Slashdot Mirror

Or you could just use an operating system that does updates. Ubuntu apparently patched every version of pidgin that's available (even though for some reason they won't just update 2.5.9). Check out the notes.

They are responsible for Bazaar, and Launchpad:

https://launchpad.net/

If anti-copyright proponents would be unhypocritical, they would demand that software be downloadable for "sharing" among friends.

Yes, if only someone would demand software be downloadable for "sharing" among friends. Damn those hypocrites!

You have to be careful that your O/S or hardware does not leak out that the encrypted container file is being written/read to in areas where officially there's no data. Otherwise they say: "Well where's your other password - we know you're accessing the other parts".

For example, if disk errors are logged to a logfile, and there's a "reallocated sector" in an "unofficial" area in recent times, you might be in trouble...

Also SSDs try to avoid overwriting existing data in many cases - they write the updated data in a "clean block" and leave the old data where it is since that's faster than erasing and rewriting. So that could leak out usage info as well.

This could be masked if programs like truecrypt and rubberhose rewrite different blocks of the entire container (without destroying data) at unpredictable times. but some hardware could treat overwriting with the same data differently from writing different data.

The author's suggestion (which isn't new[1]) is also vulnerable to such problems - since "Aunt May" is unlikely to be using the encrypted container.

BTW it seems to me TrueCrypt's hidden partition system is inferior to Rubberhose's - since with truecrypt, using the "official" partition could cause you problems (even if you enter the hidden partition's passphrase there could be clashes).

[1] I suggested something similar to deal with what the author is talking about nearly 2 years ago: https://bugs.launchpad.net/ubuntu/+bug/148440
I'm probably not the only one. But yes that's vulnerable, and something like the "rewrite" thing might be required.

Another source of leakage could be if you (or someone/something) copied/backed up the container file, and the cops get access to the copy or copies - then they can compare which parts were changed, and things go downhill for you.

Yet another source of leakage could be you posting on slashdot or somewhere else that you do use hidden partitions/aspects.

Lastly, the advantage of creating encrypted partitions for everyone (and making them easy to use) is more people might use them. And more people might forget the passwords to them, including judges, police officers, juries.

It's easier to claim "I was messing about with it to see what it did, and forgot the password" and be believed, if more people have done that before.

Have a reasonably popular O/S give everyone crypto and an encrypted "container" whether they are going to use it or not.

However, it has to be done in a way where you can use that container without leaving evidence behind that you have used it.

Something like: https://bugs.launchpad.net/ubuntu/+bug/148440

Except better :).

Then that's what I call creating real plausible deniability.

https://bugs.launchpad.net/ubuntu/+bug/1/

You might want to try No Machine's NX instead of RDP. It works exceptionally well. There's a free version (FreeNX) which also has an Ubuntu PPA. There's Ubuntu documentation here.

There are Windows, Mac, and Linux clients and a Linux server. We use it to allow windows users to run Unix software.

not trolling here... can you make calls to landlines or cell phones from within Ekiga?

I'll just google that one for you:

https://answers.launchpad.net/ubuntu/+source/ekiga/+question/71276

I think in the light of this Skype business, the Ekiga home page needs to raise its game considerably in terms of the information it provides. Looking at ekiga.org you can't immediately tell what it does, or even if there's a Windows version (which there is). I think it must get the prize for an Open Source project hiding the most light under a bushel.

Try the snapshot from the summary link.

Published on 2009-06-18

Try the snapshot from the summary link.

Published on 2009-06-18

There is a link to the source code on this page.

https://code.launchpad.net/~launchpad-pqm/launchpad/db-devel/

Clicked files, received "Internal Server Error."

https://bugs.launchpad.net/ubuntu/+bug/377005

https://bugs.launchpad.net/ubunet/+bug/375345

https://bugs.launchpad.net/ubuntu/+bug/377005

https://bugs.launchpad.net/ubunet/+bug/375345

Nope, it was announced ages ago

It's as if they don't want anyone to download it.

...

And because there's no way to just _get the source_ (ie. a tarball with source files in it) there's no way to download it without screwing with Apache.

Once you've got bzr 1.16.1 or later you can do bzr branch lp:launchpad to get the Launchpad code. That's pretty easy. Then, if you find yourself fixing a bug, you have a working tree in which to commit your changes. A tarball is a static lump with no history and no future, and if you want tomorrow's code, you'll have another big tarball to download.

