Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: lists.debian.org > debian-user-digest > 07 > 070210.html (Request Expert lists.debian.org Support)

debian-user-digest Digest V2007 #2030

From: <debian-user-digest-request(at)lists.debian.org>
Date: Thu Jul 26 2007 - 17:36:59 EDT


Content-Type: text/plain

debian-user-digest Digest Volume 2007 : Issue 2030

Today's Topics: 

  Re: how to restore bios password (PH  [ bob@proulx.com (Bob Proulx) ]
  Re: Where is Lame in Sarge?           [ "Manon Metten"  ]
  Re: adduser kills sound pt. 3         [ bob@proulx.com (Bob Proulx) ]
  Re: Sarge: Lost # of failed logins    [ bob@proulx.com (Bob Proulx) ]
  Re: resolv.conf getting overwritten   [ Steven  ]
  Re: resolv.conf getting overwritten   [ Davide Mancusi  ]
  Re: RAID1 Boot Partition              [ bob@proulx.com (Bob Proulx) ]
  Re: laptop keyboard settings in debi  [ bob@proulx.com (Bob Proulx) ]
  Re: Where is Lame in Sarge?           [ Hal Vaughan  ]
  Re: Where is Lame in Sarge?           [ bob@proulx.com (Bob Proulx) ]
  Re: Sarge: Lost # of failed logins    [ Florian Kulzer 
  Several GTK-apps not working anymore  [ danteonline@gmail.com ]
  Re: why do iceweasel et al have more  [ Andrew Sackville-West <andrew@farwe ]



Date: Thu, 26 Jul 2007 13:32:54 -0600


From: bob@proulx.com (Bob Proulx)


To: debian-user@lists.debian.org


Subject: Re: how to restore bios password (PHEONIX on acer 5102)

Message-ID: <20070726193254.GB12790@dementia.proulx.com>
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline


Andrew Sackville-West wrote:

> Jabka Atu wrote:
> > but the issue is that afaik if i open the laptop i will lose my warrenty.
> 
> ...  they have effectively stolen your laptop from you by locking
> you out of its BIOS ...

Agreed.  I have never heard of a vendor laptop or otherwise setting a
bios password and claiming that removing it would void the warranty.
I consider that completely unreasonable terms.  I would refuse those
conditions and return the unit.



Other than simply being prepared for the future what functions to you
need to modify in the bios?  I am assuming that the laptop is booting
at the moment?


Do you need help?X

Bob



Date: Thu, 26 Jul 2007 21:39:07 +0200


From: "Manon Metten" <manon.metten@gmail.com>
To: hal@thresholddigital.com


Cc: debian-user@lists.debian.org


Subject: Re: Where is Lame in Sarge?


Message-ID: <5da176070707261239q4584e441re885e23023a48299@mail.gmail.com>
Content-Type: multipart/alternative; 


        boundary="----=_Part_169383_2063376.1185478747168"



------=_Part_169383_2063376.1185478747168

Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline


Hi Hal,



On 7/26/07, Hal Vaughan <hal@thresholddigital.com> wrote:



I have a server running Sarge.  I tried to find lame and got this:

>
> <Snip>
>
> Neither toolame or glame provide lame itself.  It's LPGL, does that
> create a conflict with Debian's social contract?
>
> Do I have to go out of the repositories to add lame?
>
Do you need more help?X

Before you can install lame,  you have to add this line to your
/etc/apt/sources.list:


deb http://www.debian-multimedia.org etch main
(you may replace etch by stable of course).



Then do an aptitude update and first install the debian-multimedia-keyring:
aptitude install debian-multimedia-keyring



Then aptitude install lame. That's all.



Manon.



