IRC log of #maemo for Thursday, 2016-02-11

*** cccnnjj has joined #maemo		00:05
*** xes_ has quit IRC		00:06
*** xes_ has joined #maemo		00:07
*** arcean has quit IRC		00:12
*** eijk has joined #maemo		00:19
*** eijk_ has quit IRC		00:22
*** TriztAway has quit IRC		00:22
*** Trizt has joined #maemo		00:22
*** till has quit IRC		00:22
*** till has joined #maemo		00:23
*** florian has joined #maemo		00:24
jonwil	Is there anyone around who can help me out by testing something on their N900?	00:25
Sicelo009N	what is it, and what conditions for the test?	00:28
*** eijk has quit IRC		00:30
*** lobito has quit IRC		00:31
*** lobito has joined #maemo		00:32
*** M4rtinK2 has joined #maemo		00:33
*** krnlyng has quit IRC		00:36
*** pagurus has joined #maemo		00:36
*** Pali has quit IRC		00:37
*** krnlyng has joined #maemo		00:41
jonwil	I just want someone to try installing my new updated maemo-security-certman packages and then see what happens when they visit certain https websites	00:44
jonwil	Doesn't matter if you are running CSSU or not or what, I just want more data points	00:44
jonwil	right now we have one data point (me) that says "its broken" and another one from the forum that says "it works"	00:45
bencoh	hmm	00:45
Sicelo009N	i saw the thread	00:45
Sicelo009N	okay. will install	00:45
bencoh	I guess you're just not trying the same sites?	00:45
Sicelo009N	they are :)	00:46
jonwil	we are definatly trying the same sites	00:48
jonwil	Sicelo009N: Are you running CSSU?	00:48
Sicelo009N	yes, cssu testing on one, and thumb on the other.	00:49
*** xes__ has joined #maemo		00:51
jonwil	ok, great	00:51
*** xes_ has quit IRC		00:53
*** M4rtinK2 has quit IRC		00:58
Sicelo009N	taking long ... 2nd N900 acting up for some reason. rebooting it	01:00
*** xes__ is now known as xes		01:08
jonwil	ok	01:09
Sicelo009N	installed. rebooting again just to be sure. on to testing websites	01:09
Sicelo009N	jonwil: please remind me link for your bank.	01:11
*** sid14726 has joined #maemo		01:12
jonwil	try www.entrust.com	01:12
jonwil	that one doesn't work	01:12
jonwil	its the main website for the CA that is used by a bunch of broken sites	01:12
*** N-Mi has quit IRC		01:13
Sicelo009N	my bank's https site works .. entrust-based. trying entrust itself now	01:13
jonwil	is this on cssu-thumb or cssu-testing?	01:14
*** N-Mi has joined #maemo		01:14
Sicelo009N	cssu-testing.	01:16
*** l_bratch has quit IRC		01:17
Sicelo009N	entrust opening very slowly .. let's see what happens	01:17
*** l_bratch has joined #maemo		01:17
Sicelo009N	seems fine too	01:20
Sicelo009N	(hate it when microb sits there not loading a website when there's even no load on system)	01:22
*** svetlana has joined #maemo		01:26
Sicelo009N	jonwil: microsoft site fine too. so looks like you fixed the thing for us, and somehow left yourself in the dark. i got no idea how to help	01:26
jonwil	Its likely that something in CSSU may be a factor here	01:27
jonwil	Or something in one of my self-built packages	01:27
jonwil	I am going to see what happens if I use my "restore packages to stock" switcher and see what happens if I install just the new certificates	01:27
Sicelo009N	you're not on cssu?	01:28
jonwil	no, I am on a set of self-built packages built from CSSU Git	01:31
jonwil	mostly	01:31
jonwil	I just dont want all of CSSU for various reasons	01:31
*** krnlyng has quit IRC		01:32
Sicelo009N	in my culture, a person must eat food he cooks, just in case it's poisonous :p	01:32
jonwil	I am running all the packages that I have actually written code for (except those that aren't yet complete)	01:33
Sicelo009N	ah, at least	01:34
bencoh	:]	01:35
jonwil	ok, so running stock with just the new certman bits doesn't work either. Its entirely possible that there is something in CSSU that is impacting it or its possible something in your local system is making it work somehow	01:35
jonwil	e.g. some certificate has been cached by microb at some point or otherwise added to microb	01:35
jonwil	and that is causing things to work for you	01:35
Sicelo009N	ping anytime you need further tests :)	01:36
bencoh	jonwil: what about the certman-related entries in http://wiki.maemo.org/Community_SSU/Changelog ?	01:36
jonwil	I have all those patches	01:36
jonwil	My code lives in community ssu git after all :)	01:37
Sicelo009N	rebooting thumb N900 for the certs update.	01:37
jonwil	ok	01:37
*** Sicelo009N has quit IRC		01:38
jonwil	if GDB wasn't failing to properly debug microb-engine, I could see what is going wrong...	01:38
*** Sicelo009N has joined #maemo		01:40
*** pigeons_ is now known as pigeons		01:42
Sicelo009N	hmm, on my thumb system, all certificates are messed up now. many missing	01:43
Sicelo009N	only invalid ones remaining	01:43
Sicelo009N	will reinstall the packages	01:43
*** krnlyng has joined #maemo		01:45
Sicelo009N	oh gosh	01:46
Sicelo009N	jonwil: on your device, what do you see in the list of certificates? maybe you have invalids like i do here.	01:48
jonwil	Every certificate I see in the certificate manager applet is legit	01:50
jonwil	The ones marked "certificate not currently valid" is correct since those are the blacklisted ones	01:50
*** Bratch has joined #maemo		01:50
Sicelo009N	in my case i have only few certs, all invalid	01:50
Sicelo009N	what could be cause?	01:50
Sicelo009N	Leaving `diversion of /usr/lib/microb-engine/libnssckbi.so to /usr/lib/microb-engine/libnssckbi.mozilla by libmaemosec-certman0'	01:50
Sicelo009N	anything amiss with that line?	01:51
jonwil	nope, thats lefit	01:51
jonwil	what do you have in /etc/certs?	01:51
Sicelo009N	the 3 categories	01:52
Sicelo009N	in common-ca, lots of them	01:52
*** l_bratch has quit IRC		01:53
Sicelo009N	460 according to wc-l	01:53
jonwil	what about /etc/secure?	01:53
Sicelo009N	two directories, e and s.	01:55
jonwil	and in the s folder?	01:55
Sicelo009N	nothing in e, and 3 files in s	01:55
*** Bratch is now known as l_bratch		01:57
Sicelo009N	certman.common-ca does contain what seems to be a valid list	01:57
jonwil	ok, weird that it isn't installing properly on your thumb device when it worked for someone else with cssu-thumb and it worked for you on your other device	01:58
Sicelo009N	any idea how to recover? :/	02:07
Sicelo009N	trying to apt get reinstall those packages gives me "reinstallation is not possible, it cannot be downloaded"	02:08
Sicelo009N	let me look for debs	02:08
Sicelo009N	solved reinstallation, but my cert manager still only with invalid certs	02:16
*** sid14726 has quit IRC		02:18
*** krnlyng has quit IRC		02:30
jonwil	What version of maemosec-certman-applet do you have installed?	02:31
Sicelo009N	now install 0.2.3	02:36
Sicelo009N	maybe must reboot after reinstalling?	02:36
*** Sicelo009N has quit IRC		02:36
jonwil	yeah maybe	02:37
*** Kabouik has joined #maemo		02:37
Sicelo	didn't help	02:39
*** florian has quit IRC		02:40
*** Kabouik_ has quit IRC		02:40
*** Sicelo009N has joined #maemo		02:40
Sicelo009N	i hope there's a way to fix this without reflash. not keen on doing that	02:40
jonwil	Ok try this. dpkg -P on each of the maemosec-certman packages	02:41
jonwil	Then remove /etc/certs/* and /etc/secure/*	02:41
jonwil	then reinstall	02:41
jonwil	Thats the only thing I can suggest	02:41
Sicelo009N	what does dpkg -P do?	02:41
jonwil	Remove the package and all its config files	02:42
Sicelo009N	mp-fremantle... tied to it. cannot be removed :)	02:42
Sicelo009N	i'll remove the /etc/ stuff as you suggest and do a reinstall. let's see	02:43
jonwil	yeah try that	02:43
jonwil	Thats the only suggestion I have	02:43
Sicelo009N	absolutely no certs now	02:45
jonwil	ok, try reinstalling libnss3 and libss3-certs	02:45
jonwil	that might do something	02:45
jonwil	also try reinstalling maemosec-certman-applet and libmaemosec-certman-applet0	02:45
Sicelo009N	peop.e must not delete /etc/certs/* or /etc/secure/* it seems	02:48
jonwil	hmmm, I have no idea how to fix then, sorrry	02:48
Sicelo009N	when installing libmaemosec* now there's 'list' of certs that gets updated.	02:48
Sicelo009N	i guess i'll copy it over from 2nd N900	02:48
jonwil	yeah try that	02:49
jonwil	see what happens	02:49
Sicelo009N	jonwil: could it be that some of the postinst scripts in the debs has problem?	02:50
jonwil	Those haven'	02:50
jonwil	Haven't been touched from the Nokia originals	02:50
Sicelo	before copying over from 2nd N900, trying to downgrade back to 0.2.3 in case that makes a difference	02:52
jonwil	yeah try that	02:52
Sicelo	seems to be working .. pem files are coming in :)	02:52
Sicelo	okay.. seems good. let's see what applet seed	02:53
Sicelo	still blank. hmm	02:53
*** N-Mi has quit IRC		02:54
*** N-Mi has joined #maemo		02:55
Sicelo	jonwil: seems to me that some sort of "link" is missing/not being created?	02:56
*** Sicelo009N has quit IRC		02:56
jonwil	no idea	02:56
*** N-Mi has quit IRC		02:57
*** N-Mi has joined #maemo		02:57
Sicelo	cmcli -T common-ca -L gives no output.	03:01
*** TTilus has quit IRC		03:01
*** TTilus has joined #maemo		03:02
jonwil	Whats in /etc/secure/s?	03:07
Sicelo	certman.blacklist and certman.common-ca	03:09
Sicelo	this is really weird :-/	03:09
jonwil	whats the md5sum of those files?	03:10
*** Sicelo009N has joined #maemo		03:11
Sicelo009N	91794a35d379f34c89cf1599009d1f10 /etc/secure/s/certman.blacklist	03:12
Sicelo009N	ee7333ca72a2fe3d84406e0f9e37cb8b /etc/secure/s/certman.common-ca	03:12
jonwil	ok, those are what I have	03:12
jonwil	what do you have in /etc/certs	03:12
jonwil	trusted, common-ca, blacklist, right?	03:12
Sicelo009N	yes	03:13
jonwil	and in trusted you have?	03:13
Sicelo009N	nothing. hmm	03:14
jonwil	yeah that's your problem	03:15
jonwil	you should have root.ca and root.key there	03:15
Sicelo009N	comes from libmaemosec0, let me reinstall that	03:15
jonwil	yep	03:15
Sicelo009N	but this was there before..	03:15
jonwil	I am totally out of ideas to fix your system...	03:16
DocScrutinizer05	fwiw: 'default' CSSU system: http://paste.opensuse.org/99788683	03:16
Sicelo009N	wtf! reinstalling doesn't restore root.ca & root.key	03:18
Sicelo009N	:/	03:18
jonwil	weird	03:18
jonwil	copy from your other N900...	03:18
*** msava has quit IRC		03:21
*** msava has joined #maemo		03:24
DocScrutinizer05	I can't find any root.ca and root.key in http://oss.fruct.org/repository/pool/maemo5.0/non-free/m/maemo-security-certman/libmaemosec-certman0_0.1.6+0m5_armel.deb	03:24
Sicelo009N	good now :)	03:24
Sicelo009N	certificates showing in applet	03:25
Sicelo009N	and looking the same as other N900.	03:25
DocScrutinizer05	http://maemo.org/packages/view/libmaemosec0/ also sucks	03:26
jonwil	and do microsoft etc work or fail?	03:26
jonwil	since both should now be running the new set of root CA certs I believe	03:27
Sicelo009N	fail :(	03:27
*** krnlyng has joined #maemo		03:28
Sicelo009N	rebooting, although this doesn't seem to really help ...	03:29
*** Sicelo009N has quit IRC		03:29
DocScrutinizer05	jonwil: whats the problem with gdb?	03:30
DocScrutinizer05	missing source?	03:32
jonwil	no	03:32
jonwil	I connect to browserd with gdb --pid then break on the function I want then trigger it and gdb prints "Program terminated with signal SIGTRAP, Trace/breakpoint trap."	03:33
DocScrutinizer05	err	03:34
DocScrutinizer05	o.O	03:34
jonwil	very weird	03:35
DocScrutinizer05	>> I partially solved the issue by starting the application with GDB (instead of attaching the process)... Then its working fine.. No idea abt the root cause though..<<	03:36
jonwil	Starting with gdb wont work because of how browserd is started	03:36
DocScrutinizer05	maemo-launcher?	03:36
*** sid14726 has joined #maemo		03:36
DocScrutinizer05	ooh /sbin/dsme -p /usr/lib/dsme/libstartup.so	03:38
*** Sicelo009N has joined #maemo		03:38
DocScrutinizer05	hmmmm, I think you could patch the dsmetool command that starts browserd	03:39
jonwil	yeah probably	03:40
jonwil	not sure how though	03:40
DocScrutinizer05	or simply stop the browserd process via dsmetool and start it plain in gdb instead - after all dsme is only a glorified process monitor	03:40
DocScrutinizer05	friggin dsmetool has no option to list active processes	03:41
DocScrutinizer05	-k --stop=<cmd> Stop a process started with cmd	03:42
jonwil	that doesn't seem to work	03:43
DocScrutinizer05	stopping doesn't work?	03:44
jonwil	it says "not found, not root or kill failed"	03:44
DocScrutinizer05	wrong <cmd>	03:44
DocScrutinizer05	IroN900:~# dsmetool -k blabla	03:45
DocScrutinizer05	Process not killed: not found, not root or kill failed	03:45
jonwil	I dont know what to pass	03:45
jonwil	tried browserd	03:45
jonwil	and /usr/sbin/browserd	03:45
jonwil	no go	03:45
DocScrutinizer05	try /usr/sbin/browserd -d	03:45
jonwil	nope, no error but nothing is killed either	03:45
DocScrutinizer05	killall browserd until dsme gives up? dunno if it reboots system then	03:46
jonwil	yeah system reboot	03:47
DocScrutinizer05	find the cmdline "dsmetool.*browserd" in /etc	03:48
DocScrutinizer05	and /lib etc	03:48
DocScrutinizer05	or even xsession	03:48
DocScrutinizer05	/etc/X11/Xsession.post/30tablet-browser-daemon	03:50
DocScrutinizer05	simply remove/rename/chmod >>if test -x /usr/sbin/dsmetool; then<< ;-) -- then reboot	03:52
DocScrutinizer05	or edit that file	03:52
DocScrutinizer05	actually it starts browserd classical way when there's no dsmetool available	03:53
*** LauRoman has quit IRC		03:53
DocScrutinizer05	if test -x /usr/sbin/dsmetool; then /usr/sbin/dsmetool -c 3 -T 180 -m -17 -t "/usr/sbin/browserd -d" else	03:54
DocScrutinizer05	run-standalone.sh /usr/sbin/browserd -d -b fi	03:54
DocScrutinizer05	sheet	03:54
*** robbiethe1st has joined #maemo		03:54
DocScrutinizer05	anyway I can see how dsmetool might be doing things to browserd process that are not compatible with gdb	03:55
DocScrutinizer05	iirc there can only be one process monitor	03:55
DocScrutinizer05	dunno if dsme is a process monitor in that sense	03:55
*** LauRoman\|Phone has joined #maemo		03:56
*** bruce_lee has quit IRC		03:58
*** Oksana_ has joined #maemo		04:06
*** LauRoman\|Phone has quit IRC		04:10
*** heroux_ has joined #maemo		04:11
*** heroux has quit IRC		04:15
*** Oksana has quit IRC		04:15
*** stevenm has quit IRC		04:15
*** heroux_ is now known as heroux		04:15
jonwil	Not even sure that is the right browserd instance, my system is running 3 of them	04:21
jonwil	-d, -s 1512 -n RTComMessagingServer and -s 1539 -n browserui	04:21
*** stevenm has joined #maemo		04:22
jonwil	hildon-application-manager.launch also references browserd	04:22
jonwil	as does rtcom-messaging-ui	04:23
jonwil	if I can figure out what to do with a couple maemo-local patches for NSPR I might have another play at throwing in the most recent NSS/NSPR code (whatever is currently in mozilla-central mainline) and see if it builds or not	04:26
jonwil	but right now I gotta go out, got an appointment with a hairdresser :)	04:27
*** jonwil has quit IRC		04:27
*** eMHa__ has joined #maemo		04:29
*** eMHa_ has quit IRC		04:33
*** Kabouik has quit IRC		04:35
*** Oksana_ is now known as Oksana		04:36
DocScrutinizer05	jonwil: http://wstaw.org/m/2016/02/11/plasma-desktophj3616.png all those browserd instances are childs of one parent process. That's the essential 'trick' with browserd	04:36
*** Ex-Opesa has joined #maemo		04:38
*** Humpelstilzchen has joined #maemo		04:38
*** Defiant has quit IRC		04:41
*** krnlyng has quit IRC		04:45
*** sid14726 has quit IRC		04:47
Maxdamantus	They're basically "threads".	05:05
*** sid14726 has joined #maemo		05:15
*** RedM has quit IRC		05:20
*** RedW has joined #maemo		05:21
*** krnlyng has joined #maemo		05:29
*** Venusaur has quit IRC		05:40
*** Venusaur has joined #maemo		05:58
*** lxp has joined #maemo		06:02
*** lxp1 has quit IRC		06:03
*** sparetire has quit IRC		06:08
*** DocScrutinizer05 has quit IRC		06:17
*** DocScrutinizer05 has joined #maemo		06:17
*** robbiethe1st has quit IRC		06:18
*** sid14726 has quit IRC		06:27
*** Sicelo009N has quit IRC		07:03
*** sid14726 has joined #maemo		07:04
*** pagurus has quit IRC		07:13
*** RedM has joined #maemo		07:31
*** RedW has quit IRC		07:31
*** sid14726 has quit IRC		07:39
*** ashneo76 has quit IRC		07:47
*** sid14726 has joined #maemo		07:49
*** githogori has quit IRC		07:59
*** githogori has joined #maemo		08:01
*** disco_stu_droid has joined #maemo		08:09
*** disco_stu has quit IRC		08:09
*** disco_stu_droid is now known as disco_stu		08:10
brolin_empey	KotCzarny: Other than more connectors, is there any disadvantage to using an mSATA card on an mSATA ↔ 2.5-inch SATA adapter board instead of using a 2.5-inch SATA SSD?	08:18
*** shamus has quit IRC		08:19
*** shamus has joined #maemo		08:19
*** sid14726 has quit IRC		08:21
brolin_empey	Theoretically, an mSATA SSD installed on an mSATA ↔ 2.5-inch SATA adapter board is functionally equal to a 2.5-inch SATA SSD. However, I know from my personal experience that a CompactFlash (not CompactMagnetic) card installed on a CompactFlash card ↔ PATA adapter board is often not a drop-in replacement for a PATA HDD while a PATA SSD (not CompactFlash) is a drop-in replacement for a PATA HDD.	08:26
*** sid14726 has joined #maemo		08:30
KotCzarny	brolin_empey: if you see at the benchmarks of the same model of ssd, they are the same for ssd and msata (because connectors are just sata pins)	08:59
KotCzarny	one thing to note, if you install in pata--(m)sata adapter there is always controller chip issue	09:01
KotCzarny	but as i said, msata allows you to choose almost any drive model, and ssd with pata interface is almost always old and/or overpriced (2-3x)	09:02
Sicelo	freemangordon: please help jonwil with certificates :)	09:02
Sicelo	my daily N900 can no longer open https sites.	09:02
Sicelo	i remember you did some certificate magic for nokia supl server. maybe you would know what's going on here. by the way, the maemosec packages he produced work just fine for a user with cssu-thumb, work fine on my cssu-testing n900, but not on my thumb device, nor on jonwil's device.	09:04
*** sid14726 has quit IRC		09:05
freemangordon	Sicelo: it was more than 2 years i played with that. However, what I remember is that certificate order is very important	09:06
freemangordon	also, I don't understand what he does and why so many problems, iirc what one needs is essentially - use cmcli to import or remove the certificates, then copy the result in the source tree and rebuild	09:08
KotCzarny	well, he learns on-the-go	09:10
freemangordon	ok, here is what a certificate change commit looks like https://github.com/community-ssu/maemo-security-certman/commit/2cbd96e89d7529e1ce25801824fb76f39b05b836	09:12
freemangordon	I see nothing specia	09:12
freemangordon	l	09:12
freemangordon	see https://github.com/community-ssu/maemo-security-certman/commit/0be038825a98dae2d80fd411a02cb4c86ed1b36a too	09:13
Sicelo	he updated certificates, and all is good. but microb won't "see" them	09:13
freemangordon	does openssl see them?	09:14
freemangordon	openssl s_client that is	09:14
Sicelo	let me check. what's the command-u for that?	09:14
freemangordon	search google fro openssl s_client connect	09:14
*** sid14726 has joined #maemo		09:15
freemangordon	also, make sure to give CApath to openssl	09:15
Sicelo	what should that be?	09:16
freemangordon	/etc/$something	09:16
freemangordon	the certificates location	09:17
Wizzup	https://packages.debian.org/sid/ca-certificates perhaps this is somehow useful?	09:18
Wizzup	I am not sure if the took the certificates from there?	09:18
Sicelo	working	09:19
Sicelo	hmm,testing microsoft.com says "unable to get issuer certificate" .. so i guess that means not working?	09:22
KotCzarny	sicelo, i get that message also on stock n900	09:22
KotCzarny	and also on my laptop i think	09:22
Sicelo	hmm, well 2nd N900 does not return such message.	09:25
Sicelo	freemangordon: so looks like openssl not happy with them either :/	09:26
KotCzarny	it might be that my cert store on laptop is broken too	09:26
KotCzarny	is your 2nd n900 stock?	09:26
freemangordon	Sicelo: could you tell openssl to be verbose and pastebin the output?	09:27
*** jonwil has joined #maemo		09:27
freemangordon	jonwil: hi!	09:27
jonwil	hi	09:28
freemangordon	jonwil: which gdb do you use for debugging microb?	09:28
freemangordon	jonwil: also, read the backscroll	09:28
freemangordon	Sicelo: also tell openssl to dump the certificate chain	09:29
Sicelo	got to go see man page. no idea about those things haha	09:29
jonwil	gdb -v sayhs "	09:30
freemangordon	hmm?	09:30
jonwil	gdb -v says "6.8.50.20090417-debian"	09:30
freemangordon	try 7.1 from extras-devel	09:30
freemangordon	I put it there on a reason :(	09:30
jonwil	ok	09:30
freemangordon	jonwil: also, see my comment on certman commit	09:31
jonwil	FYI, cmcli -T verifies the chain of trust properly	09:33
freemangordon	jonwil: and what about openssl?	09:33
jonwil	I mean cmcli -T common-ca -v www.blah.com:443	09:33
jonwil	and yes openssl s_client does work	09:33
jonwil	so that means the certificates themselves are correct	09:33
freemangordon	hmm, "( 9,26,03) Sicelo: freemangordon: so looks like openssl not happy with them either :/"	09:33
freemangordon	though he might be using incorrect cmd	09:34
jonwil	yeah probably	09:34
freemangordon	jonwil: do you use openssl from cssu?	09:34
Sicelo	jonwil: what's the correct openssl cmd?	09:35
jonwil	If I run openssl s_client -CApath /etc/certs/common-ca -connect www.blah.com:443 it works for the sites that fail in microb	09:35
Sicelo	that's same command i ran. doesn't work for my 'bad' N900, but works on 2nd one	09:36
jonwil	what does it say when you run it on your failing N900?	09:36
*** sid14726 has quit IRC		09:36
Sicelo	unable to get local issuer certificate	09:36
Sicelo	let me try with cmcli	09:37
jonwil	yeah try cmcli -T common-ca -v www.blah.com:443	09:37
Sicelo	35ce3296a4a08fe1aa8d09650a9b3acb2cc1da64 www.entrust.net Verification failed: unable to get local issuer certificate	09:37
jonwil	weird	09:38
jonwil	so you are doing cmcli -T common-ca -v www.entrust.net:443 and its giving that error?	09:38
Sicelo	yes	09:38
jonwil	Ok can you grab the entire contents of /etc/certs and /etc/secure on your N900 and get them to me?	09:39
jonwil	I can see if they match my device (where that command I just typed works)	09:39
jonwil	Or I can help you undo all your changes and go back to what you had before you fiddled with maemo-security-certman earlier	09:40
Sicelo	http://paste.debian.net/379881/ .. this is output of	09:40
jonwil	Then you have a 100% working N900 again	09:40
Sicelo	openssl s_client -connect www.entrust.net:443 -CApath /etc/certs/common-ca/ -showcerts > MyDocs/openssl.txt	09:40
Sicelo	i can help a bit more :) will let you know when i can't take it anymore, haha. just this is my daily device where certs refused to work. Murphy's law	09:41
jonwil	Ok so get me the contents of /etc/certs and /etc/secure and I will see how that differs from what it should be	09:42
jonwil	Once we get cmcli working correctly then at least we know that that bit is working again	09:42
jonwil	Wizzup: the certificates came from the Mozilla certdata.txt file (the mozilla root CA store) and were updated following instructions and other bits given to me by Juhani Mäkelä (original Nokia author of maemo-security-certman package)	09:43
Sicelo	tar'red them up. where can i upload?	09:44
jonwil	You could post in http://talk.maemo.org/showthread.php?t=96433 and attach to the post?	09:45
*** sid14726 has joined #maemo		09:45
jonwil	That would work	09:45
Sicelo	jonwil: in case you, or i, disappear for some reason ... please document the 'recovery' method for whenever i may need it	09:45
jonwil	Its not something that can be easily documented since at various points in the process it would require you to do certain things then me to make decisions on what to do next based on certain information you give me :)	09:46
Wizzup	jonwil: ah, ok	09:46
jonwil	dont worry I wont be leaving IRC for houors (even if I go afk for a bit to e.g. have food)	09:47
jonwil	hours	09:47
Wizzup	jonwil: I was just wondering because it seems many linux distros take the certs from that package (including gentoo)	09:47
Wizzup	but they may just take it from mozilla as well	09:47
jonwil	Yep they do	09:49
jonwil	Lots of places get it from Mozilla because they trust the vetting process Mozilla uses	09:50
Sicelo	jonwil: posted to tmo	09:50
jonwil	Not sure where Chrome gets its root certificates from	09:50
