume some modifications are necessary for inclusion of Chef in Universe or Main. I am simply at a loss as to why some packages have been brought over, yet others have not. Perhaps the client is simply more open and thus easier to import by policy, and so the bits needed to interact with a server are brought in functionally but the bits needed to run a server are left out. That would at least be a valuable effort and explain the current state of things. But that is simply speculation on my part. -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Possible inclusion of zram-config on default install
it's a definite win for large configurations infrequent swapping, much more additional RAM), as well as for small configurations where there's a lot of swapping (faster than swapping). I wrote and use an init script that breaks up the zswap into n devices, 1 per cpu execution thread, to fully parallel the operation. If you swap 64KiB at once with 8 core plus hyperthreading, the kernel will do 16 4k pages in parallel under that configuration--big, multi-CPU, hypethreaded servers (it's a big 30% gain with parallel like threads, i.e. compression) benefit much from this. Less useful in VMs, where such things should really happen at the hypervisor. On 12/07/2012 05:32 PM, Fabio Pedretti wrote: It would be nice if Ubuntu could include zram-config by default. This package set up compressed RAM swap space and can lower RAM requirements for running and installing Ubuntu. It should be a win for every configuration. Since kernel 3.8 the zram module is out of staging, I am using it since precise with no problem. The bug request is here: https://bugs.launchpad.net/ubuntu/+source/zram-config/+bug/381059 -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Possible inclusion of zram-config on default install
On 12/07/2012 05:44 PM, Jordon Bedwell wrote: -1. I am not on a netbook and even my laptop have 12gb of Ram. It would be nice if Ubuntu did detect your ram and decide but not force it on people like me who aren't memory constrained. In an abundant memory situation, the device is set up and sits idle consuming zero CPU resources and a few pages of RAM. As memory is not constrained, the few pages of RAM are negligible. Extremely. On Fri, Dec 7, 2012 at 4:32 PM, Fabio Pedretti fabio@libero.it wrote: It would be nice if Ubuntu could include zram-config by default. This package set up compressed RAM swap space and can lower RAM requirements for running and installing Ubuntu. It should be a win for every configuration. Since kernel 3.8 the zram module is out of staging, I am using it since precise with no problem. The bug request is here: https://bugs.launchpad.net/ubuntu/+source/zram-config/+bug/381059 -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
RTMP/HLS in Nginx for 13.04
Can we look at adding this to nginx-extras? http://rarut.wordpress.com/2012/06/25/hls-support-in-nginx-rtmp-16-2/ It's possibly not ready yet, but there's 5 months to go. It's real simple to get in the package. Basically I added dependencies to debian/control: Build-Depends: add the below libavcodec-dev, libavformat-dev You should also add libav to the dependencies. To get the actual module source, I snagged: https://github.com/arut/nginx-rtmp-module/archive/master.zip and unzipped it to debian/modules/, changing the folder to nginx-rtmp-module (instead of nginx-rtmp-module-master) Then, debian/rules, under config.status.extras, I added this to ./configure: --add-module=$(MODULESDIR)/nginx-rtmp-module \ --add-module=$(MODULESDIR)/nginx-rtmp-module/hls \ $(CONFIGURE_OPTS) $@ (obviously, the last line was already there). These have to go into debian/source/include-binaries: debian/modules/nginx-rtmp-module/doc/video_file_format_spec_v10.pdf debian/modules/nginx-rtmp-module/doc/rtmp-decoded.pdf debian/modules/nginx-rtmp-module/test/rtmp-publisher/RtmpPlayer.swf debian/modules/nginx-rtmp-module/test/rtmp-publisher/RtmpPublisher.swf debian/modules/nginx-rtmp-module/test/www/jwplayer_old/player.swf debian/modules/nginx-rtmp-module/test/www/jwplayer/player.swf After that it's just dpkg-buildpackage -rfakeroot and you're good. the nginx-extras package includes rtmp and hls. Viability? -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Update manager mandating rebooting
On 10/31/2012 06:45 PM, Dale Amon wrote: On Wed, Oct 31, 2012 at 12:09:09PM -0500, Jordon Bedwell wrote: That's a subjective point of view, if libssl is vulnerable or the kernel is vulnerable you need to restart too, not because you can't restart services or use a rolling Kernel (read KSplice) but because there are multiple ways to look at it, from my perspective a login and logout is just as fast as a reboot (because reboot requires less steps for me since again I'm already in my terminal and my laptop boots at blazing speeds.) I would much rather reboot than trust a system that assumes it knows every possible service that could be using a vulnerable lib reliably and reboot them. It's easier that way. Easy grep -iHnr libssl /proc/[0-9]* is good but easy shouldn't be annoying like what you describe happens with update manager when you update . It has long been the way of professional unix servers that they almost never need to be rebooted except for a kernel update, and on 'real' servers you only do that during scheduled maintenance windows. I'm using Gnome-Shell, so I just tap the top left corner and hit the X on the REBOOT NOW PLZ window and it goes away. ;) I look forward to the day when someone finds a way to reliably switch into a new kernel so that I never need to reboot a system ever again... except to take it out of service. -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Default group
Currently each Ubuntu user gets his own group, so: jsmith:jsmith lmanning:lmanning rpaul:rpaul and so on. I feel this is a lot of clutter for no benefit. First let's discuss the benefit. Since each user has his own group, the administrator can grant other users access to each others' files in a fine-grained manner by adding them to other users' groups. This seems useful, but consider: - To modify the groups a user is in, you must have administrative access - As long as you're modifying users anyway, you're in a position to create a group and add both users to it - This is better accomplished with POSIX ACLs, which users can control on files they own That third one, by the way, suggests that we should have a Windows NT style permissions tab in Nautilus' file properties such that you can add a user and alter their permissions. UNIX permissions allow you to set Owner, Group, Owner access, Group access, Other access; POSIX ACLs allow additional Users and Groups to be added with their own permissions as well. Thus: Creator/Owner: [User] Group: [Group] Permissions: ::Creator/Owner: rwx ::Group: --- ::Everyone: --- ::group=developers: rwx ::group=managers: r-x etc The above suggests to me that any such benefit from giving users individual groups is quickly mitigated because either A) the users are all administrators, so sharing versus isolating files is wholly imaginary; or B) giving fine-grained access via group membership requires administrator mediation. I suggest all users should go into group 'users' as the default group, with $HOME default to 700 and in the group 'users'. A umask of 027 or the traditional 022 is still viable: the files in $HOME are not visible because you cannot list the contents of $HOME (not readable) or change into it to access the files within (not executable). A user can grant permissions to other users to access his files simply by making the directory readable by them--by 'users' or others (thus everyone) or by fine-grained POSIX ACLs selecting for individual users and groups. -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Default group
On Wed, Oct 17, 2012 at 10:05 AM, Jordon Bedwell jor...@envygeeks.com wrote: The problem with this is how are you going to fix permissions on bad software like Ruby Gems who do not reset permissions when packaging and uploading to the public repository (because they claim this would violate security even though it comes from a public repo like the Debian repo and having public read and execute on a public gem from a public place is bad.) This has a huge impact as a default permission for not just examples like Ruby gems but other software do not reset when packaging, making it more cumbersome to package software and making it so now work around's are the rule and not the exception. Explain the problem more. The directory the user is in would be owned by $USER:users instead of $USER:$USER. The only difference, then, is instead of your stuff being owned by jordon:jordon it's owned by jordon:users. What you're saying here is... I don't know what you're saying. Permissions are currently $USER:users by default with umask=022 and $HOME permissions of 755 which means every file is created as: drwxr-xr-x jordan:jordan /home/jordan drwxr-xr-x jordan:jordan /home/jordan/somedir -rwxr--r-- jordan:jordan /home/jordan/somefile What I'm suggesting is either umask=022 with a shared 'users' group and a default $HOME permission of 700, so drwx-- jordan:users /home/jordan drwxr-xr-x jordan:users /home/jordan/somedir -rwxr--r-- jordan:users /home/jordan/somefile In which case if you give the 'users' group or (via extended ACL) any other group or person read/execute on /home/jordan they can read everything: they're in 'users' and thus have access to your files, just before they couldn't actually reach the inode. If you give 'others' read/execute on /home/jordan then everyone on the system can see inside your $HOME, as is the case now. ...OR--more risky--a default umask=027 with a shared 'users' group and a default $HOME permission of 700, so drwx-- jordan:users /home/jordan drwxr-x--- jordan:users /home/jordan/somedir drwxr- jordan:users /home/jordan/somefile and security is increased, nominally, but honestly not much. The security boost here is files created in shared directories or hardlinks created won't let anyone and everyone read those files; the truth of the matter is that shouldn't happen, and stuff done in /tmp is usually ... temporary, and aware of the security implications. More restrictive you could umask=077, but same deal, and then if you want to give anyone access to your files you have to change permissions the whole way down (which opens up the user to mistakes like chmod -R on $HOME and exposing their SSH keys). How does putting everyone in the same group and changing $HOME to 0700 do what you said? -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
pam-tmpdir promote to main?
Can we promote pam-tmpdir to main instead of universe for 13.04? It seems to work pretty well now, and so I recommend activating it by default early in the development cycle. Very early. Like first change early: pam-tmpdir is part of the base system default install. The rationale for this is pam-tmpdir makes changes to $TMP and $TMPDIR which affect application behavior. Non-conforming applications will dump their temp files into /tmp anyway; conforming applications using $TMP or $TMPDIR will put them in a user-specific directory. SOME applications may break--they shouldn't, but GDM broke in 2004 so I could see things breaking. Applications ceasing to function is what I'm interested in. Anything that's built and tested that fails to run properly under pam-tmpdir. pam-tmpdir creates a root-owned directory /tmp/users with permissions o=--x. Upon log-on, pam creates a directory /tmp/users/$UID/ owned by the user and with permissions 700. That becomes $TMP and $TMPDIR, and so most applications put their temporary files there. -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Default group
On Wed, Oct 17, 2012 at 10:44 AM, Marc Deslauriers marc.deslauri...@canonical.com wrote: On 12-10-17 09:59 AM, John Moser wrote: I suggest all users should go into group 'users' as the default group, with $HOME default to 700 and in the group 'users'. A umask of 027 or the traditional 022 is still viable: the files in $HOME are not visible because you cannot list the contents of $HOME (not readable) or change into it to access the files within (not executable). A user can grant permissions to other users to access his files simply by making the directory readable by them--by 'users' or others (thus everyone) or by fine-grained POSIX ACLs selecting for individual users and groups. We want users to be able to share files with other users. Having $HOME be 700 defeats that purpose. See: https://wiki.ubuntu.com/SecurityTeam/Policies#Permissive_Home_Directory_Access Which, as I said, is accomplished by adding the user or an appropriate group to the Extended ACL of $HOME, as the umask is still permissive and the files are all owned by a common user group. It can also be blanket accomplished by adding read access to group or others on $HOME, which would return the system to effectively as it is now. Also, one of the reasons for using User Private Groups, is to be able to create directories that are used by multiple users, by setting the setgid on the directory. With a default umask of 022, users need to manually set group permissions each time they create a file. Setting setgid on the directory to allow multiple users to add files to it still requires that the users be in the group or that the directory be world-writable. The proper way to accomplish this is, again, to place the directory into the shared 'users' group and grant individual user or group access via ACLs, rather than a shotgun approach by which either the directory is either world-writable or the users have to be put into some other user's group and then suddenly have blanket access to that user's files unless he tightens down permissions on his $HOME. setgid would also do ... just about nothing, since without setUID on the directory the file's permissions are still g-w. Although some Googling is telling me that Ubuntu changed the default umask to 002 back in Oneric, so apparently yeah this works, caveat above paragraph. In short, the current method is a lot of this works... with a lot of unintended consequences. Marc. -- Marc Deslauriers Ubuntu Security Engineer | http://www.ubuntu.com/ Canonical Ltd. | http://www.canonical.com/ -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: pam-tmpdir promote to main?
On Wed, Oct 17, 2012 at 10:52 AM, Marc Deslauriers marc.deslauri...@canonical.com wrote: Now that we have symlink restrictions in Ubuntu, security issues with using the /tmp directory are greatly reduced. Since Quantal now sets $XDG_RUNTIME_DIR, apps should use it or one of the other $XDG_* locations to store temporary user data. If use of /tmp is still necessary, apps should simply assign appropriate permissions to the files they create in /tmp. I'm more concerned with keeping the contents of /tmp private. When I filed bugs for Thunderbird and Firefox years ago (which never got fixed) I pointed out things like site designations, client names, and (amusingly) pornography being leaked through /tmp. Which has got to be great when you're 15 and peeking at /tmp to see what kinds of flicks your dad's been downloading, though now everything streams in browser. Well, except torrent names, which are spewed all over the place, and stay there until reboot. Please file bugs on any app that doesn't currently do this properly. Marc. -- Marc Deslauriers Ubuntu Security Engineer | http://www.ubuntu.com/ Canonical Ltd. | http://www.canonical.com/ -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Default group
do it. You'd share both directories with both users. The second user would have to share a directory to you--direction is suddenly critically important to semantics of overall access. And of course when you have three users doing this to each other, suddenly there's no arrangement that works. In truth it's the same problem as just ... basic Unix groups. You want Developers and Managers to all be able to access a certain folder, but you don't want to make all Developers also Managers because they'd be able to do things like monkey with their own salary. Then you decide you don't want to make Managers Developers because they'll monkey with the code even though they're not supposed to and most of them were good programmers 10 years ago but have gotten rusty and refuse to admit it. What now? Only difference is our use case has more unstructured sharing, which means the problems that creep up creep up REALLY FAST and much more often and usually go unnoticed. On Wed, Oct 17, 2012 at 3:14 PM, Nicolas Michel be.nicolas.mic...@gmail.com wrote: John, Do you know KISS? So ACL works well. But it's really more complicated to use than UGO and surely to understand who has which access to what. Trust me it can be really hard to get it with complex configurations. So I would say : why use a complex solution for a simple need? Regards, Nicolas 2012/10/17 John Moser john.r.mo...@gmail.com On Wed, Oct 17, 2012 at 10:44 AM, Marc Deslauriers marc.deslauri...@canonical.com wrote: On 12-10-17 09:59 AM, John Moser wrote: I suggest all users should go into group 'users' as the default group, with $HOME default to 700 and in the group 'users'. A umask of 027 or the traditional 022 is still viable: the files in $HOME are not visible because you cannot list the contents of $HOME (not readable) or change into it to access the files within (not executable). A user can grant permissions to other users to access his files simply by making the directory readable by them--by 'users' or others (thus everyone) or by fine-grained POSIX ACLs selecting for individual users and groups. We want users to be able to share files with other users. Having $HOME be 700 defeats that purpose. See: https://wiki.ubuntu.com/SecurityTeam/Policies#Permissive_Home_Directory_Access Which, as I said, is accomplished by adding the user or an appropriate group to the Extended ACL of $HOME, as the umask is still permissive and the files are all owned by a common user group. It can also be blanket accomplished by adding read access to group or others on $HOME, which would return the system to effectively as it is now. Also, one of the reasons for using User Private Groups, is to be able to create directories that are used by multiple users, by setting the setgid on the directory. With a default umask of 022, users need to manually set group permissions each time they create a file. Setting setgid on the directory to allow multiple users to add files to it still requires that the users be in the group or that the directory be world-writable. The proper way to accomplish this is, again, to place the directory into the shared 'users' group and grant individual user or group access via ACLs, rather than a shotgun approach by which either the directory is either world-writable or the users have to be put into some other user's group and then suddenly have blanket access to that user's files unless he tightens down permissions on his $HOME. setgid would also do ... just about nothing, since without setUID on the directory the file's permissions are still g-w. Although some Googling is telling me that Ubuntu changed the default umask to 002 back in Oneric, so apparently yeah this works, caveat above paragraph. In short, the current method is a lot of this works... with a lot of unintended consequences. Marc. -- Marc Deslauriers Ubuntu Security Engineer | http://www.ubuntu.com/ Canonical Ltd. | http://www.canonical.com/ -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss -- Nicolas MICHEL -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Default group
On Wed, Oct 17, 2012 at 3:52 PM, John Moser john.r.mo...@gmail.com wrote: First: that's why we need an interface that handles POSIX ACLs properly, long-overdue. It actually occurs to me that this is probably not just technically important, but important for planning purposes. That is, we can sit here arguing all day about theoretical use cases, but everybody is going to have differing opinions that lean in odd directions until certain things are fixed. Or in short, as long as POSIX ACLs require a scout badge in command line comfort, discussing how to leverage POSIX ACLs is pointless because people don't want to think two steps out. Let's see if we can get anything agreeable on that. It'll probably look strikingly like Windows' Security tab, except without supplying Allow/Deny, fine grained special permissions (which don't exist), or having all the Windows main permissions. So, it'll look like the only thing that makes sense in general, and specifically for Unix. That is, a few rows of controls for Owner, Group, and then a list box of permissions with one row with three checkboxes per row for each user (Owner, Group, Everyone, individual users/groups). Can we get that? -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Default group
Doesn't look integrated into the default UI. Workable, but not quite intuitive. Things I'd prefer: - Shows the user and group ownership, instead of piling them is as just part of the ACL. Remember these have special meanings for SUID/SGID. - First three ACL entries are always Owner, Group, and Other. - Integrate into the UI (Konqueror, Gnome) - Apply ACL to Enclosed Files button to apply the ACL all the way down. - Possibly Apply Permissions to Enclosed Files button for only UNIX permissions i.e. something more obvious and intuitive. On 10/17/2012 05:12 PM, Matt Wheeler wrote: It's called eiciel -- Matt Wheeler m...@funkyhat.org mailto:m...@funkyhat.org On 17 Oct 2012 21:15, John Moser john.r.mo...@gmail.com mailto:john.r.mo...@gmail.com wrote: On Wed, Oct 17, 2012 at 3:52 PM, John Moser john.r.mo...@gmail.com mailto:john.r.mo...@gmail.com wrote: First: that's why we need an interface that handles POSIX ACLs properly, long-overdue. It actually occurs to me that this is probably not just technically important, but important for planning purposes. That is, we can sit here arguing all day about theoretical use cases, but everybody is going to have differing opinions that lean in odd directions until certain things are fixed. Or in short, as long as POSIX ACLs require a scout badge in command line comfort, discussing how to leverage POSIX ACLs is pointless because people don't want to think two steps out. Let's see if we can get anything agreeable on that. It'll probably look strikingly like Windows' Security tab, except without supplying Allow/Deny, fine grained special permissions (which don't exist), or having all the Windows main permissions. So, it'll look like the only thing that makes sense in general, and specifically for Unix. That is, a few rows of controls for Owner, Group, and then a list box of permissions with one row with three checkboxes per row for each user (Owner, Group, Everyone, individual users/groups). Can we get that? -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com mailto:Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Default group
On 10/17/2012 05:34 PM, Marc Deslauriers wrote: On 12-10-17 03:52 PM, John Moser wrote: First, he must find the sysadmin. The sysadmin must then put wriker in group jkirk. Also, ~jkirk must be group-readable, as must any files. In a default Ubuntu installation, jkirk's files are already accessible to other users. Yeah I just looked and saw that, my whole $HOME is world-readable. This displeases me. I'd prefer default $HOME chmod 700. A user can't change permissions on his $HOME by himself. Only a sysadmin can. $ ls -ld ~ drwxr--r-x 100 bluefox bluefox 4096 Oct 14 11:47 /home/bluefox $ chmod go-rx ~ $ ls -ld ~ drwx-- 100 bluefox bluefox 4096 Oct 14 11:47 /home/bluefox $ setfacl -m u:root:r ~ $ getfacl ~ # file: home/bluefox # owner: bluefox # group: bluefox user::rwx user:root:r-- group::--- mask::r-- other::--- Try again. This only works if the user default umask is 002, which wouldn't be the case if you're not using User Private Groups. Well, it's the case now; and if we leave it the case and make ACL handling more intuitive, then it'll all work. Changing $HOME to 700 instead of 755 would adequately protect the user's private files in $HOME even with a umask of 002, since you simply can't look into $HOME to read/modify those files anyway. The only other thing needed would then be a Shared Documents alike (borrowing from Windows again--it's a pile of crap but that doesn't mean everything associated is terrible by default) supplying a place for folks to put shared files or such secured shared folders, made sticky of course. Marc. -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Default group
On 10/17/2012 06:43 PM, Marc Deslauriers wrote: On 12-10-17 05:45 PM, John Moser wrote: On 10/17/2012 05:34 PM, Marc Deslauriers wrote: On 12-10-17 03:52 PM, John Moser wrote: First, he must find the sysadmin. The sysadmin must then put wriker in group jkirk. Also, ~jkirk must be group-readable, as must any files. In a default Ubuntu installation, jkirk's files are already accessible to other users. Yeah I just looked and saw that, my whole $HOME is world-readable. This displeases me. I'd prefer default $HOME chmod 700. As I said, we wanted people to be able to share files by default without having to understand granting permissions. This has already been discussed to death, although it's been a while. It's good to revisit things. I'm bringing up what's turning into an evolving alternate proposal, at this point I've gotten as far out as suggesting UI changes and a sticky bit (= /tmp) directory acting as a Shared Documents between users, which I'm guessing didn't come up last round. Sometimes the rules change. Of course, you're absolutely right. I'm not sure what I was thinking there for a sec. :P Wrong facility probably. Changing permission != changing group, which is what this discussion started on. I'm not sure this proposal would be simple enough to be understood by most non-technical users. Also, last time we looked at using extended attributes, there were issues with proper support in common tools, backup software, certain filesystems, etc. This would need to be looked at again to see if extended attributes can be used now. It's certainly worth investigating it again. I may as well continue beating the Look at Windows horse, it's done this right for ages anyway. You should consider your user base though: they've already installed Ubuntu. Most of them. Some probably got a tablet or such that came with it, but single-user systems likely do not care. We're talking about shared multi-user systems where everyone isn't admin, which is kind of a narrow case. That's less most users don't need to know how and more most users won't be faced by a sudden, surprising, confusing change (like moving from Gnome2 to Ubiquity or Gnome3 by default?). In other words, I suspect most users aren't particularly attached to the sharing my files with everyone else case. Finally on that discussion, the current case is--as discussed--a default Share with everyone, and the user has to take an unknown technical step to stop that. That means it's hard (for some value of hard) for some 14 year old girl to stop her little brother from reading her diary. Fortunately actual e-mails are stored in a directory Thunderbird by default forces to 700, although any attachments you save you'll need to purposely revoke permission on. Mostly to the point, documents, saved attachments, saved files off Web sites, PDF collections of Victorian era pornography downloaded from torrents, all by default available without jumping through technical hoops. Don't know about common tools, backup software. I'm well aware it's not straight out-of-box supported by Thunar, Nautilus, and Konqueror--it works, but their file properties dialogs don't let you manage those permissions. Again, Windows does this right. As for filesystems, POSIX ACLs tend to cause issues with read latency for inodes not in disk cache. XFS with 256 byte inodes takes something like 9uS to read a non-ACL inode, 7000uS for an ACL inode; XFS with 512 byte inodes takes 9us either way; and other file systems tend to behave like XFS with 256 byte inodes (9uS-15uS without POSIX ACL, 1000-1500mS with it). This is because another seek-and-read must be done. Not a problem on SSD. not a problem on a warm system, minor performance issue at first boot. This isn't something that's going to slow the system to a crawl: these ACLs are only going to be set on user-owned files, and even then the proposed semantics favor setting them on a directory here and there and so you lose a millisecond or three once in a great while. Do note that performance issues are circa 2003: http://users.suse.com/~agruen/acl/linux-acls/online/ The only other thing needed would then be a Shared Documents alike (borrowing from Windows again--it's a pile of crap but that doesn't mean everything associated is terrible by default) supplying a place for folks to put shared files or such secured shared folders, made sticky of course. Well, right now we're defaulting to sharing everything except private information in private directories. Your proposal is basically to share nothing, and create exceptions. If this is to be discussed again, we probably need to figure out if our users are able to understand file permissions well enough to be able to share documents. I recall Windows XP notifying users that it was in fact going to privatize directories after upgrade, or some such. Such flip-flops have been done. Users
Re: Prevent deletion of file when it is being copied
On Thu, Sep 27, 2012 at 8:34 AM, Nimit Shah nimit.sv...@gmail.com wrote: Haha :D I was removing the useless files and by mistake selected that file as well along with other files. The copy was going on in the background so had forgotten about it. Unix has a proud tradition of assuming you're not a moron. That's why Unix tools don't complain when they do things right. It's like ~$ rm -rf all_my_stuff/ ~$ Because, hey, you asked to remove all your stuff. What do you think happened? It's not like we need to ask for confirmation; you pressed enter, didn't you? Unless something goes distinctly wrong (files/directories are immutable, no permission, etc) I like that you can cut/copy/paste files around in Nautilus without it going, Do you want to place a copy of XXX here? or Are you sure you want to move these files here? When you shift+delete doesn't it ask, though? (Which is silly, yeah; you hit delete, didn't you? Of course you want to delete these files!) Nimit Shah, B Tech 4th year, Computer Engineering Department, SVNIT Surat www.dude-says.blogspot.com On Thu, Sep 27, 2012 at 5:42 PM, Luis Mondesi lem...@gmail.com wrote: El Sep 27, 2012, a las 1:28, Emmet Hikory per...@ubuntu.com escribió: Nimit Shah wrote: While copying a file from my computer to external disk, I by mistake shift+deleted the file. But still the file transfer dialog showed that it was continuing. At the end of the transfer it failed. Hence i request you to add a check for file transfer before deleting the file. As much as this would be a lovely feature, I don't believe that it is something that we could implement in Ubuntu. When copying a file, there are usually two ways to go about it: either open the entire file, and write it to a new location, or open a series of sections of the file, and write them each to a new location. There are a very large number of programs that provide both of these mechanisms in the archive. In the majority of cases, the first potential solution is not used, because it limits file copies to files that fit entirely in memory (with everything else), and requires a longer-running algorithm, but when the second method is used, the file cannot be allowed to be deleted before the file transfer is confirmed as complete. When deleting a file, the usual practice is to remove the reference from the directory definitions (unlinking), leaving the underlying filesystem to manage recovery of the newly available space. Again, there are a vast number of packages in the archive providing programs that do this. In order to implement the feature you describe, we would have to either provide some systems interface that traps all calls to unlink() and checks some external reference to determine if it is being copied or patch all software that could potentially delete files to check the reference, whilst simultaneously patching every package that provides a means to copy a file to populate this reference during the file copy, which would make all such operations considerably slower, with potentially massive impact on server capacities, interactive response times, and battery life. Further, it is unlikely that the developers and maintainers of most of the software in our archive would be willing to accept such patches, given the potential complications and incompatibilities with other systems, such that the result of this vast undertaking would require considerable ongoing development effort to port these patches for each new upstream release. Lastly, in the event that any of the programs providing file copy functionality were to crash, they may not properly clear the reference indicating files whose deletion need block on the transfer completion. As a result of such a crash (or any other bug when updating references), a user's system may end up having any number of files that cannot be deleted without manual intervention into the file transfer reference. -- Emmet HIKORY Usually there are 2 solutions to these types of problems: 1. develop some complex code to deal with it 2. don't do the action to begin with Typically # 2 is the best answer. Writing complex code to avoid something that's obviously the wrong thing to do by the end user seems silly. The users simply have to wait until their files are copied. Why would you delete the file by shift-delete while is being copied!? -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at:
Re: chromium no longer maintained
On 09/04/2012 07:13 AM, Daniel Hollocher wrote: On Tue, Sep 4, 2012 at 6:38 AM, Damian Ivanov damianator...@gmail.com wrote: Hi, It would be nice if someone could step up and maintain the chromium-browser version of chromium, but for whatever reason, that isn't happening. Shouldn't the ppas at least be updated to state that the version held is out of date? Shouldn't version 18 be removed from the archive? There has long been talk of switching to Chromium by default in Ubuntu new installs. For a while wasn't it the default browser in Xubuntu? Look if it gets Google to give Canonical more money (i.e. from product placement, like with the Firefox package's search bar functionality embedding Canonical's adsense ID into Google searches) I say Chromium should be maintained so the portion of the userbase who uses it doesn't go using a downloaded/hand-compiled package and not generating any revenue. Dan -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: chromium no longer maintained
On Tue, Sep 4, 2012 at 8:43 AM, David Klasinc bigwh...@lubica.net wrote: who's forking and who's not. :) Cheeky. -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: ecryptfs default config
did you change your password from your account or using the root account? It looks like pam actually stores encryption keys in /var/lib/ somewhere and can re-cypher them. That only works if you enter the previous password when changing passwords, though (which I hadn't considered, since normally when you init=/bin/bash you drop straight to root...) On 09/02/2012 09:37 AM, Damian Ivanov wrote: Hi John, I appreciate your fast answer! So what can I do to prevent this default behaviour? e.g if password gets changed data is unreadable unless to have the secret key? Wouldn't this be a more reasonable default? Best regards, Damian 2012/9/2 John Moser john.r.mo...@gmail.com: Yes that would indicate that there's a key stored somewhere that doesn't need a known secret, unless pam is storing a key and re-crypting it when you change passwords (unlikely). On 09/02/2012 09:16 AM, Damian Ivanov wrote: Hi folks, I just did an ubuntu 12.04 fresh install and I wanted to test something in ecryptfs. So basically I selected during install to require password to login and to encrypt home folder. I logged in and created secret.txt on my desktop and shut down. I booted up again but in bootloader I appended init=/bin/bash booted into the root shell, did a mount -o remount,rw / and passwd $my_user set a new password and rebooted. After reboot I logged into $my_user account with the new password. secret.txt is readable and all other files too. Is this the expected behaviour?! If yes isn't it better to change the behaviour to something more secure... Regards, Damian -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
LVM and Thin Provisioning
Gents, Do you think in the future Ubuntu would benefit from an LVM with thin provisioning default whole-disk layout? At the moment thin provisioning is not considered stable, and so it would be inappropriate. I believe that once LVM thin provisioning is stable, it would be worthwhile for Ubuntu to use it by default when installing across a whole disk. Essentially with a single large disk, Ubuntu could create one big logical volume such that 100% of the disk is /, 100% is /home, and some small amount is swap. This would allow for snapshot backups, encryption, and such through the supported LVM interfaces. More importantly, it would allow for the isolation of file systems (particularly / and /home) without complex considerations like how big do we make them? The down side to this is LVM complexity--power users can't simply pull up gparted and manipulate LVM partitions, slide things around to install an alternate OS, etc, without learning some new tools. I think power users would plan ahead for that, and other users who do a full disk install won't particularly have such needs because they'll be of the Install one Linux because I want my computer to work variety. Users who are resizing an existing OS and using part of the disk may legitimately have a middle ground where they eventually move to resize partitions (remove the old OS or Ubuntu) and find that their basic knowledge is suddenly useless and they don't know where to go from here or really want to put in that kind of effort. From that perspective, shrinking a Windows partition and putting an LVM Physical Volume next to it with a complex Logical Volume layout may not be a great idea; the distinction between power user and regular user does have a gray-zone border, and these sorts of installs fall within it much more often than straight-up whole disk installs. But then, maybe it'd be perfectly fine anyway. LVM thin provision does legitimize automatic file system migration. Passing TRIM through a thin provisioned LVM volume doesn't just knock a block off an SSD; it tells the thin provisioning layer that that block is free. When an entire extent is TRIMed off, it becomes available again (as is my understanding, anyway). So a user on Ubuntu with ext3 migrating to ext4 loses out on a lot of features that ext4 simply has to be created from scratch for; well you can create a new thin root, move the data across (TRIMing as you go), and then remove the old LV. Even if the disk is 90% full. Same for when some fool has experimented with btrfs and realizes there's no fsck tool (fsck doesn't FIX btrfs, it just tells you if it's broken) and he wants to go back to ext4 or XFS. Thoughts? -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Are UI developers all left handed?