------=_Part_169383_2063376.1185478747168

Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline


Hi Hal,<br><br><div><span class="gmail_quote">On 7/26/07, <b class="gmail_sendername">Hal Vaughan</b> &lt;<a href="mailto:hal@thresholddigital.com">hal@thresholddigital.com</a>&gt; wrote:<br><br></span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
I have a server running Sarge.&nbsp;&nbsp;I tried to find lame and got this:<br><br>&lt;Snip&gt;<br><br>Neither toolame or glame provide lame itself.&nbsp;&nbsp;It&#39;s LPGL, does that<br>create a conflict with Debian&#39;s social contract?
<br><br>Do I have to go out of the repositories to add lame?<br></blockquote><div><br><br>Before you can install lame,&nbsp; you have to add this line to your /etc/apt/sources.list:<br>
deb http://www.debian-multimedia.org etch main<br>(you may replace etch by stable of course).<br>
<br>


Then do an aptitude update and first install the debian-multimedia-keyring:<br>
aptitude install debian-multimedia-keyring<br><br>Then aptitude install lame. That&#39;s all.<br><br>Manon.<br><br><br><br>
<br>


</div><br></div><br>



------=_Part_169383_2063376.1185478747168--


Can we help you?X

Date: Thu, 26 Jul 2007 14:45:57 -0500


From: Ron Johnson <ron.l.johnson@cox.net>
To: debian-user@lists.debian.org


Subject: Re: why do iceweasel et al have more frequent security issues?

Message-ID: <46A8F9F5.4060306@cox.net>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNED MESSAGE-----


Hash: SHA1



On 07/26/07 14:01, Andrew J. Barr wrote:

> On 7/26/07, Mathias Brodala <info@noctus.net> wrote:
>> Hi Douglas.
>>
>> Douglas Allan Tutty, 26.07.2007 18:23:
>> > It seems that the mozilla-derived browsers have security issues
>> > requiring updates far more frequently than other browsers like
>> Konqueror
>> > or links2.
>>
>> Aside from the fact that one software really can be more secure than
>> another one
>> is this the result of an increased usage. The more people use Gecko
>> browsers,
>> the more bugs can be found willingly or unwillingly. And the more
>> people use
>> Gecko browsers, the more lucrative is it to find security holes and
>> damage
>> systems this way.
> 
> Isn't this the same argument Windows weenies use against Linux when
> their platform of choice is rightfully chastised for being a complete
> and total security nightmare?

Yes.



But it's also "more eyes makes shallower bugs".


>                                And most of the time, it's laughed
> off...if I'm not mistaken, because of fundamental design differences
> between Linux and Windows--e.g. in Windows the vast majority of
> software will not run correctly without administrator privileges (yes,
> even in Vista) so you have a situation equivalent to running your
> desktop environment session as root, which, if more people did,
> perhaps we'd have a similar security situation on the Linux desktop?

Except that Unix doesn't have VBA (Visual Basic for Applications),
which allows for all sorts of scripted nastiness.



But yes, running 100% as root would let bad guys install viruses
just like in Windows.



  •   --
Ron Johnson, Jr.
Jefferson LA  USA



Can't find what you're looking for?X

Give a man a fish, and he eats for a day.
Hit him with a fish, and he goes away for good!


-----BEGIN PGP SIGNATURE-----


Version: GnuPG v1.4.6 (GNU/Linux)



iD8DBQFGqPn1S9HxQb37XmcRAjQ+AKDIeAkQXwK3cmS+ossluMz5AMGp0gCgoCRg
AxC0vGTbGuVbR+qEXqpRgl4=


=MoUb

-----END PGP SIGNATURE-----


Date: Thu, 26 Jul 2007 13:48:18 -0600


From: bob@proulx.com (Bob Proulx)


To: debian-user@lists.debian.org


Subject: Re: adduser kills sound pt. 3

Message-ID: <20070726194818.GC12790@dementia.proulx.com>
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline


Oleg Verych wrote:

> Rick Spillane wrote:
> > In the future, I will *not* use adduser, and I would
> > recommend that Debian have this application not be in the default path
> > or some substitute that issues a warning.

Strange.  adduser has always worked perfectly for me.


> Funny, i've discovered, how bloated adduser is yesterday, while
> developing my aggressive distro-cleaner. Now i'm thinking about
> writing patches at least for exim4 and cron to have support for
> ordinary useradd from passwd package.

It is Policy for packages to use adduser and addgroup.  Patches to
avoid using it would be a policy bug by definition and should be
rejected.


Don't know where to look next?X

  http://www.debian.org/doc/debian-policy/ch-opersys.html#s9.2.2

Bloated?  What do you mean?  If I don't include documentation because
most people consider documentation to always be a good thing then I
only see these files.  How is adduser bloated?


  /etc/deluser.conf
  /usr/sbin/addgroup
  /usr/sbin/adduser
  /usr/sbin/delgroup
  /usr/sbin/deluser
  /usr/share/adduser/adduser.conf

Confused? Frustrated?X

  /usr/share/lintian/overrides/adduser
  /usr/share/perl5/Debian/AdduserCommon.pm


If there is a problem with adduser then it should be reported so that
it can be addressed.  The BTS does not show anything too scary.  It is
in heavy use by thousands of users.  I think that specific examples of
problems need to be shown before we can start thinking that there is a
problem with adduser.  (Although I am sure that the code could be
improved.  That is almost always true of any project.)



Bob



Date: Thu, 26 Jul 2007 13:51:27 -0600


From: bob@proulx.com (Bob Proulx)


To: debian-user@lists.debian.org


Subject: Re: Sarge: Lost # of failed logins

Message-ID: <20070726195127.GD12790@dementia.proulx.com>
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline


Mumia W.. wrote:

> I'm using Sarge. When I log in, I no longer get a message telling me the 
> # of failed logins.
> 
> For example, if I try to login but use a wrong password, when I try 
> again using the real password, I should see a message saying "1 failed 
> login attempts." I no longer get that message.

I personally have never seen such a message.  You must have previously
installed or configured something that added that functionality.


Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365X
> How do I get it back, and what could I have changed to make it go away 
> in the first place?

It sounds to me that this was a local configuration that you had
created previously.  Whatever you did before you would need to do
again or debug.



By the way...  Sarge is now oldstable and the new stable is Etch.
Consider upgrading.  Eventually security upgrade support for Sarge
will be dropped.



Bob



Date: Thu, 26 Jul 2007 19:52:44 +0000 (UTC)
From: Steven <hairpinblue@yahoo.com>


To: debian-user@lists.debian.org


Subject:  Re: resolv.conf getting  overwritten

Message-ID: 
Content-Type:  text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable


On Thu, 26 Jul 2007 20:07:05 +0100, Harvey Kelly wrote:


> No matter what, /etc/resolv.conf will get overwritten with
Do you need help?X

Do you have the package 'resolvconf' installed?  It's required by some=20
other common network packages.  I had to read the docs/README a few times=
=20


when it first showed up in Sid because it drove me nuts.



Date: Thu, 26 Jul 2007 22:03:37 +0200


From: Davide Mancusi <arekfu@gmail.com>


To: Debian User <debian-user@lists.debian.org>
Subject: Re: resolv.conf getting  overwritten

Message-ID: <46A8FE19.9030503@gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

> No matter what, /etc/resolv.conf will get overwritten
> with 
> 
> nameserver 127.0.0.1

Are you using laptop-net (or similar packages)? It overwrites 
resolv.conf based on its internal configuration.



Davide

-- 
A tautology is a thing which is tautological.
--
Time flies like an arrow.  Fruit flies like a banana.


Date: Thu, 26 Jul 2007 14:05:18 -0600
From: bob@proulx.com (Bob Proulx)
To: debian-user@lists.debian.org
Subject: Re: RAID1 Boot Partition
Message-ID: <20070726200518.GE12790@dementia.proulx.com>
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

Andrew Sackville-West wrote:

> Chaim Keren Tzion wrote:
> > I have been trying to set up a software RAID1 system with two 320GB SATA 
> > disks.


Sounds reasonable.  I have done this many times.


> > I have followed the instructions at both these links below (using lenny 
> > instead of etch because of what seems to be unsupported hardware in the older 
> > kernel):
> > http://ads.wars-nicht.de/blog/archives/54-Install-Debian-Etch-on-a-Software-Raid-1-with-S-ATA-disks.html
> > and
> > http://www.networkjack.info/blog/2007/01/03/debian-linux-etch-software-raid-1/
> > 
> > I had issues with both procedures.
> > 1. Both of them failed when I chose to install the "Standard system" item in 
> > the tasksel stage of the install.


What was the failure?  This may be unrelated to linux kernel software
raid.  If you have time and resources it may be useful to install a
test system without raid to verify that your hardware is otherwise
supported.  I say that since you mention that hardware support drove
you to Lenny.


> > 2. When I chose to not install the "Standard system" I
> > A) got a minimalistic system which uses lilo(yuck) as a boot loader
> 
> so install grub. (probably after the stuff below...)


The debian installer selects lilo if it does not think grub will
work.  For example if /boot is on lvm then lilo is selected.  So the
fact that the d-i selected lilo indicates to me that you have something
in your setup wrong.  In which case installing grub specifically
probably won't help and probably won't lead to a successful boot.


> > B) The RAID1 MD device that I created for the /boot partition exists but was 
> > not added to the /etc/fstab, no files were written to that device/partition 
> > and the system actually boots from the root MD device instead.
> 
> create a mount point: /newboot, mount the md0 device there, copy over
> the /boot stuff to /newboot. umount /newboot and remount it at
> /boot. manually install grub to each of the disks so that you can boot
> from either one. Fix up your /boot/grub/menu.lst so that it points to the
> right devices...


Sounds reasonable.  And the exercise would lead to a better
understanding of the process.  But if this is a fresh installation
then it might be easier and create a cleaner to do it again and figure
out what was incorrectly set up the first time.


> > 3) The second URL above uses LVM which I wouldn't have used otherwise but I 
> > was desperate to finally get the RAID to work and followed the instructions 
> > exactly. Is LVM any type of requirement for a software RAID system?
> 
> nope.


Agreed.  I always use lvm but incorrect usage can lead to problems
such as indicated by the d-i installing lilo instead of grub.


> > The system works but everything is on the root MD device.
> > Any ideas/pointers on how to do it right?
> > 1. I preffer Grub


I strongly prefer grub.


> > 2. Would like to boot off the first MD device/partition
> > 3. I preffer not using LVM
> > 4. I would like to have the "Standard system" packages install.
> 
> 4. you can rerun tasksel and pick the standard system from there.


Is "Standard System" one of the options when running tasksel again?  I
don't see it there.

  tasksel --list-tasks
  u desktop       Desktop environment
  u web-server    Web server
  u print-server  Print server
  u dns-server    DNS server
  u file-server   File server
  u mail-server   Mail server
  u database-server       SQL database
  u laptop        Laptop
  u manual        manual package selection

Bob



Date: Thu, 26 Jul 2007 14:11:59 -0600
From: bob@proulx.com (Bob Proulx)
To: debian-user@lists.debian.org
Subject: Re: laptop keyboard settings in debian etch
Message-ID: <20070726201159.GF12790@dementia.proulx.com>
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

Erico wrote:

> I have installed debian etch and would like to configure a laptop us
> keyboard
> 
> how can I do that ?


  $ sudo dpkg-reconfigure xserver-xorg


> /etc/default/console-setup :
> XKBLAYOUT="es"
> or /etc/X11/xorg.conf :
> Option          "XkbLayout"     "es"


That looks to be a spanish keyboard layout.


> Now when I get into gnome it says my X11 configuration is diferent then
> gnome


Do you have a ~/.[Xx]modmap* file?

Bob


Do you need more help?X

Date: Thu, 26 Jul 2007 16:16:36 -0400
From: Hal Vaughan <hal@thresholddigital.com>
To: debian-user@lists.debian.org
Subject: Re: Where is Lame in Sarge?
Message-Id: <200707261616.36341.hal@thresholddigital.com>
Content-Type: text/plain;
  charset="iso-8859-15"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

On Thursday 26 July 2007, Manon Metten wrote:

> Hi Hal,
>
> On 7/26/07, Hal Vaughan <hal@thresholddigital.com> wrote:
>
> I have a server running Sarge.  I tried to find lame and got this:
> > <Snip>
> >
> > Neither toolame or glame provide lame itself.  It's LPGL, does that
> > create a conflict with Debian's social contract?
> >
> > Do I have to go out of the repositories to add lame?
>
> Before you can install lame,  you have to add this line to your
> /etc/apt/sources.list:
> deb http://www.debian-multimedia.org etch main
> (you may replace etch by stable of course).
>
> Then do an aptitude update and first install the
> debian-multimedia-keyring: aptitude install debian-multimedia-keyring
>
> Then aptitude install lame. That's all.
>
> Manon.


Is this fairly new?  I had never had a problem before, but I may not 
have been trying to do anything with multimedia on Sarge before.

I tried this, but used the line:

deb http://www.debian-multimedia.org sarge main

aptitude could not get the Packages file from that source.  I checked:

http://www.debian-multimedia.org

and there's a note to use:

deb http://mirror.home-dn.net/debian-multimedia sarge main  

instead if you're still on Sarge.  I've tried that a couple times to be 
sure, but aptitude still can't get the Packages file.  I downloaded 
debian-multimedia-keyring and installed it with dpkg.  Then when I did 
an update, there was no problem reading the Packages file.  From there, 
installing lame worked perfectly.

Thanks for the help on that!

Hal



Date: Thu, 26 Jul 2007 21:19:18 +0100 (BST)
From: Harvey Kelly <hrvyklly@yahoo.co.uk>
To: Debian User <debian-user@lists.debian.org>
Subject: Re: resolv.conf getting  overwritten
Message-ID: <237859.6271.qm@web26914.mail.ukl.yahoo.com>
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable

Hi Steven,

No I didn't(!), so I've apt-gotten it and I'll see if
that works...

--- Steven <hairpinblue@yahoo.com> wrote:


> On Thu, 26 Jul 2007 20:07:05 +0100, Harvey Kelly
> wrote:
>=20
> > No matter what, /etc/resolv.conf will get
> overwritten with
>=20
> Do you have the package 'resolvconf' installed?=20
> It's required by some=20
> other common network packages.  I had to read the
> docs/README a few times=20
> when it first showed up in Sid because it drove me
> nuts.
>=20
>=20
> --=20
> To UNSUBSCRIBE, email to
> debian-user-REQUEST@lists.debian.org=20
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
>=20
>=20




      ___________________________________________________________
Yahoo! Answers - Got a question? Someone out there knows the answer. Try =
it
now.
http://uk.answers.yahoo.com/=20

Date: Thu, 26 Jul 2007 14:30:15 -0600
From: bob@proulx.com (Bob Proulx)
To: debian-user@lists.debian.org
Subject: Re: Where is Lame in Sarge?
Message-ID: <20070726203015.GG12790@dementia.proulx.com>
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

Hal Vaughan wrote:

> Manon Metten wrote:
> > Hal Vaughan wrote:
> > > Neither toolame or glame provide lame itself.  It's LPGL, does that
> > > create a conflict with Debian's social contract?


The mp3 encoder is patented outside of the context of the software
license for that particular program.

  http://en.wikipedia.org/wiki/MP3#Licensing_and_patent_issues
> > Before you can install lame,  you have to add this line to your
> > /etc/apt/sources.list:
> Is this fairly new?  I had never had a problem before, but I may not 
> have been trying to do anything with multimedia on Sarge before.


This has been true thoughout the history of Sarge.  And Sarge released
June 2005.  It has subsequently been replaced with Etch released April
2007.  You really should consider upgrading to Etch at least before
Lenny releases.  :-)

That depot has been moved around to various places over the last
few years.  It seems to be at a permanent home now at
www.debian-multimedia.org.

Bob



Date: Thu, 26 Jul 2007 22:29:49 +0200
From: Florian Kulzer <florian.kulzer+debian@icfo.es>
To: debian-user@lists.debian.org
Subject: Re: Sarge: Lost # of failed logins
Message-ID: <20070726202949.GA15659@localhost>
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

On Thu, Jul 26, 2007 at 13:51:27 -0600, Bob Proulx wrote:

> Mumia W.. wrote:
> > I'm using Sarge. When I log in, I no longer get a message telling me the 
> > # of failed logins.
> > 
> > For example, if I try to login but use a wrong password, when I try 
> > again using the real password, I should see a message saying "1 failed 
> > login attempts." I no longer get that message.
> 
> I personally have never seen such a message.  You must have previously
> installed or configured something that added that functionality.


I have been using Debian for about 5 years now. As far as I remember, it
always had the "n failure(s) since last login" message (if n was greater
than zero). I never had to do anything to set it up, therefore I
unfortunately don't know exactly how it works. My best guess is that it
involves some PAM modules which parse /var/log/faillog and/or use the
"faillog" command. Maybe this link helps to track it down:

http://linux.sys-con.com/read/49058.htm

(search for "faillog" on that page)

-- 
Regards,            | http://users.icfo.es/Florian.Kulzer
          Florian   |



Date: Thu, 26 Jul 2007 22:52:07 +0200
From: Erik Persson <erik-maillist@djingis.se>
To: debian-user@lists.debian.org
Subject: Re: why do iceweasel et al have more frequent security issues?
Message-ID: <46A90977.2090701@djingis.se>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

Douglas Allan Tutty wrote:

> It seems that the mozilla-derived browsers have security issues
> requiring updates far more frequently than other browsers like Konqueror
> or links2.
> 
> I'm curious as to why this is.  Does anyone have any ideas?  
> 
> I'm on dialup and switched to Konq for this very reason but sometimes I
> have a website that doesn't work and its handy to see if iceweasel will
> view it.  (so far the only one is the adobe flashplayer test page).
> 
> Doug.


As you can see from the other answers, nobody has a clue if the 
mozilla-based browsers are less secure than the konq or not. I haven't 
inspected the code either, so I don't have any more facts than anyone 
else. I do NOT agree with the other answers however.

If there are fewer security alerts with Konq the only reasonable 
conclusion, if you don't have strong facts pointing the other way, is 
that Konq is more secure, and that this is partly because of better 
code. The larger userbase of Firefox is very likely to generate a larger 
number of discovered security issues, but as far as I know, no one can 
tell you how many more bugs are generated per user or per extra 
programmer, and probably no one can tell you the how user base and 
security issue rate correlate more precisely. From this, the most 
reasonable conclusion is that Konq is more secure.
Anyhow, the basic fact that there is fewer security alerts in Konq makes 
this a more secure browser, whether this maybe is because only of a 
smaller user base or not.

/erik



Date: Thu, 26 Jul 2007 22:43:29 +0200
From: danteonline@gmail.com
To: debian-user@lists.debian.org
Subject: Several GTK-apps not working anymore after update
Message-Id: <200707262243.29824.danteonline@gmail.com>
Content-Type: text/plain;
  charset="utf-8"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Hello there

I'm new to this submit-bugs-thing and I hope I'm not doing anything terribly 
wrong here.

I could not determine what package contains the bug, so I'm mailing to this 
list.

Problem: I updated my debian lenny/sid system today (at about 14:00 CET, 
26.07.07). 
After that update, I noticed that i couldn't launch iceweasel anymore, it gave 
me the error:

<error>

Pango-ERROR **: file pangofc-fontmap.c: line 438 (pango_fc_font_map_add): 
assertion failed: (fcfont->fontmap == NULL)
aborting...

</error>

The big problem is, that message also appears in applications like zenity. 
Other apps, like gimp, pidgin and quodlibet fail to launch after the update 
too, but they don't seem to give me any distinct error output 
but "segmentation fault".

I assumed the bug was in either libpango1.0-0 or libpango1.0-common, due to 
the fact that I only have those packages installed that contain pango in the 
name.

Reinstalling libpango1.0-common gives me the following warning:

<error>

Cleaning up font configuration of pango...
Updating font configuration of pango...
Cleaning up category xfont..
Updating category xfont..
*** You don't have any defomized font packages.
*** So we are trying to force to generate pangox.aliases...

</error>

Note: I do have defoma installed, I even reinstalled.

Any suggestions? How can I test if the packages I installed are the official 
ones and not some 3rd party ones? I chose mirror.switch.ch for the packages.

Greets, Dante



Date: Thu, 26 Jul 2007 14:28:53 -0700
From: Andrew Sackville-West <andrew@farwestbilliards.com>
To: debian-user@lists.debian.org
Subject: Re: why do iceweasel et al have more frequent security issues?
Message-ID: <20070726212852.GB31753@localhost.localdomain>
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="qcHopEYAB45HaUaB"
Content-Disposition: inline

--qcHopEYAB45HaUaB
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Jul 26, 2007 at 10:52:07PM +0200, Erik Persson wrote:


> Anyhow, the basic fact that there is fewer security alerts in Konq makes=

=20

> this a more secure browser, whether this maybe is because only of a small=

er=20

> user base or not.


I'm sorry, and i hate to argue with people, but this last statement
just doesn't fly with me. security alerts are the result of someone
finding a security problem and reporting it. The fact that fewer
security alerts exist does _NOT_ mean that konq is more secure. It
only means it has fewer reported security problems. Now it _could_ be
that this is because there actually _are_ fewer security problems, but
it could _also_ be because no one has _found_ or reported
problems. There's an important distinction there. =20

WARNING! CAR ANALOGY!

if we have two cars parked side-by-side and mine is stolen (I'll
take the fall for this analogy ;) and yours is not, does that mean
that your car is more secure? no. it means someone looked for a way
into my car and exploited it. maybe they never even looked at your
car. maybe they don't like your car. There are any number of reasons
why your car was not stolen. it could be that they looked at your car
and decided it was too hard to steal because it had an alarm, in which
case it would be more secure, but that isn't necessarily why it wasn't
stolen.=20

END CAR ANALOGY!

a more pertinent fake example.

programmer X finds a security hole in konq that when visiting a
carefully crafted website, allows remote execution of code, privilege
escalation and ultimately results in a box getting
rooted. okay. that's obviously a security problem. but programmer X
doesn't report this problem and no security alert is issued. =20

programmer Y finds a security hole in mozilla that allows an already
installed plugin at a certain version to escalate its own privileges and as=
 a result
download and save a piece of code to disk with the name
"execute_me". Now if the user happens to see that file and thinks,
hmmm... I wonder what that is and executes it (after chmod +x) it does
a rm -rf on their home. programmer y reports this security hole and a
security alert is made detailing the problem.=20

now, clearly, the konq vulnerability is *much* more of a security risk
than the mozilla error, right? the mozilla one requires the plugin be
already installed and the right version and then requires the user to
actually chmod and execute the thing. the konq one just requires the
user to visit a carefully crafted website.=20

but based on what you've written above, because the mozilla one was
reported, then mozilla is less secure than konq. that doesn't add
up. And in fact, in my fake example above, the lack of security alert
makes konq even more of a security problem because 1) the right devs
might not know about the problem to issue a patch and 2) the public
doesn't know about the problem to avoid it until a patch comes along.

A

--qcHopEYAB45HaUaB
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGqRIUaIeIEqwil4YRAmlLAJ9wNHpvioo3yYjGIhY9cwL1MFP1xgCgzg6q
pkAaYRdEsd52obrQjBG0S0g=
=SGG8
-----END PGP SIGNATURE-----

--qcHopEYAB45HaUaB--

End of debian-user-digest Digest V2007 Issue #2030
**************************************************

Received on Thu Jul 26 17:34:47 2007

This archive was generated by hypermail 2.1.8 : Thu Aug 09 2007 - 19:05:31 EDT

Can we help you?X
Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library