*** eijk has joined #maemo		09:51
*** bruce_lee has joined #maemo		09:55
*** bruce_lee has joined #maemo		09:55
jonwil	ok so do you want me to help you get your system back to a functional state or do you want me to help you get the certificates to the same "working with cmcli etc but failing with microb" state I am in?	09:55
Wizzup	jonwil: one question, are all, or only some certificates failing with microb	09:56
jonwil	only some	09:56
Wizzup	And might that be related to perhaps using stronger crypto/hashes that are not supported by nss at that time	09:56
Wizzup	like some old browser having trouble with sha2	09:56
jonwil	Yes thats why I am looking into updating NSPR and NSS	09:57
Wizzup	that is, perhaps it will only be fixed by upgrading nss	09:57
Wizzup	Okay	09:57
Wizzup	Just wanted to point that possibility out :)	09:57
jonwil	Just need to deal with some microb-local patches to NSPR somehow	09:57
Wizzup	I see	09:57
jonwil	Sicello: Which option do you want?	09:57
kerio	Wizzup: no way, microb supports sha-256 signatures	09:58
Wizzup	kerio: okay, well, I'm guessing something out there may be missing	09:58
jonwil	Back to fully working or up to "works with cmcli but not with microb"?	09:58
jonwil	Updating NSS cant hurt anyway	09:58
Wizzup	I guess my sha2 example was a bad one :)	09:58
Wizzup	jonwil: indeed!	09:58
jonwil	and we need to do it if we want TLS1.2 etc	09:58
kerio	is there a more specific error message?	09:58
kerio	jonwil: +1	09:58
Wizzup	jonwil: +1	09:58
Wizzup	:)	09:59
kerio	and yes, we DEFINETELY want tls 1.2	09:59
kerio	"This seems like a good moment to reiterate that everything less than TLS 1.2 with an AEAD cipher suite is cryptographically broken." -- agl	09:59
jonwil	In terms of what we enable and disable there, we should trust Mozilla on that one	09:59
Sicelo	jonwil: out of which options? :)	10:00
jonwil	well we know Mozilla turns off SSL3	10:00
jonwil	and doesn't support it anymore	10:00
jonwil	so we should do the same when we update NSS	10:00
jonwil	But for example we should trust Mozilla when it comes to which versions of TLS to turn on and which to turn off	10:00
kerio	yeah just go with what firefox does	10:01
jonwil	I suspect trusting Firefox on issues related to SSL/TLS/HTTPS/CAs/etc is probably a fairly safe and sane thing to do	10:01
kerio	i mean, there's something to be said about disabling aes-256 ciphersuites	10:01
jonwil	Especially if we are using all their codebase for this stuff :)	10:02
kerio	because we're kinda lacking in... everything	10:02
Sicelo	okay. hmm, can't make up my mind. part of me wants to go on with the testing, but this is my daily device, so maybe let's just get it back to working state	10:02
jonwil	Ok so you are running what version of CSSU on this device?	10:02
jonwil	?	10:03
Sicelo	cssu thumb	10:04
jonwil	latest version of cssu-thumb?	10:09
jonwil	what version of mp-fremantle-community-pr does the system say you have?	10:09
jonwil	?	10:12
*** sid14726 has quit IRC		10:13
jonwil	Looks like Sicelo went AFK :P	10:18
Sicelo	sorry	10:22
Sicelo	at work	10:22
jonwil	oh ok	10:22
jonwil	but yeah what version of mp-fremantle-community-pr do you have?	10:22
Sicelo	*** 21.2011.38-1Tmaemo11+thumb0	10:23
jonwil	Ok so that's the most recent	10:24
jonwil	What you want to do is to open a root terminal	10:24
*** tanty_off is now known as tanty		10:24
Sicelo	sure	10:24
jonwil	You want to do dpkg -r mp-fremantle-community-pr	10:25
jonwil	then dpkg -P libmaemosec-certman0	10:25
jonwil	then dpkg -P libmaemosec0	10:25
jonwil	then dpkg -P maemosec-certman-common-ca	10:25
jonwil	then dpkg -P maemosec-certman-tools	10:25
jonwil	Then tell me what, if anything, is left in /etc/certs or /etc/secure	10:25
jonwil	You will be reinstalling all those packages including mp-fremantle-community-pr in a sec, don't worry	10:26
Sicelo	dependency problems with that .. wants to remove almost everything, due to mp-fremantle*	10:26
jonwil	hmmm ok	10:27
Sicelo	dpkg: error processing libmaemosec-certman0 (--purge): dependency problems - not removing	10:27
*** geaaru has joined #maemo		10:27
jonwil	ok	10:27
ceene	you can always do find /etc/certs -exec dpkg -S {} \;	10:27
ceene	and then compare it with the output of find /etc/certs	10:27
jonwil	Ok so remove /etc/certs completly	10:27
jonwil	and also /etc/secure	10:27
jonwil	Then download the .deb files in this paste	10:28
jonwil	http://pastebin.com/CSzTrD61	10:28
jonwil	and install them with dpkg -i in the order listed	10:28
jonwil	it may complain about certain packages being a downgrade but it should install them anyway	10:28
*** sid14726 has joined #maemo		10:28
*** florian has joined #maemo		10:30
Sicelo	ok. doing it now	10:32
*** hashcore has joined #maemo		10:36
kerio	hold on why are those in community-thumb	10:36
kerio	instead of community-devel	10:36
kerio	:\|	10:36
bencoh	I think he wants to rollback to a working state	10:38
bencoh	(on a thumb device)	10:38
*** LauRoman has joined #maemo		10:38
jonwil	They are in community-thumb because there is no thumb specific version of those	10:39
kerio	oooh i see	10:39
jonwil	and yes he wants to back to what he had before he started	10:39
jonwil	hence the need to go back to those packages	10:39
ceene	talking about certs, i think yappari registration is failing due to non compatible ciphering between WA servers and n900 supported protocols	10:39
Sicelo	why 0.2.2 though? why not 0.2.3	10:39
kerio	ceene: compile it with a static, more-recent openssl?	10:40
jonwil	0.2.2 is what cssu-thumb shipped	10:41
jonwil	and what mp-fremantle-community-pr for thumb points to	10:41
jonwil	why 0.3.2 isn't in cssu-thumb you will have to ask the maintainer of that	10:41
jonwil	I mean 0.2.3	10:42
ceene	kerio: i'm on it... i've already created an openssl deb package for n900, backported from debian	10:43
ceene	qt is smart enough to use latest installed openssl	10:43
kerio	hm, that would mess up with things tho	10:43
ceene	it won't	10:43
ceene	i've got both openssl packages installed on my n900 right now	10:43
Sicelo	ok	10:43
kerio	have you removed the symlink between libssl.so and libssl.so.yourversion	10:43
ceene	without any problem in a couple months or so	10:43
ceene	the thing is, most apps will search for the exact version of the library they were compiled against	10:44
ceene	but QT searches for all libssl.so* versions and dlopen()s it	10:44
bencoh	kerio: qt dlopens	10:44
kerio	D:	10:45
kerio	that sounds like a horrible way to do things	10:45
bencoh	qt inside.	10:45
kerio	lol	10:46
ceene	horrible or not, it's just what we need :)	10:47
ceene	i've still got to do a couple things	10:47
ceene	to disable ssl3	10:47
ceene	so i may have to patch qt itself	10:47
*** TriztAway has joined #maemo		10:48
jonwil	Sicelo: Does your system work again now?	10:51
*** geaaru has quit IRC		10:52
*** shamus has quit IRC		10:52
*** Trizt has quit IRC		10:52
*** shamus has joined #maemo		10:53
kerio	ceene: how does qt know how to use all the versions of openssl, though?	10:54
Sicelo	jonwil: mp-fremantle-community-pr depends on maemosec-certman-tools (>= 0.2.3); however: Version of maemosec-certman-tools on system is 0.2.2.	10:56
ceene	kerio: by finding /lib/libssl* and parsing the filename	10:57
ceene	i mean	10:57
ceene	you have to add support to the functions it will use	10:57
ceene	if there's some api change, then it has to implement it	10:57
Sicelo	crazy stuff going on here, lol. you found that we should be having 0.2.2?	10:57
*** geaaru has joined #maemo		10:57
jonwil	ok, try http://repository.maemo.org/community-testing/pool/fremantle/free/m/maemo-security-certman/libmaemosec-certman0_0.2.3_armel.deb http://repository.maemo.org/community-testing/pool/fremantle/free/m/maemo-security-certman/libmaemosec0_0.2.3_armel.deb http://repository.maemo.org/community-testing/pool/fremantle/free/m/maemo-security-certman/maemosec-certman-common-ca_0.2.3_all.deb...	10:58
jonwil	...http://repository.maemo.org/community-testing/pool/fremantle/free/m/maemo-security-certman/maemosec-certman-tools_0.2.3_armel.deb	10:58
jonwil	That should work	10:59
Sicelo	can i just use apt-get install :) specifying version?	10:59
jonwil	no since you already have a more recent version	10:59
jonwil	I dont know if apt-get can downgrade a package	10:59