How about a way to browse it online?

http://bazaar.launchpad.net/~launchpad-pqm/launchpad/db-devel/changes

BTW, you can get to that page by searching for the "launchpad" project on launchpad, clicking on the "Code" tab, and then clicking on the "lp:launchpad" branch.

https://code.edge.launchpad.net/launchpad

Thank you. Why do they not have this info in their announcement?
I was in the process of checking out the code using: bzr branch http://bazaar.launchpad.net/~launchpad-pqm/launchpad/devel/ Which I found after looking in the code for the setup script, but that's exactly what I wanted.

There is a link to the source code on this page.

https://code.launchpad.net/~launchpad-pqm/launchpad/db-devel/

You can browse the code here:

http://bazaar.launchpad.net/~launchpad-pqm/launchpad/devel/files

I haven't looked that closely, but can't you go to https://launchpad.net/launchpad-project then click on a sub-project and then on the "Code"-tab?

Status should be changed to "Fix released", then:

https://bugs.launchpad.net/ubuntu-community/+bug/393596

Not really - the bug is calling for code to be released under a Free licence. The AGPL isn't a Free licence.

Status should be changed to "Fix released", then:

https://bugs.launchpad.net/ubuntu-community/+bug/393596

• Firefox
• Pidgin
• Deluge

I couldn't find one for FileZilla. In most cases though, there will be a PPA with up-to-date packages of the stuff you want.

• Firefox
• Pidgin
• Deluge

I couldn't find one for FileZilla. In most cases though, there will be a PPA with up-to-date packages of the stuff you want.

• Firefox
• Pidgin
• Deluge

I couldn't find one for FileZilla. In most cases though, there will be a PPA with up-to-date packages of the stuff you want.

There are PPA repositories for those masochistic enough to want to work with nightly builds. For instance the following repo has nightly builds of Firefox.

deb http://ppa.launchpad.net/ubuntu-mozilla-daily/ppa/ubuntu jaunty main
deb-src http://ppa.launchpad.net/ubuntu-mozilla-daily/ppa/ubuntu jaunty main

It's also possible to add Debian unstable or testing to your repositories, but set the preferred distribution to Jaunty (Package>Preferences>Distribution in synaptic). Then you can selectively install certain packages from unstable.

There are PPA repositories for those masochistic enough to want to work with nightly builds. For instance the following repo has nightly builds of Firefox.

deb http://ppa.launchpad.net/ubuntu-mozilla-daily/ppa/ubuntu jaunty main
deb-src http://ppa.launchpad.net/ubuntu-mozilla-daily/ppa/ubuntu jaunty main

It's also possible to add Debian unstable or testing to your repositories, but set the preferred distribution to Jaunty (Package>Preferences>Distribution in synaptic). Then you can selectively install certain packages from unstable.

who got brave, and installed FF 3.6?

I've been running Firefox nightly builds for years. I recently switched from Windows to Kubuntu, found a 64-bit build (I think http://ppa.launchpad.net/ubuntu-mozilla-daily/ppa/ubuntu), and got right back on the nightly rough edge, currently called Firefox 3.6a1pre and codenamed Namoroka.

It's definitely not for most people; you have to watch planet.mozilla.org to track what's going on, you give up on some extensions, and there are occasionally snafus where you have to look at the firefox builds forum on mozillazine to find out what's up and maybe revert to using an earlier browser for a day or so. But by and large nightly builds work. Mozilla's investment in build farms and try servers and test suites means most stuff that's checked in to the trunk is working.

Tip: use /path/to/old/firefox -no-remote -ProfileManager to simultaneously run a second instance using a blank profile to see if it's just the new version or your profile or a particular extension that's causing problems.

https://launchpad.net/~fta/+archive/ppa

Just add the fta repository & install "firefox-3.5". They even link to a mozilla daily build repository if that's your thing.

...MySQL is not an open product.

Launchpad.net would seem to disagree.

The lamson project has a supposedly accidental VIRAL PAYLOAD AT http://launchpad.net/lamson in the file lamson-0.9.4.tar.gz with 7 copies of the "Virus identified I-Worm/Mydoom.BE";"Infected" virus and 1 "Trojan horse Dropper.Generic_c.GH" trojan horse reported by AVG.

Confirmed by hand.

Reported to Zed Shaw already who claims it was an accidental inclusion in spam test data.

