Bug#876363: octave fetches network resources when network access disabled
On Thu, Apr 05, 2018 at 15:31:06 +0100, D Haley wrote: > Do we know if there is a particular commit that upstream applied to fix > this? FTR, it was fixed in this upstream commit https://hg.savannah.gnu.org/hgweb/octave/rev/1265c7f0119a And this fix is included in the upcoming Octave 4.4 release. -- mike signature.asc Description: PGP signature
Bug#876363: octave fetches network resources when network access disabled
Ah, ignore my last. I had incorrectly read the version numbering - I am still running the same version as originally reported. Apologies for the noise. On 22/09/17 16:53, Mike Miller wrote: > Control: forwarded -1 https://savannah.gnu.org/bugs/?52090 > > On Thu, Sep 21, 2017 at 23:03:57 +0100, D Haley wrote: >> 1) The GUI should be clear as to what setting the backend is currently >> using. I think it is a concern that there are two settings that have the >> capacity to be "out-of-sync". > > I've filed upstream bug https://savannah.gnu.org/bugs/?52090 to resolve > this in Octave, so at least the settings and their behavior will agree. > > Feel free to participate there, or reply here if you think I got > something wrong in capturing this problem. > >> 2) From a debian user's/policy perspective, I think the GUI should >> default to not using a network connection for an application where this >> might be surprising to an end user. Either querying the user again, or >> defaulting to false would be best > > I will try to push for upstream to keep the default value to false. A > compromise position might be to have the first run dialog suggest that > it be enabled, but if the setting is ever deleted manually or corrupted > or unable to read in any way, it should always default to disabled. >
Bug#876363: octave fetches network resources when network access disabled
Hi, > I will try to push for upstream to keep the default value to false. A > compromise position might be to have the first run dialog suggest that > it be enabled, but if the setting is ever deleted manually or corrupted > or unable to read in any way, it should always default to disabled. > I've noticed this problem again on my current octave install. Triggering it is a little tricky, as it does not always pop up, but perhaps only launches if there is a change on the remote server. Do we know if there is a particular commit that upstream applied to fix this? Here is the info from my system $ octave --version GNU Octave, version 4.0.3 Copyright (C) 2016 John W. Eaton and others. This is free software; see the source code for copying conditions. There is ABSOLUTELY NO WARRANTY; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. ... $ grep allow_web_connection ~/.config/octave/qt-settings $ $ head ~/.config/octave/qt-settings [General] connectOnStartup=true showMessageOfTheDay=true showTopic=true customFileEditor=emacs +%l %f autoIdentification=false useProxyServer=false proxyType= proxyHostName=none proxyPort=8080 $ $ apt show octave | head -n 5 WARNING: apt does not have a stable CLI interface. Use with caution in scripts. Package: octave Version: 4.0.3-3 Priority: optional Section: math Maintainer: Debian Octave Group$ In the QT UI, the "Allow Octave to connect to the Octave web site" is unchecked, however periodically, I still receive updates from their remote website (new versions available). Is it an option to just patch out their network access entirely in the debian package? This would seem the much safer route, as accessing a random network resource on untrusted networks (even if you do have https, which I am unsure if it is the case), seems non-ideal, and contrary to policy. Thanks!
Bug#876363: octave fetches network resources when network access disabled
Control: forwarded -1 https://savannah.gnu.org/bugs/?52090 On Thu, Sep 21, 2017 at 23:03:57 +0100, D Haley wrote: > 1) The GUI should be clear as to what setting the backend is currently > using. I think it is a concern that there are two settings that have the > capacity to be "out-of-sync". I've filed upstream bug https://savannah.gnu.org/bugs/?52090 to resolve this in Octave, so at least the settings and their behavior will agree. Feel free to participate there, or reply here if you think I got something wrong in capturing this problem. > 2) From a debian user's/policy perspective, I think the GUI should > default to not using a network connection for an application where this > might be surprising to an end user. Either querying the user again, or > defaulting to false would be best I will try to push for upstream to keep the default value to false. A compromise position might be to have the first run dialog suggest that it be enabled, but if the setting is ever deleted manually or corrupted or unable to read in any way, it should always default to disabled. -- mike signature.asc Description: PGP signature
Bug#876363: octave fetches network resources when network access disabled
Thanks for keeping tabs here, I've been using --force-gui for some time now, before it was the default. May or may not be a useful tidbit. > Is it possible the qt-settings file is created by something other than > Octave on your system? I've only been using the current debian packages, and nothing special, so no, I don't think there is any other software altering this file. I've certainly not been playing with it, and this is a single-user system. > Do you think there is any remaining issue here, or do you consider this > resolved by fixing the configuration file on your end? > > Or is the only issue here that the settings dialog implies that the > missing value defaults to 'false', while the actual behavior is to > interpret a missing value as 'true'? I don't think it is resolved - other people could have the same issue and not realise. I think there are two points, the first is more important than the second: 1) The GUI should be clear as to what setting the backend is currently using. I think it is a concern that there are two settings that have the capacity to be "out-of-sync". 2) From a debian user's/policy perspective, I think the GUI should default to not using a network connection for an application where this might be surprising to an end user. Either querying the user again, or defaulting to false would be best Thanks! On 21.09.2017 22:56, Mike Miller wrote: > Is it possible the qt-settings file is created by something other than > Octave on your system?
Bug#876363: octave fetches network resources when network access disabled
On Thu, Sep 21, 2017 at 19:56:30 +0100, D Haley wrote: > It looks like the QT UI does not match what happens internally in Octave > if the line is absent from the file. > > If the line "allow_web_connection=true" is present, then the web > connection proceeds, and the network tab in settings reflects the setting. > > If the line "allow_web_connection=false" is present, then the web > connection does not occur, and the network tab in settings reflects the > setting. > > However, if the line is entirely absent, then the connection is > established, however *the UI does not show this*. The item in the menu > for the network connection is unchecked. Your analysis seems correct to me. Is it possible the qt-settings file is created by something other than Octave on your system? Not that this is a bad thing, but it's also not entirely well-supported, as we've now seen. The 'news/allow_web_connection' setting has been present and has been checked since the GUI was first introduced in 3.8.0, so it is not likely that this was missing due to an upgrade from a previous version. It's more likely that the qt-settings file was modified outside of Octave or was created or pre-seeded by some other tool. Do you think there is any remaining issue here, or do you consider this resolved by fixing the configuration file on your end? Or is the only issue here that the settings dialog implies that the missing value defaults to 'false', while the actual behavior is to interpret a missing value as 'true'? -- mike signature.asc Description: PGP signature
Bug#876363: octave fetches network resources when network access disabled
P.S. I assume the reason for the line not being present is that it was not written to the file in an earlier version, and I have upgraded to a later version which only writes the line when re-creating the file from scratch. On 21/09/17 18:04, Mike Miller wrote: > On Thu, Sep 21, 2017 at 17:58:04 +0100, D Haley wrote: >> Thanks for getting back so quickly. That command yields no output (no >> such line) - the file does however exist. >> >> $ grep allow_web_connection ~/.config/octave/qt-settings >> $ > > Ok. That indicates that the setting is not actually being saved. It's > possible that Octave is not able to save its settings at all. Can you > check the file permissions and ownership? If you delete the file or move > it out of the way does it work as expected? >
Bug#876363: octave fetches network resources when network access disabled
Hi, It looks like the QT UI does not match what happens internally in Octave if the line is absent from the file. If the line "allow_web_connection=true" is present, then the web connection proceeds, and the network tab in settings reflects the setting. If the line "allow_web_connection=false" is present, then the web connection does not occur, and the network tab in settings reflects the setting. However, if the line is entirely absent, then the connection is established, however *the UI does not show this*. The item in the menu for the network connection is unchecked. Here is the testing I performed: $ pwd /home/pcuser/.config/octave $ ls -l qt-settings -rw-r--r-- 1 pcuser pcuser 5507 Sep 21 13:52 qt-settings $ mv qt-settings qt-settings.bak $ ps augxw | grep -i [o]ctave $ octave --force-gui $ grep allow_web_connection ~/.config/octave/qt-settings allow_web_connection=false $ octave --force-gui $ sed -i 's/allow_web_connection=false/allow_web_connection=true/' qt-settings $octave --force-gui $ sed -i 's/allow_web_connection=true//' qt-settings
Bug#876363: octave fetches network resources when network access disabled
On Thu, Sep 21, 2017 at 17:58:04 +0100, D Haley wrote: > Thanks for getting back so quickly. That command yields no output (no > such line) - the file does however exist. > > $ grep allow_web_connection ~/.config/octave/qt-settings > $ Ok. That indicates that the setting is not actually being saved. It's possible that Octave is not able to save its settings at all. Can you check the file permissions and ownership? If you delete the file or move it out of the way does it work as expected? -- mike signature.asc Description: PGP signature
Bug#876363: octave fetches network resources when network access disabled
Hello, Thanks for getting back so quickly. That command yields no output (no such line) - the file does however exist. $ grep allow_web_connection ~/.config/octave/qt-settings $ On 21/09/17 17:55, Mike Miller wrote: > On Thu, Sep 21, 2017 at 11:50:24 +0100, D Haley wrote: >> I was a little concerned at this message, as in the settings, the option >> "Allow Octave to connect to the Octave web site to display current news >> and information" is unchecked. > > This is troubling, thanks for reporting it. > > I have looked at the code, and the only way the message you quoted can > appear is indeed if Octave has attempted a web request, either > automatically at startup, or when the menu item under the News menu. > > Can you verify that the option is actually disabled? What does > > grep allow_web_connection ~/.config/octave/qt-settings > > yield? >
Bug#876363: octave fetches network resources when network access disabled
On Thu, Sep 21, 2017 at 11:50:24 +0100, D Haley wrote: > I was a little concerned at this message, as in the settings, the option > "Allow Octave to connect to the Octave web site to display current news > and information" is unchecked. This is troubling, thanks for reporting it. I have looked at the code, and the only way the message you quoted can appear is indeed if Octave has attempted a web request, either automatically at startup, or when the menu item under the News menu. Can you verify that the option is actually disabled? What does grep allow_web_connection ~/.config/octave/qt-settings yield? -- mike signature.asc Description: PGP signature
Bug#876363: octave fetches network resources when network access disabled
Package: octave Version: 4.0.3-3 Severity: minor Dear Maintainer, I was having some network troubles recently, and I was using octave. A short time after launching the program (octave --force, I was greeted with "Octave's community news source seems to be unavailable. For the latest news, please check http://octave.org/community-news.html when you have a connection to the web (link opens in an external browser)." I was a little concerned at this message, as in the settings, the option "Allow Octave to connect to the Octave web site to display current news and information" is unchecked. So it seems that this may not be being honoured? I can't see how octave would know that my network was down (at the router level) without performing a URL request. I admit I have not attempted to locate the code responsible for this, so apologies if there is a mistake on my part. Thanks. -- System Information: Debian Release: 9.1 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8), LANGUAGE=en_GB:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) Versions of packages octave depends on: ii libamd2 1:4.5.4-1 ii libarpack2 3.4.0-1+b1 ii libasound2 1.1.3-5 ii libatlas3-base [liblapack.so.3] 3.10.3-1+b1 ii libblas3 [libblas.so.3] 3.7.0-2 ii libc62.24-11+deb9u1 ii libcamd2 1:4.5.4-1 ii libccolamd2 1:4.5.4-1 ii libcholmod3 1:4.5.4-1 ii libcolamd2 1:4.5.4-1 ii libcxsparse3 1:4.5.4-1 ii libfftw3-double3 3.3.5-3 ii libfftw3-single3 3.3.5-3 ii libfltk-gl1.31.3.4-4 ii libfltk1.3 1.3.4-4 ii libfontconfig1 2.11.0-6.7+b1 ii libfreetype6 2.6.3-3.2 ii libgcc1 1:6.3.0-18 ii libgl1-mesa-glx [libgl1] 13.0.6-1+b2 ii libglpk404.61-1 ii libglu1-mesa [libglu1] 9.0.0-2.1 ii libgomp1 6.3.0-18 ii liblapack3 [liblapack.so.3] 3.7.0-2 ii liboctave3v5 4.0.3-3 ii libosmesa6 13.0.6-1+b2 ii libportaudio219.6.0-1 ii libqhull72015.2-2 ii libqrupdate1 1.1.2-2 ii libqscintilla2-12v5 2.9.3+dfsg-4 ii libqt4-network 4:4.8.7+dfsg-11 ii libqt4-opengl4:4.8.7+dfsg-11 ii libqtcore4 4:4.8.7+dfsg-11 ii libqtgui44:4.8.7+dfsg-11 ii libsndfile1 1.0.27-3 ii libstdc++6 6.3.0-18 ii libumfpack5 1:4.5.4-1 ii libx11-6 2:1.6.4-3 ii octave-common4.0.3-3 ii texinfo 6.3.0.dfsg.1-1+b2 Versions of packages octave recommends: ii default-jre-headless 2:1.8-58 ii gnuplot-x11 5.0.5+dfsg1-6+deb9u1 ii libatlas3-base3.10.3-1+b1 ii octave-info 4.0.3-3 ii pstoedit 3.70-3+b2 Versions of packages octave suggests: pn octave-doc pn octave-htmldoc -- no debconf information