On Thu, Aug 9, 2012 at 8:25 AM, Tom H tomh0...@gmail.com wrote: On Wed, Aug 8, 2012 at 1:52 PM, John Moser john.r.mo...@gmail.com wrote: And Apple with MacOSX, which Unity mimics. The default OS X Dock position is at the bottom of the screen and the Dock can be moved to the left or to the right of the screen. So Unity's Launcher doesn't quite mimic it. If it did, I'd move the Launcher to the bottom with auto-hide. As it is, I just look at switching back and forth between OS X and Unity as a test/game; on OS X go down for the Dock and on Unity go left for the Launcher. You're right, of course. I actually have no idea what MacOSX looks like; the last MacOS I used was system 7. -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Are UI developers all left handed?
On Thu, Aug 9, 2012 at 10:30 AM, Felix Miata mrma...@earthlink.net wrote: On 2012/08/09 10:37 (GMT-0300) Conscious User composed: So the point only seems mostly relevant in two situations: when the person has just arrived on the computer and when the person was typing. The first case does not seem to be statistically significant. The second is valid, but prioritizing it seems strange since a very common argument against Unity and Shell is ZOMG YOU ARE FORCING ME TO TYPE AND TYPING IS FOR NERDY GEEKY DORKS AND NORMAL PEOPLE NEVER TYPE ANYTHING, EVER EVER EVER. Dolts make that argument. People shop and bank online, and fill out other web forms as well. No small number create email rather than just reading it or re-forwarding jokes and pr0n forwarded to themselves. Some even use them for business and run LibreOffice to create snail mail, manuscripts and other things a mouse cannot create, and various other apps to create such mundane things as web content. This is true, most people type, and most people in front of a computer are dolts. Honestly when was the last time you met an intelligent person on the Internet? Answer me that question. Uh huh. You ain't never seen it, 'cause everybody on the Internet is dumb[1]. Honestly I just find the outward motions easier than the inward motions. Inward motions seem to put a lot more physical stress on joints and tendons. Then again, if I rest my arm straight out to the side and bend my elbow at 90 degrees for a starting position, many mouse movements are much closer to baseline; any other position (including the positions used at work[2] and at home--where my computer is on the floor) seems to create difficulties. So, keyboard slide-out tray with mouse on the right marginalizes these complaints. Also for the touch pad guy, those things are FAST going up-right and down-left! Thumb or index finger on the pad. Middle finger on the pad. Raise thumb/index finger. Mouse jumps up-right (if you're right handed). They're not multi-touch and so they register this as a fast, long movement. [1]http://xkcd.com/386/ [2]http://img826.imageshack.us/img826/6742/img20120809105855.jpg -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Are UI developers all left handed?
Put your mouse pointer in the middle of the screen. Put your mouse somewhere you can grab it. Now reach out and grab the mouse. Where does the pointer end up? If it winds up in the top right of your screen, it seems you're right handed. Your arm just goes that way, and your wrist straightens to support the movement. It flexes outward more easily than inward, too. UNITY. Puts the control box (close, minimize, etc) in the top left. Of the entire screen. GNOME SHELL. The thing you have to hit to do anything is in the top left corner. Want to log out? That's in the top right, fastest thing you'll be able to hit ever. EVERYTHING puts menus left to right (the Help menu used to be on the far right, separate from all other menus, in Windows 3.1), but that's probably more for left-to-right text flow than anything. Also it keeps File from being too damn close to the big evil [X] button, but it's still slow and inconvenient. Why do UI designers insist on designing interfaces for left handed people? -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Are UI developers all left handed?
On Wed, Aug 8, 2012 at 1:15 PM, Jordon Bedwell jor...@envygeeks.com wrote: It has a lot of bearing for people. Proper usability testing would have pointed that out, and Canonicals decision not to allow the toolbar to be on the right if users wanted is completely ignorant, more ignorant then the joke of a Usability test Canonical did... And Gnome with the Activities button And Apple with MacOSX, which Unity mimics; though if I wanted to go on a tirade about Unity specifically, I'd say something about menus at the top of the screen (which has become relevant with 26 inch wide screen displays at 1920x1080, where maximizing things is ridiculous and so windows float around on the screen... 2 clicks to open File on that window over there instead of 1). UI design is something everyone's an expert in and nobody gets right. Focus groups and thick tomes on User Interface Design Principles and they still bring out ridiculousness. GNOME2 for example is so great precisely because it's familiar and sensible--it looks kind of like everything else, though with the panel at the top that's new territory for a Windows guy... but at least the menus are organized in a sensible way. Gnome Shell is closer. Tap Activities, everything is there. Start typing, it searches through programs. Mouse on the right side, play with virtual desktops. Drag and drop to move windows around, seriously point and grab. Seems like everything is in perfect context and works so obviously well... ... But then when you start trying to muck about with the stuff at the bottom right (notification icons), they don't always work as expected. Sometimes you get kicked back out to the desktop for unknown reasons trying to get information out of 'em. The notification at the bottom of the screen covers a third of it, in the center, but prevents mouse clicks from going through on that entire horizontal area (plug in a USB drive? The bottom 3 inches of your screen are unusable until you dismiss the pop-up!). Windows is a mess. Windows 7 is an even bigger mess, to the point that I can't figure out where stuff is. Now apparently I have Documents and Downloads and Pictures, I'm not sure where it all goes, some of this is new, some of it moved. I appear to have a Home folder now that CONTAINS Documents, and some stuff randomly saves there instead of My Documents ... oh, and inside there I have two folders named Desktop, two folders named My Documents, My Music, My Pictures, etc.. but only one Contacts or Downloads or Favorites folder. And they split these things that are Mine up between Favorites (Desktop, Downloads) and Libraries (Documents, Music, Pictures) on the navigation pane in Explorer, instead of just calling it all MY FREAKING STUFF. I hate Unity but I think I'd have trouble making a decent argument, given the above. Really I just want to know why EVERYTHING except Windows (which doesn't do anything useful in the first place) puts the useful stuff in the top left when it's ergonomically and biomechanically [B-B-B-BUZZWORD C-C-C-COMBO!] easier to move your hand away and outward from your body. I don't think we can really blame Canonical for that. -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Are UI developers all left handed?
On Wed, Aug 8, 2012 at 2:15 PM, Dale Amon a...@vnl.com wrote: On Wed, Aug 08, 2012 at 01:52:45PM -0400, John Moser wrote: I hate Unity but I think I'd have trouble making a decent argument, given the above. Really I just want to know why EVERYTHING except Windows (which doesn't do anything useful in the first place) puts the useful stuff in the top left when it's ergonomically and biomechanically [B-B-B-BUZZWORD C-C-C-COMBO!] easier to move your hand away and outward from your body. I don't think we can really blame Canonical for that. I can tell you the historical reasons. All windowing systems began with their coordinate systems with 0,0 in the upper left because that is where the scan lines begin. Lines are written from left to right, top to bottom. It was more difficult to correctly set the position of the upper right corner because there was not always a good way to get that info. And if your key controls were at (XMAX,0) and you got the screen size wrong, you were stuffed. Hush kids, this is actually interesting. You all can continue your little spat in a minute, the grown-ups are talking about old computers they programmed when Linus was still in diapers. Anyway that's all very fascinating, but how does that translate to the Activities menu in Gnome Shell getting up there? Or Canonical deliberately moving the control box to the top-left, Apple style? Your explanation seems satisfactory for Apple, since it's been running MacOS on a top-left control box scheme since inception. While we're reminiscing about the past, you know what's funny? I used Windows 3.0 and DOS and all, and I didn't even know the X worked until Windows 95. Didn't get Windows 95 until 1996 either. I was taught that you double-clicked the - button (top left corner in Windows 3.1, drops a menu of sorts when clicked) to close a window and never figured out what the control box did. It was quickly forgotten after I learned to maximize and minimize (and close!) windows years later. Dale Amon Who once in a time long ago and far away worked on a windowing system for a display graphic terminal output controlled by PDP-11 assembly code. -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Are UI developers all left handed?