jonwil	if it can, feel free to try it	10:59
Sicelo	it can	11:00
*** hashcore has quit IRC		11:00
*** sid14726 has quit IRC		11:04
Sicelo	few certs in /etc/certs/common-ca/	11:05
Sicelo	less than 10	11:05
Sicelo	nothing in /etc/certs/trusted	11:05
ceene	can you find /etc/certs/common-ca/ -exec dpkg -S {} \; ?	11:08
ceene	I'm curious as to what is kept ther	11:08
ceene	*there	11:08
jonwil	They only come from maemosec-certman-common-ca	11:18
jonwil	what do you see if you dpkg -L maemosec-certman-common-ca?	11:19
jonwil	Also you may want to try manually downloading the deb files and installing them with dpkg, that will probably restore the missing files	11:19
Sicelo	i did	11:20
jonwil	apt-get may not install the files when downgrading for some reason	11:20
Sicelo	dpkg -L lists all of the certs, but they are definitely not there	11:20
Sicelo	now that's crazy	11:20
jonwil	Very weird	11:20
jonwil	I am out of ideas	11:21
Sicelo	even the install process doesn't show the rest being installed	11:21
Sicelo	re-doing it make no difference	11:21
Sicelo	lemme reboot	11:22
*** sid14726 has joined #maemo		11:24
*** Vajb has quit IRC		11:27
*** hashcore has joined #maemo		11:28
jonwil	freemangordon: ping	11:29
Sicelo	dpkg -L is likely just spitting out contents of /var/lib/dpkg/info/maemosec-certman-common-ca.list even though the files themselves aren't there. let me extract the deb	11:38
jonwil	ok	11:40
Sicelo	so i dpkg -x the package, and manually ran its postinst. cmcli is happy now.	11:43
Sicelo	let me check microb	11:43
Sicelo	seems okay. loading entrust website successfully.	11:47
Sicelo	yhansuthanks for the help :)	11:48
Sicelo	bad typing :(	11:48
Sicelo	i'll play with your 0.2.4 stuff in the evening :)	11:48
*** Vajb has joined #maemo		11:49
*** bruce__lee has joined #maemo		11:52
*** bruce_lee has quit IRC		11:53
jonwil	ok, great :)	11:53
jonwil	Might help if I download the armel version of gdb 7.3.1 and not the i386 version :)	11:54
jonwil	Lets try that agaon	11:54
jonwil	again	11:54
Sicelo	this is going to be 'fun' one to debug i guess, as there is no consistency of behaviour	11:54
jonwil	Not really, once I actually get GDB working I should be able to see whats up	11:55
jonwil	right now if I visit www.entrust.com I get a SEC_ERROR_UNKNOWN_ISSUER error from microb	11:56
jonwil	so I intend to break on the function that spits out the error (PORT_SetError in nss) and from there work backwards	11:57
jonwil	and eventually I will be at some function I can single step or trace and see just what is going on	11:57
Sicelo	:)	11:58
jonwil	hmmm. newer version of GDB doesn't help	11:59
*** sid14726 has quit IRC		12:13
Sicelo	installed 0.2.4 again .. now i'm at least in same situation as you. no worse	12:15
Sicelo	openssl and cmcli both happy	12:16
kerio	jonwil: does https://nethack.dank.ninja/ work	12:22
Sicelo	yes	12:23
jonwil	That works for me	12:23
*** sid14726 has joined #maemo		12:24
*** LauRoman has quit IRC		12:25
jonwil	hmmm, I wonder if there is some sort of way to run microb-engine but not browserd	12:26
jonwil	Let me see what these other packages I get when building microb-engin edo	12:27
bencoh	?	12:28
*** LauRoman\|Alt has joined #maemo		12:28
jonwil	microb-engine builds a bunch of packages that aren't installed in the phone	12:28
*** bruce__lee has quit IRC		12:29
*** bruce__lee has joined #maemo		12:29
*** bruce__lee is now known as bruce_lee		12:29
bencoh	how would you run microb-engine without browserd?	12:29
jonwil	I dont mean using the browser UI	12:30
jonwil	browserd links to several libraries	12:30
jonwil	which contain the actual rendering engine and stuff	12:30
*** LauRoman has joined #maemo		12:30
jonwil	There are things built from the microb-engine source package that might provide a way to load that actual gecko code and pull web pages and stuff without going through browserd, browser-neteal or the normal browser UI	12:31
Maxdamantus	There's microb-xulrunner already in the repository fwiw	12:33
Maxdamantus	It's able to run things like an old version of Conkeror.	12:33
Maxdamantus	or maybe a newer one having manually added some promises library, iirc	12:34
jonwil	Yeah thats what I mean, getting microb-xulrunner and things from my microb-engine tree	12:35
*** capitanocrunch has joined #maemo		12:35
Maxdamantus	http://maxdamantus.eu.org/c900.png	12:41
Maxdamantus	It's reasonably usable tbh	12:42
Maxdamantus	The issue I had with Conkeror on my desktop is that the UI is convenient enough to have hundreds of tabs open.	12:42
Maxdamantus	which was kind of okay while I only had 3 GiB of RAM, since once it got to 120 or so tabs I'd just close a bunch of them to avoid unnecessary swapping.	12:43
Maxdamantus	now with 32 GiB of RAM it bottlenecks on the CPU at around 500 tabs, and cbf cleaning up 500 tabs.	12:44
Maxdamantus	Don't really want to have that issue on my phone.	12:44
*** clopez has quit IRC		12:50
*** capitanocrunch has left #maemo		12:50
*** clopez has joined #maemo		12:54
*** sid14726 has quit IRC		12:57
KotCzarny	o.o	12:58
KotCzarny	i usually have ~10-20 tabs at most	12:58
KotCzarny	if i want to read the site but dont want the tab i just bookmark it into 'to read' folder	12:59
*** eMHa__ has quit IRC		13:00
jonwil	ok, the plot thickens...	13:00
Wizzup	hm?	13:01
KotCzarny	nobody expected spanish inquisition	13:03
jonwil	If I access https://www.entrust.net/ in microb, it gives an error. If I access the same domain via microb-refui (built alongside the microb-engine bits I am using) the URL loads just fine	13:05
jonwil	by "in microb", I mean in the standard Maemo web UI	13:05
*** sid14726 has joined #maemo		13:08
*** zGrr has joined #maemo		13:08
*** ssvb has quit IRC		13:09
zGrr	moin	13:09
*** eMHa__ has joined #maemo		13:33
Sicelo	still doesn't answer why microb in other devices doesn't mind the new certs :/	13:38
*** sid14726 has quit IRC		13:41
*** sid14726 has joined #maemo		13:45
jonwil	HOLY CRAP I found the problem	13:56
bencoh	?	13:57
jonwil	making a forum post now	13:57
bencoh	suspens...	13:57
KotCzarny	;)	13:58
kerio	woop	14:00
jonwil	http://talk.maemo.org/showthread.php?t=96433&page=2	14:01
*** heroux has quit IRC		14:02
kerio	jonwil: i strongly doubt anyone actually uses personal certificates in microb	14:02
kerio	so you can probably just delete it	14:02
bencoh	?	14:03
bencoh	some people add exceptions, I guess (?)	14:04
kerio	how did they end up being stale, though?	14:04
jonwil	No idea	14:06
kerio	hold on gimme the debs	14:06
jonwil	I suspect they are intermediate certificates chaining off a specific root that is not in the new root CA store	14:06
kerio	makes sense	14:07
jonwil	but when the intermediates aren't in cert8.db, microb uses some newer intermediates chaining off a newer root that is in the new root CA store	14:07
jonwil	as for the debs of the new root CA stuff, http://talk.maemo.org/showthread.php?t=96430 has what you need	14:07
kerio	yeah but gimme some links i can wget	14:08
jonwil	I dont have the files uploaded anywhere you can wget	14:09
jonwil	unless you can wget forum attachements	14:09
Sicelo	i do use personal cert in microb	14:09
KotCzarny	i think you can	14:09
kerio	;-;	14:10
jonwil	At least I have the cause now	14:10
jonwil	Although that doesn't mean I wont keep trying to update NSS, we do want TLS1.2 support after all :)	14:11
Sicelo	\m/	14:11
Sicelo	jonwil: quick fix available?	14:12
jonwil	quick fix for what?	14:12
jonwil	the cert8.db problem?	14:12
jonwil	no, I dont have a fix yet	14:12
Sicelo	okay	14:12
jonwil	other than deleting the file and risking problems	14:12
jonwil	We need to find a proper way to clean out the crap without deleting anything important	14:13
Sicelo	agreed	14:13
kerio	how do i verify that jonwil's package isn't backdoored	14:14
jonwil	You cant really, but you have to trust the people who wrote CSSU for example didn't backdoor things	14:15
jonwil	or for that matter that original Nokia packages dont have backdoors	14:16
jonwil	Not that I would intentionally backdoor something	14:16
jonwil	I think backdoors are bad	14:16
kerio	suuuuuuure ;)	14:16
bencoh	kerio: does his package contain machine code?	14:16
bencoh	isn't it just certificates?	14:16
