On 28 October 2011 10:15, Jason White <jason(a)jasonjgw.net> wrote: I tried that, it didn't seem to have any affect. It is an old post, suspect it no longer applies to Ubuntu 11.10 -- Brian May <brian(a)microcomaustralia.com.au>

On Thu, 27 Oct 2011, Rick Moen wrote: I don't get why geeks use Ubuntu. I think the usual argument is "it just works" (somewhat like Apples - I can at least understand that in principle, although it never worked for me, with my brain being wired to focus-follows-mouse-but-not-raise, and with middle click being broken in the opengl X11 apps I was programming, and with package management being useless), but demonstrably, it just doesn't work (so completely unlike, I mean, like Apple then). -- Tim Connors

On Fri, 28 Oct 2011 10:47:06 AM Rick Moen wrote: I did look at Debian Testing at one point, but it's got old KDE packages though. :-( -- Chris Samuel : http://www.csamuel.org/ : Melbourne, VIC This email may come with a PGP signature as a file. Do not panic. For more info see: http://en.wikipedia.org/wiki/OpenPGP

On Sat, Oct 29, 2011 at 1:02 PM, Rick Moen <rick(a)linuxmafia.com> wrote: Just noting for comparison I'm currently running KDE 4.7.2 on Ubuntu. If you sat me at a terminal though, I can't say I'd be able to tell the difference between a 4.6.5 install and 4.7.2. Others might. / Brett

Rick Moen wrote: Where it works, I prefer Default-Release (cf. pinning): $ cat /etc/apt/apt.conf Apt::Default-Release "wheezy"; IME it works for the specific case of testing/unstable, but I don't know if it's the Right Thing. Both approaches also totally failed last time I tried them on Ubuntu, but that was ca. 2007.

Quoting Brian May (brian(a)microcomaustralia.com.au): What you describe resulting from 'doing a daily upgrade to te latest Debian/testing' implies doing something like 'apt-get dist-upgrade', which indeed hogs a lot of time and bandwidth -- especially if you've made the error of doing a kitchen-sink installation -- but is completely unnecessary: The interesting thing about Debian's security updates (as detailed on the debian-security-announce mailing list, http://lists.debian.org/debian-security-announce/) is that, upon examination, you find that 95% are either irrelevant to your installed system for one reason or another (package not installed, threat model applies only to a particular configuration you don't have), or is intended to fix theoretical vulnerabilities so far-fetched that there's no hurry dealing with them. In 2011 so far, there have been 211 postings to that mailing list (whose postings I skim-read). Of those, 42 were package updates that were _potentially_ applicable to my Debian servers, and 42 were _potentially_ applicable to my Debian workstation. However, the actual number of relevant updates has been much smaller than that. Let's consider the 42 workstation packages, and spot/weed out the ones that can be ignored: DSA-2141-2, nss: This addressed the far-fetched TLS man-in-the-middle scenario in January, which I already render irrelevant in other ways. DSA-2142-1, dpkg directory traversal: Far-fetched attack on .deb source-code packages that are in 3.0 quilt format. DSA 2149-1: local DoS against dbus; not much of an attack. Carefully crafted system messages could cause an instance of dbus to segfault, but it'd launch another, so not a big deal. DSA 2151-1 (still January): Set of OO.o bugs whereby malicious RTF documents, XML filters, TGA (Targa) graphics files, MS-Word files could 'potentially execute arbitrary code' as the local user, which means there's no exploit and may never be but you should get around to upgrading on general principle. I didn't bother, but instead just gave OO.o the heave-ho when LibreOffice came out. DSA 2152-1, hplip: irrelevant because I don't use the SNMP discovery code. DSA 2153-1, linux-2.6: Almost entirely bugs in drivers and subsystems I don't use, except some minor information leakage and several local-user DoS bugs, meriting eventually kernel upgrade when convenient but not urgently. DSA 2164-1, shadow: Farfetched, and I don't use NIS. DSA 2176-1, cups: Basically, DoSing the print daemon with malformed files, in which case it segfaults and cupsd forks/execs another copy. DSA 2200-1: iceweasel: Blacklisting several fraudulent SSL certs issued by Comodo, which is nice but I'd already manually removed the Comodo root cert. DSA 2203-1: nss: Same Comodo certs, already dealt with locally. DSA 2213-1: x11-xserver-utils (xrdb utility): So-called remote attack if remote X11 is enabled (who does that?) or there's a 'rogue DHCP server' on the local LAN issuing 'crafted hostnames' that might in some farfetched scenario possibly stack-smash the xrdb utility that might in theory escalate privilege. Farfetched, no hurry. DSA 2217-1, dhcp3: 'Rogue DHCP server' could send DHCP client shell meta-characters that could speculatively maybe some day lead to an explotiable way to execute arbitrary code as the dhclient user. Farfetched, and moreover irrelevant because I have DHCLIENT_SET_HOSTNAME="no". DSA 2240-1, linux-2.6: Various kernel bugs, all of them in drivers and subsystems I don't use, except for one about video support for AGP devices, which is irrelevant because my users aren't in group 'video'. DSA 2264-1, linux-2.6: As above. DSA 2265-1: perl: 'tainted' flag isn't always handled correctly, which is serious but irrelevant because I don't rely on it for anything. DSA 2267-1, perl: Perl's 'safe' module can sometimes be bypassed, which is serious but irrelevant because I don't rely on it for anything. DSA 2275-1, OO.o: Import filter for Lotus Word Pro is subject to theoretical, speculative attack as the local user, but this is irrelevant because I don't use Lotus Word Pro files. DSA-2287-1, libpng. Several bugs, the most serious of which can be used to make libpng grab lots of RAM, maybe fall over, and very speculatively maybe some day accomplish more mischief. Not urgent. DSA 2292-1, dhcp3. DoS: Remote attacker can make your DHCP client program fall over. Bummer. Annoying, but hardly a security emergency. DSA 2299-1, ca-certificates: Blacklisting Diginotar for incompetence as a CA. Irrelevant for the same reasons as the Comodo issues. DSA 2200-1, nss: Same. DSA 2300-2, nss: Diginotar round 2. See above. DSA 2303-1, linux-2.6: Mostly drivers and subsystems I don't use, except two that are minor information leakage (to fix when convenient, not an emergency) and a fascinating bug in TCP sequence number randomisation that merits a kernel upgrade (again) when convenient but not an emergency. (If your secret network transactions are accessible merely by guessing packet sequence numbers, you aren't doing security right.) DSA 2303-2, linux-2.6: Fixes a nasty bug introduced by the prior fix. (See? This is one reason to not be in a hurry except when haste is actually needed.) DSA 2310-1, linux-2.6: Again, almost entirely drivers and subsystems I don't use, excepting a couple of minor information leakage bugs. Merits kernel upgrade when convenient, not an emergency. DSA 2310-1, OO.o: Bugs in the MS-Word importer, which can cause OO.o Writer to fall over but so far probably not much else. Taking out the above 26 irrelevant or not-very-important updates, what does that leave? One fairly serious glibc update, one fairly serious PAM update, five updates each of iceweasel (Firefox) and icedove (Thunderbird), and four updates to freetype: 16 package updates, plus in some cases dependencies. So, _not_ 211 for the current year, but rather _16_. Plus a kernel upgrade or two whenever convenient. Also, because of my usage scenarios for Iceweasel and Icedove (well-tuned NoScript and RequestPolicy for Firefox, simple HTML display in Thunderbird), I actually ignore most upgrades with perfect safety because I've addressed threat vectors at other levels. Anyway, I hope you'll notice, _very_ few package upgrade result, if you bother to read the DSAs and fix only what's worth fixing -- and if you haven't installed the kitchen sink. By the way, if you have numerous Debian machines needing package updates, you do _not_ have them all fetch those in parallel. What you do is have each host's apt subsystem use a shared local Squid cache you establish for that purpose. That way, duplicate downloads are eliminated automatically. As you see, you were misinformed. One just subscribes to the DSAs (very low traffic announce-only mailing list), skim-reads the occasional postings, ignores 95% as irrelevant, and acts on the remaining dozen-plus packages per year.

Quoting Erik Christiansen (dvalin(a)internode.on.net): /usr/bin/update-manager (Python utility with dependencies on dconf-gsettings-backend, gir bindings for gtk+3 / VTE, python-dbus, python-gobject, Python gtk+3 aptdaemon widgets) is in fact a front-end for apt, same as synaptic, kpackage, and all the rest (http://en.wikipedia.org/wiki/Advanced_Packaging_Tool#Front-ends). So, no. You can switch back and forth between one of the graphical front-ends such as update-manager and apt-get, without causing problems. Sounds reasonable to me. To elaborate on what I was saying about skim-reading DSAs, if I read one that suggested a pretty urgent security update to glibc (package libc6), I would open an xterm and do: su - apt-get update && apt-get install libc6 ctrl-D Those are worthy of respect, too, though. For extra win (if you don't mind the bandwidth usage, you could put this in a nightly cronjob: apt-get update && \ apt-get -y --download-only dist-upgrade && \ apt-get autoclean That way, when you wake up, all the available updates for your installed packages are already available locally in /var/cache/apt/archives/ , with no download delays.

Hello, Erik Christiansen: Instead of doing a "dpkg -i", just copy the downloaded .deb files into /var/cache/apt/archives/ on the other machines, then use apt-get as normal. That way you still only download once (other than the index files), but you get all the smarts of apt-get, eg if one of the machines is not quite like the others it'll still do the right thing. That's assuming hard disk space is not a problem, but that's often the case. Jiri -- Jiri Baum <jiri(a)baum.com.au> http://www.baum.com.au/sabik

Quoting "Tim Connors" <tconnors(a)rather.puzzling.org>rg>: It worked for a while. The Unix desktop universe follows Douglas Adams: "There is a theory which states that if ever anybody discovers exactly what the Universe is for and why it is here, it will instantly disappear and be replaced by something even more bizarre and inexplicable. There is another theory which states that this has already happened." As soon as there was one graphical environment working, it was replaced by something "brand new". Linux-specific, a lot of that trickled back into the Linux kernel and "close relatives", as udev, the DBus to HAL 9000, the DeviceKit and the PoliceKit and whatever in-between. And that's all just to catch three events a day to plug/unplug a USB stick or to speed up a boot process. Regards Peter

Quoting Tim Connors (tconnors(a)rather.puzzling.org): Well, except for Celine Dion, anyway.

I started using Ubuntu in 2005...Hoary I think.... and disliked Kubuntu. I've preferred Gnome up til 11.04. I'm not a developer or coder... just a user. I just disliked MS and wanted to rebel.hoices were limited Ubuntu, I just liked. I've tried Arch Linux and Debian, had a dip at Sabayon, Mandriva/Mandrake, kept coming back to Ubuntu...now Kubuntu! I don't like Unity. Haven't tried Gnome 3, but understand it's similar to Unity, so I tried Kubuntu and surprised myself by liking it. own Unity desktop so saying that they went from something that worked and changed to a brand new UI is a little disingenuous. They had little choice. I don't like Unity, but the choices were limited. All said, I upgraded to 11.10 Kubuntu about 2 days after release and I still like it. Michael On Fri, Oct 28, 2011 at 6:16 PM, Trent W. Buck <trentbuck(a)gmail.com> wrote:

Craig Sanders <cas(a)taz.net.au> wrote: I don't like it. I haven't noticed it much, though, for software projects in which the developers use the software heavily. I don't think the free/open-source community is so good at writing software for other people to use (i.e., people who aren't like the authors of the program in important respects). That's fine, since I prefer software which is written by people who are actually users of that class of tool.

Quoting Trent W. Buck (trentbuck(a)gmail.com): Kees Cook does some amazing work. He has a really good page about his and other maintainers' heroic accomplishments with AppArmour and other security improvements. https://wiki.ubuntu.com/Security/Features

Quoting "Chris Samuel" <chris(a)csamuel.org>rg>: Is that the reason for 200GB .xsession-errors? ;-) Cheers Peter

Quoting "Russell Coker" <russell(a)coker.com.au>au>: Good old syslog maybe? "Message repeated x times" is already built-in. Regards Peter

Quoting "Russell Coker" <russell(a)coker.com.au>au>: Well, you can filter for severity, drop and it only fills up /var/log. I have the habit to give /var/log an extra partition. To the delete - I did a reboot anyway. A modern desktop isn't predictable after a dozen background processes were running into difficulties. Cheers Peter

On 28/10/11 12:16, Peter Ross wrote: I don't know, have you added that PPA ? I don't think storing errors in .xsession-errors was invented by *buntu either, I'm pretty sure Mandrake was doing that years ago, and I"m pretty sure Arch Linux does it too. So if anyone is to blame then it's KDE for producing software that creates that many errors - what were they from ? cheers, Chris -- Chris Samuel : http://www.csamuel.org/ : Melbourne, VIC

On 28 October 2011 14:34, Peter Ross <Peter.Ross(a)bogen.in-berlin.de> wrote: Probably full of "out of disk space errors" :-) I have seen mythtv do just this - when the video partition was full it filled the root partition up with error messages :-(. -- Brian May <brian(a)microcomaustralia.com.au>

On 28.10.11 10:45, Tim Connors wrote: Well, this one found that Debian wouldn't install on hardware he'd just paid good money for, nearly a decade ago. Ubuntu was the closest which worked OOTB. And to be fair, it has for the most part worked well enough, at least after various gremlins have been whacked on the head after each upgrade. (Not pointing the finger _only_ at NetworkManager, here.) One of the first things I tweaked after the first Ubuntu install was focus-follows-mouse-but-not-raise. If you don't mind using the GUI (just once), then System->Preferences->Windows presents that option. Dunno how middle click needs to work for you, but on my 3-button mouse, Left selects, Middle pastes, and ^Right pops up the "VT Fonts" dialogue. For pasting into Vim, middle click is _essential_ for me. I've installed a couple of dozen packages, including a couple of toolchains, without anything but flawlessness. (That I can recall) It has worked so well that my long-term habit of building cross-compiler toolchains and various favourite apps has fallen into disuse. It's NetworkMunger, the "DO NOT EDIT" crap in config files, and the other user-alienating M$-style arrogance which will cause me to flip back to Debian. (I like to upgrade every 3-4 years, if it seems warranted, but Ubuntu may offend fatally before then.) Erik -- Debian is for people who can read man pages. Robert Moonen (on luv-main ML)

Quoting Erik Christiansen (dvalin(a)internode.on.net): This was often the case _if_ you were unaware of the many extremely good third-party installer images. At any given time, there are a huge number of these, and there were (e.g.) a number of live-CD Debian installers long before the Debian Live Project (live.debian.net) existed. I even got so tired of hearing how _the_ Debian installer image was insufficient that I made a Web page to point people to (and of course, it is now a bit out of date): http://linuxmafia.com/faq/Debian/installers.html My own current favourite way to install Debian is Aptosid (formerly Sidux). Live CD with installer, comes out every quarter.

Quoting Erik Christiansen (dvalin(a)internode.on.net): One becomes a bit motivated to research alternatives upon being handed a new system whose mass-storage HBA isn't supported by the regular installer image. ;-> You'll notice that a number of the third-party images for Debian were evidently prompted by such hardware issues: All it took was for someone to say 'I think I know how this is installer gets built. Let's remaster it with a better kernel and an updated initrd.' [Aptosid installer:] Actually, the KDE image is one of _two_ Aptosid editions, the other being Xfce4. (Both images also include the Fluxbox window manager.) When I most recently rebuilt my workstation, I had no interest in either KDE or Xfce, so I installed the Xfce edition of Aptoid and then did: # mv /etc/alternatives/x-session-manager /usr/local/ # apt-get install wmaker I believe that the latter action set Window Maker automatically as the default window manager, but you can always do # update-alternatives --config x-window-manager to check and verify. I can't remember whether I even bothered removing the Xfce packages, or if I just ignored them. There was a bit more to it, e.g., I had to work around the fact that the accursed motherboard used a Broadcom 57xx 'Tigon 3' ethernet chipset requiring a non-free firmware image not included in Aptosid's (or Debian's) installers. Full account is here: http://linuxmafia.com/pipermail/conspire/2011-May/006209.html

Quoting Trent W. Buck (trentbuck(a)gmail.com): Aptosid's primary policy and reason for existence is compatibility with Debian-unstable. The Aptosid repo is an add-on to provide stabilisation packages only, to the best of my understanding: Your system consults the Debian-sid repo for almost everything, the add-on Aptosid repo furnshing only bugfixes for sid packages. All contents of the Aptosid repo (and installer images) must comply with Debian Policy and the Debian Social Contract. Moreover, if you decide after using that Aptosid installer that you don't care to receive Aptosid's bug-fix packages, all you need to do is disable those lines in /etc/apt/sources.list, and your system will converge onto pure Debian sid thereafter. Compare: Ubuntu's repo isn't even _binary-compatible_ with any Debian repo. They've specifically disclaimed since 2005 ever having intended any such compatibility, in fact: http://tectonic.co.za/?p=657 Adding Ubuntu repo lines to a Debian system's /etc/apt/sources.list[.d/*] or vice-versa will _break_ that system. Ubuntu has no commitment to Debian Policy or the Debian Social Contract. You see the two cases as 'just as much' derivatives and merely 'happen to be less divergent (at least for now)'? OK, good luck with that. Indeed, what's an ISO for other than loop-mounting it on one's Web or NFS server? Oh, you forgot that using an ISO doesn't require an optical drive, didn't you? ;->

On Thu, Oct 27, 2011 at 03:40:09PM -0700, Rick Moen wrote: WTF is wrong with ubuntu and gnome and kde devs? have they all been infected by microsoft or apple? or are they all just stupid? don't they get that a half-arsed imitation of MS and Apple crap ISN'T going to attract MS or Apple users to linux, it's just going to piss off existing linux users? what is so difficult to understand about the fact that linux desktops aren't (or weren't until recently) user-hating patronising crap is one of the reasons linux users actually use linux. and seeing "See 'man 7 undocumented' for help when manual pages are not available." for every new and amazing piece of crap is really pissing me off. they want to fuck with the way unix systems boot and work and couldn't even be bothered writing the documentation so i, and other victims of their meddling, can figure out WTF they have done? FTFAJ. craig -- craig sanders <cas(a)taz.net.au> BOFH excuse #307: emissions from GSM-phones

On 28 October 2011 09:44, Peter Ross <Peter.Ross(a)bogen.in-berlin.de> wrote: I just noticed mountall --help provides help information. Me things all my problems were caused by this entry in /etc/fstab: cgroup /var/cgroup cgroup defaults 0 0 Previously this was required to get cgroup stuff to work in Ubuntu. However now it seems that mountall wants to do this itself, and it gets upset if the filesystem is already mounted. Later: Typical. Was working through the Ubuntu bugs, but this one was listed last. https://bugs.launchpad.net/ubuntu/+source/mountall/+bug/874989 -- Brian May <brian(a)microcomaustralia.com.au>