On Wed, Aug 8, 2012 at 3:06 PM, Tom H tomh0...@gmail.com wrote: On Wed, Aug 8, 2012 at 11:25 AM, Phillip Susi ps...@ubuntu.com wrote: On 8/8/2012 11:01 AM, John Moser wrote: Put your mouse pointer in the middle of the screen. Put your mouse somewhere you can grab it. Now reach out and grab the mouse. Where does the pointer end up? It ends up in the middle of the screen; if you pick up the mouse off of the pad, it isn't going to move. AFAIU he means that the momentum of the right hand reaching for the mouse moves the pointer to the top right of the screen - or at least moves the pointer in that direction. Indeed, and the implication that away and out is the natural direction. Swinging my arm inward and pulling it toward me seems to put stress on tendons in the shoulder; when the arm is closer, it pushes against the torso; an inward wrist movement seems more stressful than an outward one; extending the fingers pushes the mouse away (and lowers the hand, straightening the wrist), curling them to pull is more awkward but also common (and tilts the hand upward, creating a sharp angle at the wrist and increasing stress throughout the motion). Though the fact that the fastest and most natural movement when initially grabbing for the mouse seems to be out and away does seem significant. -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
File systems
I've become disdained with Linux's pet filesystems as of late. This is for a few very simple reasons: - ext4 is attempting to be XFS - btrfs is trying to be ZFS Let's shoot down btrfs first, because it'll be easier. btrfs is an enterprise-scale management system similar to LLVM + $FILESYSTEM, more tightly integrated. It does a lot of ridiculous stuff trying to be a VFS layer as well as a filesystem, but that integration can be useful in specialized situations. First argument: Home desktop users don't need all that fancy stuff. This also argues that we don't need LLVM or ZFS on a home end user desktop. Servers, sure. Second argument: btrfs is immature. We know this already of course. It has a fsck that can't fix filesystem errors; it has a version that can, marked DO NOT USE WILL DESTROY YOUR DATA!!! Obviously, not production ready. To its merit, btrfs is also trying to be a decent stand-alone filesystem, and offers features like built-in compression etc etc. When it's mature (i.e. has non-broken fsck), it'll probably hold together better on technical merit than old-generation file systems. ext4 is a little harder to shoot down because the technical arguments mainly don't apply. I refer you to 2009: http://lwn.net/Articles/322973/ ext4 is the new XFS ext4 has always been about catching up to XFS. XFS is older, has had data loss problems due to exactly how it's proceeded to commit data to disk, and has had time to fix those bugs. Back in 2009, ext4 hadn't had time to fix some of those same data loss bugs that it inherited when it started being ext3-pretending-to-be-XFS; today, of course, much of that has gone. Argument 1: Why use pretend XFS? Really, ext4 was designed for two things: Semi-compatibility with ext3 (easy upgrade path, re-use of file system tools like tune2fs and debugfs and fsck) and pretending to be XFS. ext4's killer features are extents--which break the ability to mount ext4 as ext3 anymore--and the ability to convert to a lesser ext4 (without extents) by mounting ext3 as ext4. ext4 also has better performance because it added delayed allocation: it allocates space instead of specific blocks until it's ready to flush, and so it knows that 500 blocks will be in use but hasn't committed to WHICH 500 until it flushes--a feature XFS has had forever. New installations given ext4 will be non-compatible with ext3 and ext2. They won't need an upgrade path. Thus there is no strong argument for ext4. There's also not much of an argument AGAINST ext4. Yes, XFS is more mature; but ext4 is plenty mature by now, or the kernel developers are woefully and terminally too stupid to be allowed to write code--face it, ext4 has had a LOT of attention and should be at least as mature as any other file system implementation in Linux if not more so. That doesn't mean it doesn't have bugs; just that we can't ascribe any such bugs to it being too young and/or too much of a fringe FS (i.e. ReiserFS, JFS) to have had the attention needed to shape it into production quality. XFS and JFS both have one thing over ext4: dynamic inode allocation. This is of course a corner case feature, because who runs out of inodes? (I have once or twice). ext4 has something big over XFS though: you can shrink an ext4 partition, and nobody has done the legwork to make xfs shrinkable. Shrinking is a common case for people who want to get away from a filesystem--750GB used on 1TB, shrink the file system, create 250GB file system, copy 1/3 of the data, shrink the filesystem again, move the high partition down, grow it, copy more data in, shrink the file system again, create another filesystem, copy data into that, remove original file system and reformat as your target FS, move data into it, expand it, move data from the other FS into that, shrink the high FS, move it all the way right, expand the new FS, move the rest of the data over, remove the high FS, then fill the disk with the new FS. You can't do that with XFS, because you can't shrink XFS; you would have to use thin provisioning (dm-thinp) from the start. Then you could create a new file system in the same space as the old one, move some data into it, fstrim the old XFS, then move more data, repeat until all the data is moved, then drop the XFS provision. Nobody knows how to use thin provisioning, and it's ridiculous to manage; if a desktop wants to switch from one file system to another, they're more likely to resize and copy partitions repeatedly for 3 or 4 days, or use an external drive. Thus XFS not having shrink is big. Now if XFS had shrink, I would argue that XFS is probably better than chasing ext4 and zfs... er, btrfs... for the desktop; while btrfs is better for the server, or will be when it's production ready. I don't argue JFS because it's very little used, although IBM wrote it and we all know IBM is universally horrible at software so we could assume JFS doesn't work at all outside somebody's fantasy. As it stands,
[RFC] zswap for Precise, with script
Any thoughts on this? I wrote it on a whim after installing an SSD and completely disabling all swap. Haven't checked to see if Ubuntu supports hibernate to file yet (creating a hibernation file on demand would be optimal for me...) This works with kernel 3.2.0 ... 3.0 used num_devices as the parameter for zram, while 2.6.32 used num (I think). They keep changing the parameter name! This init script (sorry, I have no clue how to write an upstart job) will load zram, set one of its devices to a given size, create swap on it, and turn that swap on. It'll also deactivate the swap and free the associated RAM. Accepted sizes are half and quarter of installed RAM as gotten by MemTotal in /proc/meminfo; any size in bytes; or suffixed K, M, G sizes. /etc/default/zswap can contain the following variables: # Set to 1 to disable ZSWAP_DISABLED=0 # Number of /dev/zramX devices ZRAM_NUM_DEVICES=4 # Swap device is /dev/$ZSWAP_DEVICE ZSWAP_DEVICE=zram0 # Size ZSWAP_SIZE=quarter #! /bin/sh ### BEGIN INIT INFO # Provides: zswap # Required-Start:$syslog # Required-Stop: $syslog # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: Activate compressed swap ### END INIT INFO # # # Version: 1.0 john.r.mo...@gmail.com # # # It's also possible to resize the zswap by device hopping, i.e. # making a new one on /dev/zram1, swapon /dev/zram1, and then # swapoff /dev/zram0. This would be CPU intensive... # PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin DESC=Sets up compressed swap NAME=zswap SCRIPTNAME=/etc/init.d/$NAME # Default value ZRAM_NUM_DEVICES=4 ZSWAP_DEVICE=zram0 ZSWAP_SIZE=quarter # Read config file if it is present. if [ -r /etc/default/$NAME ]; then . /etc/default/$NAME fi # Gracefully exit if disabled [ $ZSWAP_DISABLED = 1 ] exit 0 is_numeric() { echo $@ | grep -q -v [^0-9] } #Takes: # zswap_to_bytes 524288 # zswap_to_bytes 512K # zswap_to_bytes 128M # zswap_to_bytes 2G # otherwise formed parameters are errors. zswap_to_bytes() { MODIFIER=${1#${1%?}} ZR_SIZE=${1: -1} # Numeric: just pass as-is if ( is_numeric ${1} ) ; then echo ${1} return 0 fi # If size isn't a number, if ! ( is_numeric ${ZR_SIZE} ) ; then echo 0 return 1 fi if [ ${MODIFIER} = K ]; then ZR_SIZE=$(( ZR_SIZE * 1024 )) elif [ ${MODIFIER} = M ]; then ZR_SIZE=$(( ZR_SIZE * 1024 * 1024 )) elif [ ${MODIFIER} = G ]; then ZR_SIZE=$(( ZR_SIZE * 1024 * 1024 * 1024 )) elif [ ! is_numeric ${MODIFIER} ]; then echo 0 return 1 fi echo $ZR_SIZE } # # Function that starts the daemon/service. # d_start() { ZSWAP_LOADED=0 swapon -s | cut -f 1 | grep /dev/${ZSWAP_DEVICE} ZSWAP_LOADED=1 if [ ${ZSWAP_LOADED} -eq 1 ]; then echo zswap already in use return 1 fi # this parameter name keeps changing with new kernel versions modprobe zram zram_num_devices=${ZRAM_NUM_DEVICES} # Does it now exist? if [ ! -b /dev/${ZSWAP_DEVICE} ]; then echo /dev/${ZSWAP_DEVICE} does not exist! return 1 fi # half or quarter size if [ ${ZSWAP_SIZE} = half -o ${ZSWAP_SIZE} = quarter ]; then MEM_SZ=$(cat /proc/meminfo | grep MemTotal | awk '{print $2}') if [ ${ZSWAP_SIZE} = half ]; then ZSWAP_SIZE=$(( MEM_SZ * 512 )) else ZSWAP_SIZE=$(( MEM_SZ * 256 )) fi else ZSWAP_SIZE=$( zswap_to_bytes $ZSWAP_SIZE ) if [ ${ZSWAP_SIZE} = 0 ]; then echo Invalid ZSWAP_SIZE return 1 fi fi echo $ZSWAP_SIZE /sys/block/${ZSWAP_DEVICE}/disksize mkswap /dev/${ZSWAP_DEVICE} swapon /dev/${ZSWAP_DEVICE} } # # Function that stops the daemon/service. # d_stop() { ZSWAP_LOADED=0 swapon -s | cut -f 1 | grep /dev/${ZSWAP_DEVICE} ZSWAP_LOADED=1 if [ ${ZSWAP_LOADED} != 1 ]; then echo zswap not in use return 1 fi if ! ( swapoff /dev/${ZSWAP_DEVICE} ); then echo Cannot de-activate compressed swap /dev/${ZSWAP_DEVICE}! return 1 fi # Double check this ZSWAP_LOADED=0 swapon -s | cut -f 1 | grep /dev/${ZSWAP_DEVICE} ZSWAP_LOADED=1 if [ ${ZSWAP_LOADED} = 1 ]; then echo zswap /dev/${ZSWAP_DEVICE} did not de-activate! return 1 fi # free the block device's memory echo 1 /sys/block/${ZSWAP_DEVICE}/reset modprobe -r zram } case $1 in start)
Re: Linux (or Ubuntu specific) tools to measure number of page faults
TIME=%Uuser %Ssystem %Eelapsed %PCPU (%Xtext+%Ddata %Mmax)k %Iinputs+%Ooutputs (%Fmajor+%Rminor)pagefaults %Wswaps time ls On 05/02/2012 10:08 PM, Alfred Zhong wrote: Thank you all so much! On Wed, May 2, 2012 at 5:47 AM, Colin Ian King colin.k...@canonical.com mailto:colin.k...@canonical.com wrote: On 01/05/12 02:53, Alfred Zhong wrote: Dear Ubuntu Developers, especially Kernel Hackers, This may be a stupid question, please excuse my ignorance. I am doing a project on Linux scheduler that trying to minimize number of page faults. I finished the algorithm implementation and I need to measure the effect. I am wondering if Linux provides tools to record number of page fault happened during the whole execution process? Basically, I want something like $ pfstat ./a.out page faults: 3 Execution Time: 1003 ms Is there such a tool? I want to make sure before deciding to write one by myself, which will be a lot of work... Thanks a lot! Alfred There are well defined APIs for collecting this kind of data, for example you can collect the rusage info for an exiting child process using wait3() or wait4(). References: man 2 wait3 man 2 rusage -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Tor application-firewall support
On 04/24/2012 08:49 AM, Paul Campbell wrote: There's been some discussion on this mailing list about application-firewalls, and I wanted to say a word about Ubuntu's inability to filter internet connections at the application-level. It's doable, just not pretty. I work as a freelance journalist. On many occasions I recommend the use of Tor to sources in middle eastern and southeast Asian countries. For their own safety, they need an anonymous way to upload things to the internet and in general to communicate online. Immediately assuming you've got the technical profile of a ZDNet columnist. When needing to use Tor, the source will activate the firewall software's user-created Tor Profile and then start a Tor browsing session. When finished browsing, the source will close Tor and change the firewall settings from the Tor Profile back to the default profile which in general allows all applications to connect to the internet. This setup ensures that no other applications accidentally connect to the internet during an active Tor session and reveal the source's true IP address. Vacuous. A connection from your IP address doesn't reveal your source address. The source address from your computer is stamped on every TOR packet: it's possible to determine that you're using TOR, regardless. Blocking other connections unrelated to TOR won't hide what you're doing under TOR; and having other connections (say to your e-mail, IRC, P2P, non-sensitive Web sites, etc.) doesn't jeopardize the secrecy of your TOR connection. Aside, has anyone considered that actively aiding a sovereign nation's population in accessing materials restricted from the general population's view is an active attack on that nation's procedurally declared national security, and a direct act of war? Not defending tyranny, just saying: you are committing an act of war. If we have extradition treaties with these people, it's perfectly reasonable for you to be arrested and shipped over there; and if our government refuses to do so, then the logical response in kind is for them to start bombing our soil. Some things are worth getting bloody for, and some things carry the implications but in practice those implications never pan out. You probably won't get extradited and nobody is going to start lobbing nukes just because of people helping crack the Great Arab Firewall. They could though; it's actually a reasonable response. Sincerely, Paul Campbell -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: How to install Precise without getting screwed?