kerio	yes, it's "just" certificates	14:16
bencoh	"""just""" ;]	14:16
kerio	what if now my n900 is trusting "jonwil's super legit root CA"	14:17
Sicelo	i use personal certto access Outlook Web Access for work emails. can't use exchange activesync due to provisioning, and no imap/pop enabled	14:17
kerio	oh god i have to update like 8 billion things	14:17
bencoh	it isn't worse than, say, states CA :)	14:17
kerio	Sicelo: you should most definetely not delete cert8.db	14:17
KotCzarny	:)	14:18
KotCzarny	why not?	14:18
kerio	because it's likely that he has a client certificate stored there	14:19
kerio	do we have certutil?	14:19
kerio	yep, cert8.db has the certificates, key3.db has the keys	14:20
jonwil	The set of root certificates in my updated maemo-security-certman is an unchanged set from mozilla certdata.txt as of http://hg.mozilla.org/mozilla-central/rev/64df3815df9c	14:20
kerio	did you do a conversion to it, or do the package scripts do that?	14:21
jonwil	Or rather its that set of certificates minus whichever ones cmcli decided not to import (would need to dig deep into openssl source code to find out exactly the criteria for rejecting a certificate for import)	14:21
kerio	:\|	14:21
*** sid14726 has quit IRC		14:21
jonwil	This commit https://github.com/community-ssu/maemo-security-certman/commit/9076865275fb4e78578276afdff45f6f47389872 contains a backport of a fix from Harmattan	14:21
jonwil	plus a new set of root CA certificates	14:21
jonwil	plus the tool and instructions for importing mozilla certdata.txt file	14:22
Sicelo	kerio: i still have the original pfx files ;)	14:23
jonwil	You can thank Juhani Mäkelä (original author of maemo-security-certman) for their help in getting all this working	14:23
jonwil	They provided the parse-certdata-txt.c file and some very useful info on how to get things going (including the right cmcli commands to run and the right stuff to backport from Harmattan)	14:24
jonwil	I dont know enough about finnish names to tell if that is a man or a woman :P	14:25
kerio	entrust.com worksforme	14:27
kerio	or rather	14:27
kerio	i think it works for me	14:27
kerio	the page is very slow to load	14:27
jonwil	you must not have whatever bogus certificates are in my cert8.db file then	14:27
jonwil	does ib.boq.mobi work for you?	14:27
kerio	do we have a package with the nss certutil in	14:27
jonwil	I haven't figured out how to build the nss command line tools although I would really like to do that	14:28
*** erlehmann_ has joined #maemo		14:29
jonwil	anyhow, my phone is running out of juice after all this testing, better go plug it in to charge up :)	14:30
*** krnlyng has quit IRC		14:30
kerio	jonwil: libnss3-tools in debina?	14:33
kerio	debian	14:33
kerio	certutil: function failed: SEC_ERROR_LEGACY_DATABASE: The certificate/key database is in an old, unsupported format.	14:33
jonwil	We need to build the tools from the same nss source tree we have in microb-engine	14:34
kerio	this makes things a bit harder	14:34
jonwil	I am sure there is a way to modify the microb-engine build tree to build libnss3-tools or something similar	14:34
jonwil	Do that and we are golden	14:34
*** erlehmann_ has quit IRC		14:35
*** krnlyng has joined #maemo		14:35
*** msava has quit IRC		14:41
*** msava has joined #maemo		14:43
*** ecloud has quit IRC		14:43
*** ecloud has joined #maemo		14:44
*** sid14726 has joined #maemo		14:45
* Maxdamantus wonders why he wasn't able to copy his bootloader from one N900 to another by just reading/writing from/to /dev/mtd3		14:47
KotCzarny	maybe it was something else broken too	14:50
Maxdamantus	What sort of thing?	14:51
KotCzarny	fs corruption? kernel corrupted? config partition corrupted?	14:51
Maxdamantus	Everything worked the first time once it was able to load by u-boot build.	14:51
KotCzarny	dont know what were you doing	14:51
Maxdamantus	Copying my existing setup to another N900 I acquired.	14:52
KotCzarny	hmm, different revisions?	14:52
Maxdamantus	I just zeroed out the eMMC and emptied ubifs, repartition the eMMC and copied a backup of the main filesystem in.	14:52
Maxdamantus	and copied my boot directory and ubifs as it currently was on my existing one.	14:53
Maxdamantus	Who needs flasher?	14:53
KotCzarny	why do we care about ubifs anyway?	14:54
KotCzarny	it eats cycles and memory	14:54
KotCzarny	i remember using overlay fs long time ago on ancient 586 200mhz box, and it was noticably slower in disk operations	14:54
Maxdamantus	I'm still using kernel-power, which doesn't have built-in support for omap-hsmmc or ext4.	14:54
Maxdamantus	Don't really want to bother with an initramfs.	14:55
Maxdamantus	ubifs is basically my initramfs.	14:55
KotCzarny	who needs initramfs	14:55
Hurrian	nah, don't dd from one device to another - it doesn't handle the bad blocks quite right	14:55
Maxdamantus	Hm. That'd probably explain it.	14:55
KotCzarny	:)	14:56
Hurrian	you should prolly use "flasher --local"	14:56
Hurrian	:3	14:56
* Maxdamantus also noticed a bunch of messages about ECC when doing `rm -rf *` in the ubifs.		14:56
* Maxdamantus should probably have just recreated the filesystem, though he's not really familiar with ubifs/mtd.		14:57
DocScrutinizer05	((<ceene> but QT searches for all libssl.so* versions and dlopen()s it)) now that explains some nasty effects. e.g. why Silego GreenPack3 software mostly works on my OpenSuse system but simply blows chunks on "Save as..."	14:58
Hurrian	now, off to go and find myself another N900.	14:59
* Maxdamantus is meant to be getting a third one soon too.		14:59
Maxdamantus	then I'll have five N9* devices.	14:59
KotCzarny	:)	14:59
KotCzarny	i have 3.5	14:59
jonwil	I have just the one although I wish I had a second one for if/when this one stops working	15:00
Hurrian	mine croaked aaaaaaageeees ago, but it was way, way more useful than pretty much any other mobile device I have now	15:00
jonwil	but right now I dont have the funds for anything even vaguely related to tech stuff	15:00
Hurrian	if only I could find one on eBay that wasn't a refurb for $200...	15:00
Maxdamantus	I haven't confirmed that the $2 N97 works yet though .. I think the guy mailed the battery in a separate package.	15:00
Maxdamantus	and it seems like it's in fairly bad condition.	15:01
Maxdamantus	came with a 16 GB microSD card though.	15:01
* Maxdamantus sleeps.		15:02
*** heroux has joined #maemo		15:06
DocScrutinizer05	https://en.wikipedia.org/wiki/Juhani	15:17
DocScrutinizer05	male	15:17
jonwil	ok	15:18
Sicelo	didn't someone offer you N900 jonwil? :)	15:20
jonwil	possibly	15:20
jonwil	but I never followed it up	15:20
*** sid14726 has quit IRC		15:21
Sicelo	around the time you had bad USB port	15:23
jonwil	yeah that	15:24
jonwil	My phone works at the moment so I have no urgency to worry about replacing it or dealing with it	15:24
KotCzarny	if one would setup usb-fixing shop, there would be a lot of good n900s	15:25
kerio	KotCzarny: why shouldn't we care about ubifs?	15:26
kerio	the mtd is the fastest storage unit in the n900	15:26
KotCzarny	kerio, use nand only for booting part and move everything else to emmc/sd	15:27
kerio	which makes things waaaaaay slower	15:27
KotCzarny	does it?	15:28
KotCzarny	the slowest part is swapping	15:29
KotCzarny	not fs	15:29
KotCzarny	also, i run bpi/opi from sd card, and its fast enough (stride/stripe helps)	15:31
* jonwil wishes it wasn't so hard to find people who actually understand the inner workings of the Gecko rendering engine... :(		15:32
DocScrutinizer05	kerio: indeed I always wondered how much sense it would make to have a - say - 200MB swap on mtd and move the whole rootfs (modulo a stub pivotroot aka "initrd" of sorts) to mmc	15:34
kerio	it would probably make a lot of sense for the purpose of convenience	15:34
kerio	but it is a performance hit	15:34
KotCzarny	kerio, did you measure it?	15:35
DocScrutinizer05	nah, fast swap (particularly on write) way better for system performance on a system starving on RAM than a faster rootfs	15:35
kerio	not personally but i don't remember who did	15:35
kerio	someone did, tho	15:35
KotCzarny	10%? 50%?	15:36
*** jonwil has quit IRC		15:37
* DocScrutinizer05 suspects a nasty global-action TBIC button on jonwil's devices		15:38
DocScrutinizer05	how else comes he never says bye	15:38
KotCzarny	~greetings	15:39
infobot	greetomgs!	15:39
KotCzarny	~hello	15:39
infobot	Howdy Bub	15:39
KotCzarny	~internet time	15:39
*** sid14726 has joined #maemo		15:44
DocScrutinizer05	for some of you geeks this is possibly a nice read: http://www.dwheeler.com/essays/fixing-unix-linux-filenames.html	15:44
bencoh	~ugt	15:44
infobot	methinks ugt is Universal Greeting Time. Created in #mipslinux, it is a rule that states that whenever somebody enters an IRC channel it is always morning, and it is always late when the person leaves. The local time of any other people in the channel, including the greeter, is irrelevant. http://www.total-knowledge.com/~ilya/mips/ugt.html	15:44
DocScrutinizer05	and the links like http://www.dwheeler.com/essays/filenames-in-shell.html	15:45
DocScrutinizer05	this guy actually knows what he's talking about	15:46
*** troulouliou_div2 has joined #maemo		16:01
*** heroux has quit IRC		16:09
*** sparetire has joined #maemo		16:20
*** heroux has joined #maemo		16:27
*** Vajb has quit IRC		16:29
*** krnlyng has quit IRC		16:31
*** sid14726 has quit IRC		16:50
*** eijk has quit IRC		16:51
*** krnlyng has joined #maemo		16:52
*** Avasz has joined #maemo		16:57
Avasz	hi, I was happily browsing site in the afternoon (talk.maemo.org) and reviving my old n900. I haven't posted or done anything at all, just browsing the forum. And, now it says my ip is blocked. Can anyone help please?	16:58
Avasz	also, would like to know the reason why it was blocked.	16:58
KotCzarny	as for reviving:	16:59
KotCzarny	~flashing	16:59
Avasz	no.	16:59
infobot	well, maemo-flashing is http://wiki.maemo.org/Updating_the_tablet_firmware, or - on linux PC - download&extract http://maemo.cloud-7.de/maemo5/patches_n_tools/maemo-my-private-workdir.tgz, cd into it, do sudo ./flash-it-all.sh	16:59
Avasz	I mean, I need to unblock my ip, such that I can visit the forums. :)	16:59
Avasz	reviving = using it as server :D	17:00
KotCzarny	~unbanip	17:00
infobot	unbanip is probably please contact techstaff <at> maemo <dot> org with your request, or see ~techstaff	17:00
Avasz	sure, thanks.	17:01
Avasz	it said to contact staff in #maemo too, don't know who is the staff here though.	17:01
KotCzarny	and most likely your ip is in some spam db	17:01
Avasz	Sorry, it seems that you are using an IP address or a proxy that is listed in the forum anti spam blacklist.	17:02
Avasz	Feel free to contact our staff on irc freenode #maemo channel.	17:02
KotCzarny	change <at> into @ and <dot> into .	17:02
Avasz	sure, understood that.	17:02
Avasz	was browsing around 30 mins earlier, and next time trying to check a post about python 2.75 and it gets blocked. :(	17:03
KotCzarny	and if you are on dynamic ip try reconnecting modem	17:03
*** heroux has quit IRC		17:06
*** heroux has joined #maemo		17:06
*** hashcore has quit IRC		17:44
DocScrutinizer05	Avasz: please ping chem\|st, your IP is on some anti-sorum-spam blacklist	17:46
DocScrutinizer05	forum even	17:46
DocScrutinizer05	chem\|st: staff (for all that matters to talk.maemo.org	17:47
DocScrutinizer05	it's a pretty weird concept to have forum block users from reading stuff, but it seems nobody is willing to implement a better approach to only block login	17:48
*** yosafbridge has quit IRC		17:49
*** fk_lx_ has quit IRC		17:51
*** parazyd has quit IRC		17:51
DocScrutinizer05	Avasz: anyway not your fault	17:51
*** NIN101 has quit IRC		17:52
*** inz has quit IRC		17:54
*** Gizmokid2005 has quit IRC		17:54
*** alexey has quit IRC		17:55
*** heroux has quit IRC		17:55
*** parazyd has joined #maemo		17:56
*** heroux has joined #maemo		17:57
chem\|st	!ipunblock	17:57
*** xkr47 has quit IRC		17:57
bencoh	?	17:58
DocScrutinizer05	~	17:59
chem\|st	DocScrutinizer05: it is not only login, we got ddos'ed, and registration spammed, you cannot prevent a crowd attack from asia as those are real people	17:59
chem\|st	~ipunblock	17:59
chem\|st	~+bosnack	17:59
chem\|st	~botnack	17:59
chem\|st	nvm	17:59
chem\|st	I did not set it and do not remember	17:59
DocScrutinizer05	~unbanip	17:59
infobot	methinks unbanip is please contact techstaff <at> maemo <dot> org with your request, or see ~techstaff	17:59
bencoh	~techstaff	18:00
infobot	it has been said that techstaff is techstaff(AT)maemo.org - the folks that keep your maemo infra running. Devotion to Duty http://xkcd.com/705/	18:00
*** NIN101 has joined #maemo		18:00
chem\|st	and that is what the block page should read too	18:01
chem\|st	xes: maybe you can setup a nicer notification to the blocking, incl mentioning that most bigger TOR nodes are blocked for obvious reasons	18:02
*** capitanocrunch has joined #maemo		18:03
capitanocrunch	hi	18:03
*** Gizmokid2005 has joined #maemo		18:03
chem\|st	capitanocrunch: hi	18:03
*** fk_lx has joined #maemo		18:03
DocScrutinizer05	on unrelated OT sidenote: deadbeef is an awesome music player	18:03
capitanocrunch	i noticed issue for navit packages in maemo repos when apt-upgrade	18:04
capitanocrunch	iled to fetch http://repository.maemo.org/extras-devel/pool/fremantle/free/n/navit/navit_0.5.0+dfsg.1-1maemo1-6563_armel.deb Size mismatch	18:04
capitanocrunch	Failed to fetch http://repository.maemo.org/extras-devel/pool/fremantle/free/n/navit/navit-data_0.5.0+dfsg.1-1maemo1-6563_all.deb Size mismatch	18:04
bencoh	size mismatch?	18:04
DocScrutinizer05	that's what they saud	18:05
DocScrutinizer05	said*	18:05
bencoh	do you need to update your catalogue?	18:05
DocScrutinizer05	apt upgrade is strongly deprecated	18:05
*** yosafbridge has joined #maemo		18:05
DocScrutinizer05	PARTICULARLY from maemo-devel	18:06
DocScrutinizer05	almost sure bet to bork your system	18:06
capitanocrunch	im using apt-get update and then apt-get upgrade	18:06
DocScrutinizer05	see ^^^^	18:06
capitanocrunch	why deprecated?	18:07
*** fk_lx has quit IRC		18:08
*** fk_lx has joined #maemo		18:08
*** alexey has joined #maemo		18:08
*** inz has joined #maemo		18:08
capitanocrunch	so we have to use fapman?	18:08
DocScrutinizer05	top ten things to know about maemo: #1 maemo is almost a plain debian #2 maemo is NOT a plain debain #3 NEVER do apt-get upgarde or apt-get dist-upgrade when you got any but the basic repos enabled #4 never do apt-get upgrade at all #5... $yourcall	18:09
DocScrutinizer05	~fapman	18:09
infobot	hmm... fapman is Faster Application Manager, a frontend for apt which uses own repositories catalog, and shouldn't be used to do system upgrades (like CSSU), or actually for anything since ~speedyHAM. It also does "apt-get autoremove" after every operation, by default. In short, it's been identified as source of system corruption and thus deprecated, or see ~hamvsfam	18:09
DocScrutinizer05	~speedyham	18:10
infobot	hmm... speedyham is 30 times faster than HAM http://maemo.merlin1991.at/cssu/community-devel/pool/free/h/hildon-application-manager/hildon-application-manager_2.2.73-2_armel.deb	18:10
DocScrutinizer05	infobot: speedyham is also SpeedyHAM is included in CSSU now	18:10
infobot	DocScrutinizer05: okay	18:10
bencoh	nope, not in -stable	18:11
DocScrutinizer05	ok	18:11
DocScrutinizer05	~literal speedyham	18:11
infobot	"speedyham" is "30 times faster than HAM http://maemo.merlin1991.at/cssu/community-devel/pool/free/h/hildon-application-manager/hildon-application-manager_2.2.73-2_armel.deb. SpeedyHAM is included in CSSU now"	18:11
*** xkr47 has joined #maemo		18:11
DocScrutinizer05	infobot: no, speedyham is <reply>SpeedyHAM is 30 times faster than HAM http://maemo.merlin1991.at/cssu/community-devel/pool/free/h/hildon-application-manager/hildon-application-manager_2.2.73-2_armel.deb. SpeedyHAM is included in CSSU-testing now	18:12
infobot	okay, DocScrutinizer05	18:12
*** florian has quit IRC		18:15
*** arcean has joined #maemo		18:16
capitanocrunch	never knew of speedyham	18:17
*** Pali has joined #maemo		18:18
capitanocrunch	since im on cssu-stable, should i dpkg install the deb and give it a try?	18:19
DocScrutinizer05	sure, go ahead	18:19
freemangordon	I guess you can't, it has dependency to a newer glib	18:20