So, it finally happened! A major effort by a distro to fix one hundred really small but irritating bugs. Also known as polish. This is what Ubuntu needs, and to be fair has been quite good at. Just fixing more and more of the tiny annoyances is what creates a well-rounded desktop. On the other hand, they are introducing Gnome Shell, which while probably cool, will certainly introduce a couple of hundred new paper cuts!

https://launchpad.net/hundredpapercuts

It's funny how every newcomer to linux automatically assumes that the objective of linux (as if linux is one entity) is to "beat windows".

https://bugs.launchpad.net/ubuntu/+bug/1

There is already this security mode, it's called running stuff as a different user. The browsers would be running as different (limited/restricted) users.

The operating system enforces the separation. If you find a problem with the separation, then that's a huge bug in the OS. Ever since the 1960/70s users in proper multi-user O/Ses cannot access each others files, data and processes, unless the permissions are explicitly granted.

The browser executables are only writable by the admin/system. So they won't be changed unless there is a "local/remote root" exploit.

The cookies, bookmarks etc are separate and different - since they are browsers on different accounts.

Try it. Create multiple _limited_ users (and reduce their access further if you want).

Give your main account access to the files of those limited users (otherwise you wouldn't be able to access the downloads etc with your main account, or copy in uploads).

Then in your main account create multiple shortcuts with:

C:\WINDOWS\system32\runas.exe /savecred /profile /user:core\_WWW_USER_X "C:\Program Files\Internet Explorer\IEXPLORE.EXE"

Replace _WWW_USER_X with the different created users.

Give the shortcuts different icons.

Note that /savecred isn't a big security hole here since you are saving the credentials of limited users that have less access than your main account.

To test: from the browser "open file" or "save as" you'll find that you can't save stuff to your main user account folders or the other browser accounts. Another thing you might notice is that if the browser opens files (pdfs, wmvs, mp3s) the opening application will also be running as the browser user (which is a good thing in security terms).

The usability problem is distinguishing the browser instances from each other since they tend to look the same. But the Links bars and other toolbars will be different. Plus for me one IE instance makes the "click" sound when you click on links, another one doesn't, and then yet another browser instance is running firefox instead.

There are also little things like if you rename files/folders in a File Dialog, the notifications don't get to the browser so it still displays the out of date file list, you'd have to press F5 to explicitly update.

IE7/8 on Vista makes this sort of thing simpler and more accessible to users. That's why despite what the Linux fanatics say, Vista has actually better security than "Desktop Linux" from a technical perspective - no Linux popular distro is configured by default to sandbox browsers using SELinux or AppArmor[1].

Vista sucks in other ways though ;).

Keep in mind this is not bulletproof because there may be things like exploitable bugs in the graphics drivers, but the attackers know there are millions of easier users+systems to attack, so it's unlikely they'd bother using those for now.

[1] This is about as far as OpenSuse has got: http://en.opensuse.org/AppArmored_FireFox
Similar for ubuntu: https://bugs.launchpad.net/ubuntu/+source/firefox-3.5/+bug/382917
Which is nothing in practice.

Did they ever resolve this? It's still present in 3.0 for Linux. Basically, instead of being polite and letting the OS keep the disk spun down until data needs to be written, Firefox spins up the HD for writing every single time it does anything. So if you have an aggressive spin-down policy (like Ubuntu Jaunty does, at least) and you're web-browsing, your HD will spin up and down every twenty seconds or so.

The whole premise that better usability will come out of getting usability designers involved in the free software development process is fundamentally misguided. It's really easy to get such feedback for most open source software. Just look at the forums and mailing list of people using the software, and it's trivial to find out exactly what are the confusing parts and what really needs to be improved. As for motivating improvements, most developers working on open-source software want their software to be better. But what does "better" mean?

The problem is that the developers working on the software don't use it the way everybody else does, which means there will always be a clash between their priorities and tastes and what regular users want. This means the people capable of fixing the usability problem believe many requests are misguided, and therefore don't do anything about them. I see this all the time, in projects big and small. On the open source project I contribute the most to, PostgreSQL, some of this disconnect is warranted. For example, users want the software to be super easy to use out of the box, while developers want it to be secure out of the box; that's a very hard split to reconcile. Sometimes instead you'll see features requested by DBAs that make perfect sense to other DBAs, but are shouted down as a bad idea too. This is because many of the most influential developers are not DBAs of large databases, which you'd expect almost by definition. They don't have the right context to fully appreciate some usability decisions. If the development community is healthy, when enough such requests come in eventually some concessions will get made, even if some of the developers don't quite get the motivating reason fully. Enough people complain about something, you just accept that's what everybody wants and bow to community pressure.