On 04/08/2012 11:14 PM, Dane Mutters wrote: John, So, while I'm, in fact, all /for /speaking bluntly, I also see the quandary that speaking too bluntly produces when being wrong (for the owners of a work) would mean that the months they spent on a particular project would all be for nothing, should they admit that they were actually wrong. All things have a balance. Direct personal attacks are less useful than attacks on a particular feature you don't like; attacks by proxy are also more useful than direct personal attacks (I don't know what idiot came up with this... that idiot is somewhere, but he's at least able to shuffle back into the crowd and hide...). Directly grabbing the developer in question and giving them a severe public dressing down is just not constructive--let's ignore the issue and lob personal attacks instead now eh? (Thorough dressings down are for the rare situation where the person in question is a severely destructive idiot--this doesn't happen much, aside from that one coworker we've all had that gets paid to creates problems for everyone else.) Either way, getting *too* uncivil is a bad thing. Strong language can be very useful in some forums; but in forums where it's strongly inappropriate you should pick your tone well enough to have the same effect. Railing on something by proxy on a glancing blow may be overstepping the bounds of civility, or it might be a needed slap alongside the head for someone; continuing to ignore the feature itself and continuously use it purely as a proxy to insult someone is just malicious and useless. We don't want to degenerate into a forum of continuous flame wars in any case; but the truth is the occasional burn serves to remind us that fire is hot and we should really pay attention to what we're doing. While you don't want to burn your house down, you also really don't want to freeze to death. That all said, let's keep it civil. Or at least let's go for a farce. Plus it's fun to read people speaking frankly, though if you spoke like a Franc I guess you'd have to use a lot more accents and apostrophes. Well said. ;-) If only brevity was my strong point. --Dane -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: cpufreqd as standard install?
On 03/03/2012 12:13 AM, Phillip Susi wrote: On 02/29/2012 04:40 PM, John Moser wrote: At full load (encoding a video), it eventually reaches 80C and the system shuts down. It sounds like you have some broken hardware. The stock heatsink and fan are designed to keep the cpu from overheating under full load at the design frequency and voltage. You might want to verify that your motherboard is driving the cpu at the correct frequency and voltage. Possibly. The only other use case I can think of is when ambient temperature is hot. Remember server rooms use air conditioning; I did find that for a while my machine would quickly overheat if the room temperature was above 79F, and so kept the room at 75F. The heat sink was completely clogged with dust at the time, though, which is why I recently cleaned and inspected it and checked all the fan speed monitors and motherboard settings to make sure everything was running as appropriate. In any case if the A/C goes down in a server room, it would be nice to have the system CPU frequency scaling kick in and take the clock speed down before the chip overheats. Modern servers--for example, the new revision of the Dell PowerEdge II and III as per 4 or 5 years ago--lean on their low-power capabilities, and modern data centers use a centralized DC converter and high voltage (220V) DC mains in the data center to reduce power waste because of the high cost of electricity. It's extremely likely that said servers would provide a low enough clock speed to not overheat without air conditioning, which is an emergency situation. Of course, the side benefit of not overheating desktops with inadequate cooling or faulty motherboard behavior is simply a bonus. Still, I believe in fault tolerance. I currently have cpufreqd configured to clock to 1.8GHz at 73C, and move to the ondemand governor at 70C. This need for manual configuring is a good reason why it is not a candidate for standard install. I've attached a configuration that generically uses sensors (i.e. if the program 'sensors' gives useful output, this works). It's just one core though (a multi-core system reads the same temperature for them all, as it's per-CPU); you can easily automatically generate this. Mind you on the topic of automatic generation, 80C is a hard limit. It just is. My machine reports (through sensors) +95.0C as Critical, but my BIOS shuts down the system at +80.0C immediately. Silicon physically does not tolerate temperatures above 80.0C well at all; if a chip claims it can run at 95.0C it's lying. Even SOD-CMOS doesn't tolerate those temperatures. As well, again, you could write some generic profiles that detect when the system is running on battery (UPS, laptop) and make appreciable adjustments based on how much battery life is left. At 73C, the system switches from 1.9GHz to 1.8GHz. Ten seconds later, it's at 70C and switches back to 1.9GHz. 41 seconds after that, it reaches 73C again and switches to 1.8GHz. That means at stock frequency (1.9GHz) with stock cooling equipment, the CPU overheats under full load. Clocked 0.1GHz slower than its rated speed, it rapidly cools. Which is ridiculous; who designed this thing? This sounds like your motherboard is overvolting the cpu in that 1.9 GHz stepping. Possibly, but the settings are all default, nothing set to overclock (it has jumper free overclocking configuration, but the option Standard is default for clock rate and voltage settings, which I assume the CPU supplies). Basically the argument here is between Supply fault tolerance and Well your motherboard is [old|poorly designed] so buy a new one. That's an excellent argument for hard drives (I have, in fact, suggested in the past that Ubuntu monitor hard disks for behavior indicative of dying drives--SMART errors, IDE RESET commands because the drive hangs, etc--and begin annoying the user with messages about the SEVERE risk of extreme data loss if he doesn't back up his data), but really if my mobo/CPU is aging and the CPU runs a little hot I'm not going to cry when the CPU suddenly burns out and my machine shuts down. I'll be confused, annoyed, but I'll buy a new one--I might buy an entire new computer, unaware that just my CPU is broken, and shove the hard drive in there. So there's no harm in allowing the user's hardware to go ahead and burn itself out if you think that's what's going on here. By all means that doesn't mean you can't have a diagnostic center somewhere that the user can review and see the whole collection. Ethernet: Lots of garbage [Possibly: Faulty switch, faulty NIC, another computer with a chattering NIC spewing packets]. CPU: Overheats under high CPU load [Possibly: Dust-clogged CPU heat sink, failing CPU fan, overclocking, failing CPU, failing motherboard voltage regulators, buggy motherboard BIOS]. /!\ Hard drive: Freezes and needs IDE Resets [Possibly: Dying
Re: zram swap on Desktop
On 03/03/2012 12:05 AM, Phillip Susi wrote: On 02/27/2012 08:58 PM, John Moser wrote: I believe that swap space is only actually freed when the memory it is backing is freed. In other words, if the process frees the memory, the swap is freed, but when the page is read back in from swap, it is left in swap so that the page can be discarded again in the future without having to write it back out again. This can lead to some wasted memory by having pages still in zswap that have also been moved back into regular ram. This may be true. Also zswap seems to not bother compacting until it's being added to, so it bloats and then doesn't shrink much. For example you can put 500MB into zswap at 29% compression ratio and 30% total memory usage, free 200MB and have it stay at 29% compression ratio with the actual data 70MB smaller ... but around 40% total memory usage because you only saved 20MB of RAM, as fragmentation left a lot of empty space in the zswap in pages that also contain in-use compressed data. It doesn't background compact. - Desktops may benefit by eschewing physical swap for RAM * But this breaks suspend-to-disk; then again, so does everything: + Who has a 16GB swap partition? Many people have 4GB, 8GB, 16GB RAM + The moment RAM + SWAP - CACHE TOTAL_SWAP, suspend to disk breaks Cache can be discarded at hibernate time, so you only need RAM + SWAP. Also people generally don't go to hibernate while that much ram is in use, and almost never have much swap used. Also, I *think* I saw a patch somewhere recently to address this by avoiding the zswap device for hibernation and falling back to other swaps instead. Well I mean I shut off my VMs and all. A quick glance and some math at top tells me right now I'm using 2.3GB ... and there's nothing I'd want to close if I decided to hibernate my computer for the night. Closing down programs sort of defeats the purpose. Maybe LibreOffice. It looks like CleanCache/CompCache is a better solution since it avoids the step of emulating a block device. zcache on cleancache is just for compressing page cache (file backed), not swap (anonymous). zcache on freeswap is the solution for compressing swap without a block device, also written by the zram guy, not sure how to configure it though. CleanCache and zcache are in 3.2 staging, freeswap is not. For what it's worth I'm running both zram swap and CleanCache zcache in tandem; one does not affect the other. I've tested this running Ubuntu 11.10 at 288MB of RAM, which is painful; it's crippling MUCH faster without zcache enabled. http://i.imgur.com/aAeSE.png All of the above is swap on zram, no disk backed device. With zcache enabled and two CPUs (kswapd uses 60%-70% CPU like this!) I can get this far with about 20-25MB of page cache, and then I can still raise and lower Firefox and open a new tab in gnome-terminal to run killall on Firefox (attempting to close Firefox was taking too long for dialog boxes to load and draw--it annoyed me). I'm pretty sure zram will be superceded by zcache on freeswap. zcache is a tmem backend, freeswap and CleanCache are freemem frontends. Any backend can be used on any frontend, so when (if) the freeswap frontend goes into mainline zcache will load onto that. zcache is zram, it uses zram's xvmalloc when running on freeswap (uses a different allocator on page cache) and everything, it's even written by the same guy. zcache is just zram ported to tmem, which makes it both the same and separate--it is zram, but it's not zram. As tmem looks like the way the kernel is moving in the future, zram will probably go away--the appropriate compressed in-memory file system is tmpfs with zswap, as RAM used to back tmpfs can be swapped and thus zcache and zram will both act to compress tmpfs, so zram's usefulness as a block device in RAM that can house a compressed file system is limited. Of course, that theory then raises the question: what about when you don't have swap? Does the kernel make its swapping decisions and then ask freeswap if it's got something to do with this memory when you don't actually have any swap space? (i.e. attempting to swap without swap) Anyway in the end I feel the situation boils down to this: You get an Intel CPU these days and it comes with 6 cores. What do you do with 6 cores? You run some pretty extreme applications. What does your average desktop do with 6 cores with hyperthreading enabled running 12 way SMP? It uses 1-2 cores ... what do you do with the other 10? Run compression/decompression and compact fragmented compressed swap, what else? On something like i.e. the XO laptop where RAM is limited, it's simply a necessity*. On a desktop with a smaller RAM space and a slower CPU, it's a livable trade-off that does enhance performance some (it's a godsend on a dual core with just 512MB RAM trying to run Unity). *I believe the use is different
cpufreqd as standard install?