DocScrutinizer05	dang	18:20
bencoh	iirc I had to rebuild	18:20
freemangordon	:nod:	18:20
bencoh	I might have it around	18:20
freemangordon	maybe bencoh could hand you the .deb	18:20
DocScrutinizer05	but wait, you say testing has new glib, stable doesn't?	18:20
freemangordon	:nod:	18:20
DocScrutinizer05	capitanocrunch: move to testing ;-)	18:21
bencoh	new revision	18:21
DocScrutinizer05	it's the new stable :-P	18:21
freemangordon	or pester merlin1991 to issue a new -stable	18:21
DocScrutinizer05	"testing is the new stable" being a common meme in all $FOSS	18:21
freemangordon	it is about time already	18:22
*** geaaru has quit IRC		18:22
DocScrutinizer05	indeed	18:22
bencoh	indeed :)	18:22
*** heroux has quit IRC		18:22
bencoh	hmm, I wonder where it comes from, I cant find it on my server or my sb	18:22
DocScrutinizer05	lol	18:22
*** heroux has joined #maemo		18:23
bencoh	maybe it didn't depend on newer glib in the end	18:23
DocScrutinizer05	well, I'd strongly hope new glib wouldn't breal $all-old-packages	18:23
*** eijk has joined #maemo		18:24
DocScrutinizer05	break even	18:24
bencoh	dpkg-deb -I shows "libglib2.0-0 >= 2.20.0"	18:24
freemangordon	DocScrutinizer05: it is in -testing for umm... 2 years?	18:24
DocScrutinizer05	wouldn't make much sense to give a new lib to cssu-testing that renders all closed stuff borked and needs recomile for all open stuff	18:24
capitanocrunch	btw the top 10 things to know about maemo seem to be five not ten :0 and what $yourcall stands for?	18:25
bencoh	capitanocrunch: I suggest you give the .deb link a try	18:25
DocScrutinizer05	it's a vebose elipsis	18:25
bencoh	you know how to use dpkg/apt-get in case of trouble anyway ;p	18:25
*** Vajb has joined #maemo		18:26
freemangordon	DocScrutinizer05: https://github.com/community-ssu/glib/commit/c197df81ced094816f116ccd8d63d5fc507bf1ac	18:26
DocScrutinizer05	just rename the ham binary and copy the new one into place	18:26
bencoh	yuk	18:26
DocScrutinizer05	hrhr	18:26
DocScrutinizer05	quick&dirty, easy to revert	18:27
freemangordon	iirc it is not that easy	18:27
DocScrutinizer05	well, maybe not THAT easy, HAM might be under maemo-launcher	18:27
freemangordon	there are more binaries	18:28
DocScrutinizer05	plus a few other unexpected little fancies	18:28
freemangordon	like apt-worker	18:28
DocScrutinizer05	:nod:	18:28
DocScrutinizer05	the correct method would prolly be to temporarily add cssu-testing repo and then do an apt-get install	18:29
bencoh	you'd need to do some apt-pinning for that to work	18:30
bencoh	otherwise, you're doomed	18:30
DocScrutinizer05	or move to cssu-testing right away. it's really stable enough, as long as you can live with stock camera and a few other getting replaced by FOSS versions without real need for such update	18:30
DocScrutinizer05	bencoh: hiuh? why? isn't that supposed to only install 'new' version of HAM?	18:31
DocScrutinizer05	NB I didn't suggest apt-get upgrade but apt-get install $HAM	18:31
DocScrutinizer05	of course it might pull in dependencies you don't want, but then... what are your options, other than moving to cssu-t anyway	18:32
freemangordon	I wouldn;t recommend that, it will pull newer glib and there are some packages which are known to be broken (fixed in -testing)	18:32
DocScrutinizer05	so MEH, upgrade to testing, by simply installing cssu-testing over the cssu-stable version on your device	18:33
bencoh	:]	18:33
*** xkr47 has quit IRC		18:34
DocScrutinizer05	the instructions on ~cssu apply	18:34
capitanocrunch	ok, im going for testing	18:35
DocScrutinizer05	~cssu	18:35
infobot	i guess cssu is http://wiki.maemo.org/Community_SSU, or (Community Seamless Software Update)	18:35
DocScrutinizer05	one click and you're basically done ;-)	18:35
DocScrutinizer05	~hamvsfam	18:36
infobot	somebody said hamvsfam was https://mg.pov.lt/maemo-irclog/%23maemo.2013-10-28.log.html#t2013-10-28T10:44:33, or http://talk.maemo.org/showthread.php?t=93227	18:36
*** zGrr has quit IRC		18:38
*** ecc3g has quit IRC		18:38
*** heroux has quit IRC		18:38
*** ecc3g has joined #maemo		18:39
*** capitanocrunch has quit IRC		18:39
*** heroux has joined #maemo		18:50
*** heroux has quit IRC		19:01
*** arcean has quit IRC		19:04
*** xkr47 has joined #maemo		19:05
*** ashneo76 has joined #maemo		19:10
*** futpib has joined #maemo		19:11
*** troulouliou_div2 has quit IRC		19:29
*** msava has quit IRC		19:33
*** msava has joined #maemo		19:36
*** heroux has joined #maemo		19:37
*** sid14726 has joined #maemo		19:39
*** N-Mi has quit IRC		20:04
*** heroux has quit IRC		20:05
*** vakkov has quit IRC		20:06
*** sid14726 has quit IRC		20:07
*** eMHa__ has quit IRC		20:18
*** heroux has joined #maemo		20:21
*** vakkov has joined #maemo		20:22
*** heroux has quit IRC		20:27
*** ecloud has quit IRC		20:28
*** ecloud has joined #maemo		20:29
*** heroux has joined #maemo		20:31
*** eMHa__ has joined #maemo		20:31
*** ecloud has quit IRC		20:35
*** ecloud has joined #maemo		20:36
*** xelo has joined #maemo		20:40
*** ecloud has quit IRC		20:44
*** ecloud has joined #maemo		20:45
Maxdamantus	02:44:25 < DocScrutinizer05> for some of you geeks this is possibly a nice read: http://www.dwheeler.com/essays/fixing-unix-linux-filenames.html	21:07
Maxdamantus	You should be able to easily pass around arbitrary strings from shells to programs without it interpreting them in special ways.	21:08
Maxdamantus	anyway, gtg	21:08
* Maxdamantus has been thinking of writing a more sensible shell recently.		21:08
*** KotCzarny has quit IRC		21:09
*** heroux has quit IRC		21:16
*** xelo has quit IRC		21:16
*** vakkov has quit IRC		21:21
*** HRH_H_Cr1b is now known as HRH_H_Crab		21:21
*** heroux has joined #maemo		21:29
*** vakkov has joined #maemo		21:33
ecc3g	<sarcasm>I want to name my files with carriage returns and beeps so they stand out in ls -l ... </sarcasm>	21:35
*** florian has joined #maemo		21:36
*** ArGGu^^ has quit IRC		21:36
*** heroux has quit IRC		21:39
*** vectis3 has quit IRC		21:40
*** heroux has joined #maemo		21:42
DocScrutinizer05	ecc3g: not far from reality, with path names like >>file:///home/jr/Musik/King Crimson/King Crimson - 40th Anniversary Series/1974 - King Crimson - Red (2009, 40th Anniversary Series, CD+DVD-A, Discipline Global Mobile, UK, KCSP7)/DVD-A/KC_RED/KC_RED.iso<<	21:48
DocScrutinizer05	I got stuff with +;,{}()*?!$% in it	21:48
DocScrutinizer05	yes, generally you get away just with proper quoting	21:50
DocScrutinizer05	but proper quoting easily gets annoyingly complicated	21:51
DocScrutinizer05	particularly when you want to parse filenames, e.g. for a scripted renaming	21:51
DocScrutinizer05	at times even regex in sed turn into gibberish	21:52
*** heroux has quit IRC		21:53
*** ArGGu^^ has joined #maemo		21:55
*** heroux has joined #maemo		22:08
peetah	:xa	22:12
peetah	:xa	22:12
peetah	:xa	22:12
bencoh	Not and editorcommand	22:13
bencoh	(huhu, looks like I cant type)	22:13
*** odin_ has quit IRC		22:17
*** pagurus has joined #maemo		22:17
*** pagurus has quit IRC		22:23
*** heroux has quit IRC		22:24
*** pagurus has joined #maemo		22:24
*** M4rtinK2 has joined #maemo		22:36
*** vectis3 has joined #maemo		22:38
*** vectis has joined #maemo		22:38
*** jonwil has joined #maemo		22:39
*** vectis3 has quit IRC		22:40
jonwil	hi	22:41
*** futpib has quit IRC		22:48
*** heroux has joined #maemo		22:51
*** sid14726 has joined #maemo		22:57
*** heroux has quit IRC		22:59
Sicelo	hi jonwil :)	22:59
*** heroux has joined #maemo		23:01
*** arcean has joined #maemo		23:08
*** at1as has joined #maemo		23:10
*** pagurus has quit IRC		23:11
*** krnlyng has quit IRC		23:14
*** krnlyng has joined #maemo		23:15
*** SmilybOrg has joined #maemo		23:15
*** KotCzarny has joined #maemo		23:15
*** SmilyOrg has quit IRC		23:18
*** SmilybOrg has quit IRC		23:28
*** heroux has quit IRC		23:35
*** M4rtinK2 has quit IRC		23:40
*** sid14726 has quit IRC		23:42
*** heroux has joined #maemo		23:44
*** andril has joined #maemo		23:48
*** bruce_lee has quit IRC		23:49
*** SmilybOrg has joined #maemo		23:52
*** heroux has quit IRC		23:54
*** phlixi has quit IRC		23:58

Generated by irclog2html.py 2.15.1 by Marius Gedminas - find it at mg.pov.lt!