But there are plenty of communities where this doesn't seem to happen, and usually it's due to arrogance on the part of the developer rather than them not having design feedback. A classic example was last year's Pidgin UI disaster. Look at that ticket--the entirety of the user community was lined up against the developers, and the lack of response to that feedback even forced a fork whose tagline was "we work for you" as a noteworthy difference from the original project. Completely ridiculous.

I'm suffering from a similar bit of developer arrogance right now, with the standard GNOME terminal app. A change was made recently, first showing up on a lot of people's desktops via Ubuntu Jaunty, which reduces the ability to overload common function keys (like control-C) to either execute terminal functions (like "copy") and still work as terminal input if no text to copy has been selected. There's been a stack of bug reporters, and it turns out the only reason for the change was the developer thought it was a bug--there were no user complaints driving the change. The only right response in this situation, which is strictly a UI decision, is to man up, admit the change was wrong and you were wrong for thinking it, and thank your community for pointing it out. As you can see, that's certainly not happening here. (Yes, I can fix it myself. Not, that doesn't matter, because the thing I'm annoyed about is that it's a step backwards on the most popular default terminal people new to Linux use, which hurts the OS as a whole.)

You can collect usability data all day, that's easy. Doesn't take a designer, it just takes listening to your users. From where I'm sitting it looks like the hard problem is getting open-source developers to pay attention to what they're saying.

Case in point: Bug 332949, the update-notifier 'upgrade' in Jaunty which most users agree is functionality they want which was working, but Mark Shuttleworth thought he'd change because he could.

I could care less if my UI is some brand-new redesigned thing, or something that looks just like Windows 95.

I want basic features that I've been used to on Windows.
When I'm playing a game, and I want to change the volume, pressing the volume control buttons on my keyboard should change the volume. Pressing the next song button better get my media player running in the background to the next song.
And if I get an instant message while playing a game, I certainly should be able to alt-tab away from the game to Pidgin to type a reply.

I can do none of these things when a program grabs control of the keyboard and mouse in Ubuntu. Some games I can release the mouse grab by dropping down the console (thank you Quake 3), but if a game doesn't let me do this (UT2004), then the system is perfectly happy to keep me locked into it until hell freezes over or I exit the game prematurely just to message my friend I'm in a game... or was.

And it's not even limited to games. If I have a drop-down menu open, such as Firefox's bookmarks menu, then same thing: the volume and media control keys don't work. I end up mashing the key several times wondering when it will catch up before I remember this frustrating glitch.

On top of all this, almost to add insult to injury, the screensaver will come on while playing certain games, even if you're actively pressing keys. At least there's a bug report for this-- er, a 3 year old bug report for this: https://bugs.launchpad.net/gnome-screensaver/+bug/32457

I think the real point of the submission is that If "WE" the community want to code, volunteer to test "as I did here" and think about the whole just a little more, then we'd all be better off for it. I wish I knew how to code, and perhaps I would lend a hand. (Anyone can suggest were to start? I am a fast learner who understands scripting/html and did a little Basic in school +10 years ago.)

For some reason (maybe because I watched it last night?) this reminds me of that line in the movie The Devil Wears Prada where she laughs and Meryl Streep lays into her about fashion and how the color sweater she was wearing was decided in that room. To her it didn't matter, but it is still important, otherwise we'd all look like fools. Remember the 70's?

I kid, but consider this article (Scienticfic American, "The Sorriest Animal") about what separates us from other animals. Part of the article talks about self esteem and needing to feel accepted. That is why we do just about anything we do outside of survival, because on some level it is. What I do not understand is why we can't wake up as a species and think seriously about the collective and what is best for all. We could build starships in 20-30 years, IF we looked for and purposely exploited our talent and treated each other with respect. But I truly believe we must first respect ourselves in order to respect others. But how can we do that, when we do not even consider that to be accepted, we need to accept others and assist, as they will be better to do for us.

To put another way, you have to think about yourself many times. Being quote selfish can be the most unselfish thing you do at times. If you aren't there, then things are completely out of your control. It may smell of It's a Wonderful Life, but if you truly think about the influences that we all have, that you yourself has, then you may understand my point.

However, on a desktop, general purpose computer, you might want to, say, for instance, try out Opera's new beta...Here, you're stuck.

Really. So these don't work or exist?

I stopped reading there, considering you didn't even get THAT right. Sure, repositories have issues occasionally, I agree, but it's not a travesty that you're making it out to be. Ubuntu has the PPA stuff going on, where developers can make Peronal Repositories for users to download software. I wish they'd make these easier to access, but it's not like it's hard now.

I don't think so. I couldn't find definitive references and it's been a long time since I installed Ubuntu on a non-Intel-graphics system, but I am pretty sure that since Gutsy Ubuntu has been using a compositing window manager (compiz) by default on systems with Intel and Nvidia graphics (and since some later Ubuntu version also on ATi systems). Of course, compositing requires 3D hardware acceleration, and for Nvidia this means proprietary drivers.

Compare:
https://blueprints.launchpad.net/ubuntu/+spec/composite-by-default
http://arstechnica.com/open-source/news/2007/09/ubuntu-technical-board-votes-on-compiz-for-ubuntu-7-10.ars

TFA says that the way sound is implemented in the kernel is basically okay, but there are problems with how the kernel's facilities are used at higher levels by applications, and with the way the whole thing is integrated by distros. I think he's basically correct.

As an example of what's not broke about the kernel, and doesn't need to be fixed, it's a good thing that we still have support for OSS. OSS allows you to do sound I/O in exactly the way you would expect to do sound I/O based on the fundamental design principles of unix. You just do open(), ioctl(), read() or write() on devices like /dev/dsp. If you couldn't do that, it would be a failure to do the obvious, straightforward stuff to handle sound in the Unix Way.

As an example of what is broken at higher levels: I run Ubuntu Jaunty. Sound works fine every time I boot the computer, and I get the bongo sound as the login screen comes up. Then when I log in, master playback is muted, and the volume is down at 1/31. Also, the way the Gnome icon shows me that sound is muted (a tiny red box with a white x in it) is the same as the way the network icon would show me that I'd disconnected my ethernet cable or something; in other words, it makes it look like it's not just muted, but actually broken. Here's my best attempt to characterize the bug: Here's a bug on launchpad that may or may not be the same thing:

Uh, if those windows machines actually ran "windows update" there would be no conficker. So if Desktop Linux had the same users, they may not run "ubuntu update". Why? Because the last time they updated their machine stopped working properly Think that will never happen? See: https://answers.launchpad.net/ubuntu/+question/24523 Notice that user actually understands "grub" and "kernels" and knows where to find help. Other users might just never update. If the O/S ever has millions of users, these users start to add up.

This is why I run a stable distro that doesn't break everything all the time. Debian stable for example, I think it would be highly unlikely for anything to break during an update.

Nice true open source alternative to SAP:
http://openerp.com/

OpenERP looks like it might be a re-branding of TinyERP. However there's no obvious link from the TinyERP page on SourceForge nor on OpenERP's Launchpad page.

Probably a better one is Pupesoft, though the documentation is not quite as accessible to some as one might wish...

This is a preference in compiz. If you install compiz settings manager (ccsm), you can change this. Start it, click the 'move window' button, and uncheck 'constrain Y'.

This is the bug report on the default setting, if you want to vote for it..

I agree, I use "linux" as the brand, people recognize it. I describe Open Office, Firefox, and Tremulous as being "from Linux, but ported to Windows". It's enough. The problem, as I see it, is that they _are_ available in windows, and so nobody has any real need to use Linux. In other words, what does Linux do for people, that Windows cannot? Why would they need Linux? To shield them from the illegality of their software? Provide them with more functionality? Which? Torvalds has it right - Linux is, still, in need of more drivers. But I also think it needs to ship with more "fun" apps - games, webcam apps, instant messenger and phone apps, etc - things Windows doesn't come built-in with. Wubi also could be used for a lot more, as a base to a quick-boot linux to run these apps, or others.

For those okay with using a browser which is under heavy development, Midori is another great option.

It's my main browser on my eeepc for its RAM savings and it has been great. I've been using the PPA (note you also need the Webkit PPA in Ubuntu 9.04 and has been very stable. Many features are missing, however, it is maturing very quickly. Keep firefox around, though, as Midori has had issues with a few sites.

For those okay with using a browser which is under heavy development, Midori is another great option.

It's my main browser on my eeepc for its RAM savings and it has been great. I've been using the PPA (note you also need the Webkit PPA in Ubuntu 9.04 and has been very stable. Many features are missing, however, it is maturing very quickly. Keep firefox around, though, as Midori has had issues with a few sites.

I am not sure why this is news, actually. The repository for Chromium has been available for Ubuntu for some time. Instructions for adding it are here:

https://launchpad.net/~chromium-daily/+archive/ppa

The big advantage to this is that you get the nightly builds automatically every time you update; no need to mess with downloading and installing debs

How does this differ from the Chromium daily builds? Is it identical only officially a Google product, or are there technical differences?