Has anyone considered cpufreqd in standard install? I have a 1.9GHz Athlon 64 X-2 with stock heat sink (recently cleaned and inspected) and fan (operating at 3200RPM). Its clock rates are 1.9GHz, 1.8GHz, and 1.0GHz. At full load (encoding a video), it eventually reaches 80C and the system shuts down. I currently have cpufreqd configured to clock to 1.8GHz at 73C, and move to the ondemand governor at 70C. At 73C, the system switches from 1.9GHz to 1.8GHz. Ten seconds later, it's at 70C and switches back to 1.9GHz. 41 seconds after that, it reaches 73C again and switches to 1.8GHz. That means at stock frequency (1.9GHz) with stock cooling equipment, the CPU overheats under full load. Clocked 0.1GHz slower than its rated speed, it rapidly cools. Which is ridiculous; who designed this thing? Besides this, it would be possible to enter power save mode on laptops and UPS based on battery life remaining. -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
zram swap on Desktop
I've been toying with zram swap on the desktop, under Ubuntu Precise. It looks like a good candidate for a major feature in the next version; Precise is currently in feature freeze. Yes, implementing this would involve just a single Upstart script; but it's a major change to the memory system in practice, thus a major feature. I am not pushing this for implementation in Precise. Looking for comments on if I should spec this out and put it up on Launchpad as a goal for Precise+1, and maybe additional testing if anyone cares to. The justification for this is as follows: The zram device dynamically allocates RAM to store a block device in compressed blocks. The device has a fixed size, but zram only allocates RAM when it needs it. When the kernel frees swap, it now informs the underlying device; thus zram releases that RAM back to the system. Similarly, when a file system frees a block, it now also informs the underlying device; zram supports this. Because of all this, you can feasibly actually have a swap device on RAM the size of your entire RAM and nothing will happen until you start swapping--you can have 2GB of RAM, a 2GB zram block device, mkswap on it, and activate it. Nothing will happen until it was time to start swapping anyway, in which case it'll work. That means zram swap devices have no negative impact by design. They could only have a negative impact if they were slower than regular RAM (purpose defeating) or if the driver had bugs (obviously wrong and should be fixed). All this basically means a number of things, in theory: - The LiveCD should activate a zram0 swap device immediately at boot, equivalent to the size of physical RAM. * Immediately at boot is feasible as soon as /sys and /dev are accessible. * tmpfs swaps, so tmpfs inherits compression! - Desktops may benefit by eschewing physical swap for RAM * But this breaks suspend-to-disk; then again, so does everything: + Who has a 16GB swap partition? Many people have 4GB, 8GB, 16GB RAM + The moment RAM + SWAP - CACHE TOTAL_SWAP, suspend to disk breaks - Servers may benefit greatly by eschewing physical swap for RAM * More RAM means an even bigger impact * Suspend to disk isn't important Also for consideration is that Linux doesn't (to my knowledge) differentiate between fast and Slow swap and won't start moving really old stuff out of zram0 and onto regular disk swap if you have both. This naturally means that the oldest, least used stuff would tend to float to zram0 if you had both. ON TO THE TESTS! The test conditions are as such: - Limited RAM to 2GB with mem=2G - Running a normal desktop: Xchat, bitlbee, Thunderbird, Rhythmbox, Chromium - Memory pressure occasionally supplied by VirtualBox In this case, I ran under 2GB with a 1.5GB swap as such: $ sudo -i # echo 1610612736 /sys/block/zram0/disksize # mkswap /dev/zram0 # swapon /dev/zram0 # swapoff /dev/sda5 My swap device is now solely zram0. I have attached an analysis script that analyzes /sys/block/zram0/ CURSORY RESULTS: ===STAGE 1=== Condition: VirtualBox running Windows XP and Ubuntu 11.4 from LiveCD (two VMs). Memory looks like: Mem: 2051396k total, 1997028k used,54368k free, 92k buffers Swap: 1572860k total, 945784k used, 627076k free,51576k cached Every 2.0s: ./zram_stat.sh Mon Feb 27 17:09:40 2012 Current Predicted Original: 922M1536M Compressed: 262M Total mem use: 269M448M Saved: 652M1087M Ratio: 29% (28%) Physical RAM: 2003M Effective RAM: 2656M (3090M) [Explanation of zram_stat.sh: Current data in zram0; Compresesd data size; Total size of zram0 in memory including fragmentation, padding, etc; RAM saved by compression; size, i.e. 4M becomes 1M then size is 25%; Effective RAM = physical RAM + Saved RAM. The Predicted column assumes the same Ratio and a full swap device on zram0.] In this case, the machine was extremely slow due to constant hammering of the disk. I was quite aware of the reason: not enough disk cache, thus lots of reading libraries off disk. I tried adjusting /proc/sys/vm/swappiness=100 but no luck. ===STAGE 2=== I closed the VirtualBox machine running the Ubuntu installer. Mem: 2051396k total, 1614096k used, 437300k free, 192k buffers Swap: 1572860k total, 860040k used, 712820k free, 138940k cached Current Predicted Original: 821M1536M Compressed: 240M Total mem use: 267M499M Saved: 554M1036M Ratio: 32% (29%) Physical RAM: 2003M Effective RAM: 2558M (3040M) Notice that 100M was in swap and about 475M got freed in actual RAM, almost 90MB of which went directly to cache. That's how much cache pressure there was. The machine is now quite
Re: Ubuntu should move all binaries to /usr/bin/
On Tue, Nov 1, 2011 at 3:01 PM, nick rundy nru...@hotmail.com wrote: I came to ubuntu from Windows. And one thing Windows does well is make it easy to find an executable file (i.e., it's in C:\Program Files\). Finding an executable file in Ubuntu is frustrating lacks organization that makes sense to users. Fedora is considering a fix for this issue. I think Ubuntu should do the same. ABSOLUTELY NOT. System binaries for administrative and basic shell tools go into /bin and /sbin. Libraries go into /lib. This is well-known, it is documented, it is standard. A system that cannot boot to the point of mounting or giving a basic recovery console without /usr is not functional. We are not Windows. We do not go breaking standards that are well-defined and reasoned for a variety of flexible use cases because we think it would be better in some invisible way. You want to find a binary? Here, I've solved this problem for you, completely. It's easy. Do this: luser$ which ls luser$ which gnome-session luser$ which synaptic If it isn't in your path, then it's broken. Something strange has happened. Yes, some applications (Mozilla...) do use a small shell script that loads a binary from /usr/libexec/mozilla/bin/ and I find this annoying and ill-designed. That's part of what XULrunner was supposed to fix: a single Mozilla libs install to run all XUL apps. I loudly proclaim that reusable code should not have one copy installed as a separate library for each time it is reused, and that this behavior is inconsistent and broken--that changing it will cause the system to become nonfunctional means the brokenness isn't in where we've installed it, but how the program was designed. I wonder how many shell scripts will break when /bin/sh and /bin/bash aren't there anymore. Here's a link to an article that talks about Fedora's idea: http://www.h-online.com/open/news/item/Fedora-considers-moving-all-binaries-to-usr-bin-1369642.html?view=print -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Secure attention Key: Login and GkSudo
On Sun, Oct 30, 2011 at 9:21 AM, staticd staticd.growthecomm...@gmail.com wrote: The Secure Access key(SAK) is a key combination captured/capturable only by the OS. It can be used to initiate authentication interfaces where the user is sure that the keys are being captured only by the OS. This feature is present on windows(Ctrl+Alt+Del) to initiate logon. Enjoy the kool-ade. I think these two steps will help make ubuntu even more secure, and help prepare it for a large non technical userbase. What do you think? Windows NT is designed so that, unless system security is already compromised in some other way, only the Winlogon process, a trusted system process, can receive notification of this keystroke combination. This is because the kernel remembers the process ID of the Winlogon process, and allows only that process to receive the notification. So says Wikipedia. Interestingly, VMWare catches the sequence as well. While it is true that the SAK will trigger a kernel event, it is also true that the major method of bypass isn't going to be anything so simple as hacking the log-in dialog or gksudo prompt. No, that won't work. What you want to do is spoof the user with gksudo itself. Try this: - Open a terminal - gksudo /usr/bin/ls - Examine the dialog box - Cancel without inputting password. - gksudo ls - Examine the dialog box - Cancel out See a difference? Now try adding $HOME/.system/ to your $PATH as the first member. Put a shell script called 'synaptic' into it: #!/bin/sh synaptic cp ~/.system/cfg `which gksudo` chmod u=srwx,go=rx `which gksudo` Now create a launcher that says Synaptic in the menu, to replace the current Synaptic launcher. Viola! -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Secure attention Key: Login and GkSudo
On Sun, Oct 30, 2011 at 9:37 AM, John Moser john.r.mo...@gmail.com wrote: #!/bin/sh synaptic cp ~/.system/cfg `which gksudo` chmod u=srwx,go=rx `which gksudo` Sorry, that would be '/usr/bin/synaptic ' Of course. -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Ubuntu System Restore
The simple way to create a restore point system ... ... is to mount / as an overlay FS, which you periodically merge (to remove prior restore points), condense into a squashfs (to take a point backup), or wipe (to restore to backup). This of course means /home should be its own partition. On Sun, Oct 30, 2011 at 4:40 PM, Bear Giles bgi...@coyotesong.com wrote: You need to either have a local repository or download from the internet again. I've used 'apt-mirror' in the past to maintain a local cache but that was when I was building local systems with a minimal Debian installer. I don't even know if the standard Ubuntu installer can load off a local cache. (I guess the process is to do the install without updates, change your sources.list files, then upgrade from the cache.) It's also worth remembering that the specific versions of your packages may not be available when you need to restore your system. This is usually a good thing since more recent versions have a shot at preventing whatever caused you to lose your system in the first place (e.g., closing vulnerabilities) but some people may need to restore the system exactly. On checksums - I checked my system and almost none of the conffiles have checksums. (In fact that may be against packaging standards - I would have to check.) That's a bummer since it means that there's no easy way of seeing what's changed unless you peek into the .deb file. There are some deb tools that can do this but since I can do it programmatically I usually just did that. The 'monster diff' is just a comment on the number of files involved. What I actually did create two lists, one generated by walking the filesystem and the other generated by concatenating all of the *.files and *.md5sums metadata and then comparing them. I did this programmatically but you could also create actual files, sort them, and then run a diff on them. IIRC I typically had over 70k files. On Fri, Oct 28, 2011 at 3:33 AM, Gaurav Saxena grvsaxena...@gmail.com wrote: Hello all On Fri, Oct 7, 2011 at 4:45 AM, Bear Giles bgi...@coyotesong.com wrote: I've written a few prototypes and this comes down to four issues. Some of the details below are debian/ubuntu-specific but the same concepts will apply to redhat. 1. User data (/home) must be backed up explicitly. (ditto server data on servers). 2. Packages should NOT be backed up. All you need is the package name and version. Reinstall from .deb and .rpm if necessary since this way you're sure that you never restore compromised files. But it might be possible that the package files are not available on the system. That means for all the packages installed the .deb files need to be downloaded from the internet for restore purpose ? 3. Configuration data (/etc) must be backed up explicitly. This is tricky because backing up the entire directory will cause its own problems. Worse, some applications keep their configuration files elsewhere. The best solution I've found is to scan the package metadata to identify configuration files and to only save those with a different checksum than the standard file. Ok. Nice idea indeed , but is there checksum associated with the files in the package ? Or that can be calculated at the time of restore ? What you say ? 4. Local files. Ideally everyone would keep these files under /usr/local and /opt but that's rarely the case. The best solution I've found is to scan the debian package metadata and do a monster diff between what's on the filesystem under /bin, /sbin, /usr and (chunks of) /var with what's in the metadata. Could you suggest me some way of scanning the debian package metadata without actually downloading the packages? and how to this monster diff ? It's worth noting that the last item isn't that hard if you have a strict security policy that everything under those directories MUST be in a package. It's deleted without a second thought if it's not. You can still do everything you could before, you just need to create a local package for it. So what do you do with this? The best solution, which I haven't implemented yet, is to handle #2 and #3 with autogenerated packages. You set up one or more local packages that will install the right software and then overwrite the configuration files. You can fit everything, including original package archive, on a single DVD. Could you please tell some detail about autogenerated packages ? Like if we have a list of packages installed on the system, We need to reinstall those all softwares and remove those which are installed after the restore point? BTW Debian has a C++ interface to the package metadata. I've never used it - I find it easier to just scan the metadata directory myself. There's also hooks that will allow your application to be called at each step during a package installation or removal. You could, in theory, keep your snapshots current to the last minute that way. So
QTstalker is 0.32, but 3 years ago 0.36 was released?
qtstalker in the repos is way behind. The new version tracks candlestick indicators. :( -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Very odd issue, dead spots on screen
I can't click links or pictures or highlight text... so I unmaximize Chrome, move it, and then click it. Can't highlight in any other app either ... it's that rectangle of the screen, it's like there's an invisible window overlayed and I can't click or right click through it. I don't know how to diagnose this. -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Chromium vs Firefox?
Has anyone yet brought up the potential to ship Chromium default rather than Firefox? At this point it's more advanced methinks, with the only likely complaint being that you can't add NoScript or AdBlock+. Ubuntu doesn't ship these default anyway; if you want those things, you can get Firefox yourself, as you likely already know what you're doing. For the privacy discussion, see SRWare Iron as a potential source of ideas for changes to back-merge (or options to add). -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Chromium vs Firefox?
This has not been my experience. Flash seems to crash a lot in chromium, but it doesn't take it down. I've had Chromium blow out completely once, and once I've had every single page in it turn to Sad Browser. But that was around Chromium 5. Firefox has been doing better, but it only seems to handle a Flash crash once or twice: after the first crash, if you reload a page with Flash, Flash will likely crash AGAIN very quickly and tear down the whole browser. Firefox also tends to go down if you have too much crap going on, i.e. if you load a page that runs excessive scripts or brings in too many GIF images. The whole UI will lag (Firefox 4 too), and often crash if it comes under too much load doing too many things (race conditions?). I've never seen Firefox actually free memory by closing a tab. Chromium has been a lot faster and a lot more stable for me. I use Firefox 4 at work and Chromium at home, and I'm constantly restarting Firefox after it crashes. I switched to Firefox 3 for a time, it's more stable but still crashes--a lot less than 4, but 2-3 times a week. Also, when one tab in Chromium is lagged down to the point of complete and total browser crawl, you can still switch to other tabs and use them like nothing is happening. So eh. What's unstable? On 05/01/2011 10:54 AM, Alexandre Strube wrote: Define more advanced. It is also less stable. On Sun, May 1, 2011 at 4:36 PM, John Moser john.r.mo...@gmail.com mailto:john.r.mo...@gmail.com wrote: Has anyone yet brought up the potential to ship Chromium default rather than Firefox? At this point it's more advanced methinks, with the only likely complaint being that you can't add NoScript or AdBlock+. Ubuntu doesn't ship these default anyway; if you want those things, you can get Firefox yourself, as you likely already know what you're doing. For the privacy discussion, see SRWare Iron as a potential source of ideas for changes to back-merge (or options to add). -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com mailto:Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss -- [] Alexandre Strube su...@ubuntu.com mailto:su...@ubuntu.com -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Chromium vs Firefox?
On 05/01/2011 01:28 PM, Jason Todd wrote: Chromium/Chrome has a lot of problems that Firefox doesn't have. The only substantial advantages that Chromium/Chrome has is its multi-process design (stability), it starts faster, and its nifty method of showing downloads at the bottom of the browser window. And when Firefox gets Electrolysis implemented the stability advantage of Chrome will be eliminated. I like its smart form filling stuff too, but that's me. (If I start typing my name, it'll give me options to pick sets of data I filled before, and try to fill in the whole form for me based on what I entered in other, completely different forms) Here are some of the problems I have with Chrome/Chromium: -lacks NoScript functionality http://code.google.com/p/chromium/issues/detail?id=54257 Not standard in Ubuntu, if you want that you can install Firefox. Already stated. Also: Chromium does not have $FAVORITE_FIREFOX_EXTENSION WHY IS THERE NO BRIEF FOR CHROMIUM!?!? -cannot handle MMS URL streams http://code.google.com/p/chromium/issues/detail?id=47154 No comment (don't care about this) -can't close single window via keyboard http://code.google.com/p/chromium/issues/detail?id=80424#c0 I just tried CTRL+N, CTRL+T, creates multiple tabs in new window. CTRL+W closes a separate tab, until you run out of tabs and close the window; ALT+F4 just drops the whole window. Your argument is invalid. -Private/Incognito does not apply to all windows http://code.google.com/p/chromium/issues/detail?id=79689#c0 I thought these were supposed to apply to individual tabs? I don't know about Incognito mode so I won't comment. -cursor functions fail when gtkrc 2.0 tooltips are turned off http://code.google.com/p/chromium/issues/detail?id=77821#c0 -can't cycle thru dropdown list with TAB key http://code.google.com/p/chromium/issues/detail?id=77607#c0 -the dropdown list does not list bookmark occurrences as thoroughly as Firefox does (I can explain more thoroughly if needed) -it is not possible to place a dropdown Bookmarks Button on the URL bar (users are forced to use crappy 3rd party options) I have no clue about these things -inability to customize/move Button placements on the URL bar Customization of the UI indicates to me that you are not used to the UI being given you, thus it is not your favorite program, thus you will probably want to install Opera instead of trying to make Firefox/Chrome look like Opera. -can't reopen closed tabs if in Incognito mode -Firefox is faster on many benchmarks http://download.cnet.com/8301-2007_4-20047314-12.html IE is faster on many benchmarks. There is a whole class of arguments about benchmarks and why they don't work. This is why graphics card reviewers pull out games and look at the FPS: actual performance often doesn't correlate to the benchmarks at all. -there is no print preview Hadn't noticed, as I don't own a printer. Print preview in Firefox ... I haven't used in ages, because it was always buggy somehow. Like it would show me 30 pages and print half of one, and I couldn't understand why (this was on a certain web site that generated a transcript for a college). But that's neither here nor there. -there is no quick method of reviewing Recent Bookmarks without drilling down into windows/menus I've forgotten what a bookmark is... I like Chrome a lot. But it can't compete with Firefox as a fully capable and mature browser. It's better as a minimalist occasional use browser. Dunno, I switched away from Firefox because Chromium was far more stable, faster (UI wise), and faster (rendering-wise). It handles JavaScript well (unlike Dillo), it renders properly, and I like its new tab page over a blank tab. Firefox 4 has that tab sorting thing, though, which I really wish was in Chromium. Well, not really; but I use it when it's there. Date: Sun, 1 May 2011 10:36:45 -0400 From: john.r.mo...@gmail.com To: ubuntu-devel-discuss@lists.ubuntu.com Subject: Chromium vs Firefox? Has anyone yet brought up the potential to ship Chromium default rather than Firefox? At this point it's more advanced methinks, with the only likely complaint being that you can't add NoScript or AdBlock+. Ubuntu doesn't ship these default anyway; if you want those things, you can get Firefox yourself, as you likely already know what you're doing. For the privacy discussion, see SRWare Iron as a potential source of ideas for changes to back-merge (or options to add). -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Congrats on 11.04
By contrast, I am struggling to get rid of this horrible Unity thing and get Gnome Shell. Ubuntu is pulling a Microsoft by using its clout to push a product and kill another; they can make Unity default, but they've actively removed Gnome Shell to the tune of ...well the PPAs all say THIS CAN BREAK YOUR SYSTEM!!! Scariness. So the lesson here is that rather than see Ubuntu users go to Gnome Shell, they're making them leave, which is higher impedence and so the number of users who will migrate off Ubuntu is a subset of those who would instal Gnome Shell. Another subset is people like me who now have 80% of the desktop environment coming out of a PPA. The Gnome developers are also upset at Canonical. No idea why. On Apr 29, 2011 9:01 PM, Chris Jones chrisjo...@comcen.com.au wrote: Just a quick congrats on the 11.04 release. I was previously running Fedora and openSUSE because I was angry with the previous state of Ubuntu. Yet the 11.04 release has made me return. Well done to all the developers and all others involved to make such an awesome release possible. Cheers and regards. -- PHOTO RESOLUTIONS - Photo - Graphic - Web C and L Jones - Proprietors ABN: 98 317 740 240 WWW: http://photoresolutions.freehostia.com @: chrisjo...@comcen.com.au or photoresoluti...@comcen.com.au cjlinux...@gmail.com Command lines and Linux terminals are my comfort zone! OS: Ubuntu 11.04 System: Linux 2.6.38 x86_64 Desktop: Unity OS: Windows XP System: x86 Desktop: Professional SP3 OS: FreeBSD 7.3 System: 7.3-RELEASE-p3 i386 Server: WebUI+putty -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss