Re: Ubuntu 10.10's installer looks rather nice

2010-10-13 Thread Pekka Pietikainen 
On Wed, Oct 13, 2010 at 10:16:00AM +0200, Gerd Hoffmann wrote:
> "advanced install mode" is a non-started as discussed elsewhere in this 
> thread.  It must be more fine-grained, i.e. each installation step 
> (where it make sense) should offer some button to see the advanced
>options.

The "Show a screenful of sane defaults for lots of stuff" with a "Change"
button next to each sounds good to me, and probably could just be a front
for the current dialogs (which might not be perfect, but they are quite
good)

If the keyboard, timezone etc. are correct (based on autodetection/GeoIP
when available) then why make the user even press Next?

If "Nuke everything and use LVM on my 1TB Seagate" is ok, same there.  If
"Standard desktop" is fine, then so be it.  If not, press "Change",
select "Server" and if that's not good either, fiddle with
the packages while you're over there.

Personally I would probably like a cmd line option to anaconda for it to
fetch some file through http (kickstart :) ), and that would have my
favourite packages listed, and I could pretty much just press "Install"
after anaconda starts up (after verifying that everything got detected
correctly).  Pretty much the current situation, except I wouldn't have to
go through all of those dialogs.

I'm no UX person, though. Maybe people want to think about one thing
at a time and then press Next :D
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: Summary/Minutes from today's FESCo meeting (2010-10-26) NEW TIME!

2010-10-28 Thread Pekka Pietikainen 
On Thu, Oct 28, 2010 at 12:44:52PM +0530, Rahul Sundaram wrote:
> This feature is now approved and I see bugs get filed.  The documentation and
> guidelines are very incomplete.  How does one figure out which file
> capabilities are needed by the programs I maintain that currently use setuid? 
> Help, please.
Probably: remove setuid bit, run, see what breaks. strace may be useful

[...@the ~]$ strace ./rsh localhost 2>&1|grep EACCES
bind(3, {sa_family=AF_INET6, sin6_port=htons(1023), inet_pton(AF_INET6,
"::", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, 28) = -1 EACCES
(Permission denied)

-> needs CAP_NET_BIND_SERVICE. It didn't seem to output any error to the
user, so the lacking permissions may be well-hidden.

https://wiki.archlinux.org/index.php/Using_File_Capabilities_Instead_Of_Setuid
seems to have a list btw., which may or may not be correct.

Do note that removing suid from some programs is a bad idea:
"Warning: Do not use it, because mount and umount can not do some checks,
then users can mount/umount filesystems that do not have permission."
(probably those checks could/should be implemented upstream, if they're not
already there)

So it's a feature that could introduce new vulnerabilities
if done wrong, but it's certainly worth doing, carefully. If uncertain,
ask.


-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: ABRT duplicate detection

2010-04-26 Thread Pekka Pietikainen 
On Sun, Apr 25, 2010 at 09:33:40PM +0200, Radek Vokal wrote:
> > You might all know the MS "search for a solution to this problem" window
> > popping up after an application crashes. I've never seen it doing
> > something usefull, though. But if ABRT could detect duplicate crashes
> > one could use this to display a workaround or even propose an update via
> I've cced the crash-catcher mailing list. Probably the developers can
> comment more about this idea, but in general I really - especially the
> part -known bug & known workaround, which might be linked to a
> wiki-like database of  user problems and solutions.
Also pretty relevant (and implemented by MS & Apple) is whether the crash
has potential security implications.  Doing it "well" is somewhat involved,
but a rough estimate shouldn't be that difficult, look at the backtrace
and do a little-lots of heuristics.

http://msecdbg.codeplex.com/
http://seclists.org/dailydave/2009/q3/11

We may be doing some work in this area soon btw. :)
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: gcc-4.5-RH in F14

2010-07-13 Thread Pekka Pietikainen 
On Thu, Jul 08, 2010 at 11:31:09AM -0400, Brandon Lozza wrote:
> A mass rebuild would be recommended as the new compiler will produce faster
> code. I believe everything will benefit and it's worth looking into. For
> example I noticed a significant difference on the OpenSUSE distro when GCC was
There may also be some regressions that cause newer gcc's to miscompile
some previously working code due to a corner-case in some newly
introducted optimization. Rare, but does happen. I've reported a few myself
over the years, and while the gcc people are extremely good at tracking
these down, I'd feel much more comfortable if a mass rebuild got done
early on, just to be sure. 

"Problem started after mass recompile" is much so much easier to diagnose than
"Problem started after bumping package from 1.1 to 1.2 (or even 1.1-1 to
1.1-2 where we just fixed typos in the documentation".
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel