IRC log of #harmattan for Sunday, 2012-03-18

javispedrosomeone get me the MEIF specification =)00:00
javispedrothe gps chip on the n950 seemingly supports DGPS00:00
DocScrutinizerdifferential GPS? No shit?00:01
javispedrowell, wide-area DGPS at least00:01
DocScrutinizer~wtf dgps00:01
infobotGee...  I don't know what dgps means...00:01
javispedroyeah, differential.00:01
DocScrutinizerwow, that's... amazing00:02
javispedroSBAS mentioned there00:02
itsnotabigtruckso it would be possible to pick up waas signals and get higher accuracy?00:02
itsnotabigtruckwhat about n9?00:02
SpeedEvilWAAS is not dgps00:02
SpeedEvilNot really in the normal sense00:02
itsnotabigtruckoh, hrm00:02
SpeedEvilit's regional corrections, and gets you to a couple of meters or so accuracy00:03
javispedroSpeedEvil: but I think they mean WAAS and not DGPS00:03
SpeedEvilyou need a fairly nearby source to get to a few centimeters.00:03
itsnotabigtruckwhat about NDGPS then00:03
javispedroSpeedEvil: what do you make out of "wide-area DGPS"? Sounds like a marketish way of saying WAAS?00:04
virtualdhave you seen
itsnotabigtruckapparently WAAS is not DGPS but only technically, according to the wiki DGPS = any kind of gps augmentation based on ground transmitters00:04
SpeedEviljavispedro: yes00:04
SpeedEvilIt technically is DGPS00:04
itsnotabigtruckbut waas is ground based too00:04
SpeedEvilbut it's not DGPS in the sense of 'almost no error compared to normal GPS'00:04
itsnotabigtruckInstead, the FAA (and others) started studies for broadcasting the signals across the entire hemisphere from communications satellites in geostationary orbit. This has led to the Wide Area Augmentation System (WAAS) and similar systems, although these are generally not referred to as DGPS, or alternatively, "wide-area DGPS". WAAS offers accuracy similar to the USCG's ground-based DGPS networks, and there00:05
itsnotabigtruckhas been some argument that the latter will be turned off as WAAS becomes fully operational.00:05
javispedroitsnotabigtruck: waas is satellite based00:05
itsnotabigtrucksorry for uber-paste00:05
itsnotabigtruckjavispedro: you're right, it is00:05
itsnotabigtruckmis-read the wiki article00:05
SpeedEvilI'm awaiting a GPS dev board that'll let me do ~10cm accuracies.00:05
itsnotabigtrucksaw something about ground stations, but the ground stations feed into satellite broadcasts00:05
mgedmin"WAAS uses a network of ground-based reference stations"00:05
mgedminyou need both sats and ground stations for it00:05
itsnotabigtruckmgedmin: but the signals come from satellites and that's where the distinction is00:06
mgedminthe stations provide reference points, AFAIU, so you can calibrate the GPS error for a particular location00:06
SpeedEvilThat's how it works, yes.00:06
mgedminah, the data distribution is satellite-based  too!00:06
mgedminI didn't realize that00:06
SpeedEvilThe closer the ground station to you, the better your error.00:07
mgedminas a European I'm not particularly interested in WAAS, let's see what the wiki says about EGNOS00:07
SpeedEvilIT's the same.00:08
SpeedEvilJust different continent00:08
javispedroand as a European you're not very much interested in EGNOS ;P00:08
javispedrowell depends on where are you00:08
javispedrohere at least signal is very very weak00:08
mgedmin" ESA released in 2002 SISNeT,[5][6] an Internet service designed for continuous delivery of EGNOS signals to ground users."00:09
*** pinheiro has joined #harmattan00:09
itsnotabigtruckjust found that too00:09
javispedroSpeedEvil: seemingly on the N950 re gps we have a similar situation to the n810, gps speaking a "binary" protocol with a large blob over what is basically a serial link00:10
javispedroSpeedEvil: but unlike N810 protocol on N950 seems to be "Nokia standard" MEIF00:10
javispedro(under NDA wall though :( )00:10
javispedrothe blob on N950 is "nped"00:10
DocScrutinizerWAAS is about transmitting correction info for the 5*5km area (or somesuch) derived from stationary GPS references, via geostationary SV00:10
DocScrutinizerit's not what you usually think of when you use the term DGPS00:11
SpeedEvilUmm - I don't recall seeing large CPU activity.00:11
SpeedEvilWhen n950 GPS is active00:12
SpeedEvilSo it's very different from the 810, where it was to some degree a soft-gps00:12
javispedrono idea about the internals sadly00:12
javispedrobut nped definitely appears on top00:12
DocScrutinizerI might figue WAAS gets done in AP00:13
DocScrutinizeri.e. on "CPU"00:13
javispedrowith some constant 0.3-0.5% CPU at 600Mhz00:13
javispedroand the ME comes from "Measurement Engine", so it sounds kinda soft :)00:14
DocScrutinizeralso see:00:14
infobothmm... rrlp is the Radio Resource LCS (Location Service) Protocol as specified first in GSM TS 04.31, or
javispedronearly 1% CPU at 300Mhz00:14
DocScrutinizerthat's "control and user plane" AGPS mentioned in that broadcom paper00:15
javispedrothe iphone and quite a lot of android phones use this chip00:17
itsnotabigtrucklooks like nokia's a-gps is SUPL00:19
itsnotabigtruckany idea how much data is sent to the server with that00:19
DocScrutinizerI think ST-E DB7400 LTE modem has a GPS on chip00:19
itsnotabigtrucki didn't know about this RRLP business...sounds very dangerous00:19
DocScrutinizerRRLP is what they do in Navy CIS et al, when they "locate the phone"00:20
itsnotabigtruckyeah...i thought that was limited to radio triangulation but with rrlp they can get a precise fix00:21
itsnotabigtruckwhich would be leagues "better"00:21
DocScrutinizerthere's no easy way to do triangulation with normal BTS00:23
DocScrutinizeras the mobile is known only to servicing station00:24
DocScrutinizerand neither GSM nor UMTS have a means to force a mobile to reselect to another BTS00:25
SpeedEvilhandovers give you position00:26
DocScrutinizerso you can know about distance of mobile only to one point on earth that's the servicing BTS, and you dunno much about bearing of mobile from BTS00:26
DocScrutinizerhandovers give you position, but as explained one post above, there is no means to force such handover00:26
DocScrutinizerit even might be impossible in most situations (when the 'alternative' neighbour BTS is simply too far away to connect to it)00:27
SpeedEvilI mean when moving00:28
DocScrutinizerand TA is not one of the persistent parameters that get logged in BTS and could get queries after minutes or hours00:28
SpeedEvilIf you get a handover, you knwo the location00:28
DocScrutinizersure, you can advice the gangsta you eavesdrop, that he should move a few hundred meters to trigger a handover event ;-D00:29
DocScrutinizereven then you have at least 2 theoretical positions, as there are two solutions to the equation. In RL there are even more than 200:30
itsnotabigtruckDocScrutinizer: but if you've been tracking the gangsta all along, you'll get a handover sooner or later00:31
itsnotabigtruckand usually sooner, not later00:31
SpeedEvilIf you've been tracking it since the last handover,  one is clearly bogus00:31
virtualdor you might use an
DocScrutinizersure sure00:31
SpeedEvilpointless if you've got a cellphone network00:31
DocScrutinizerall not any valid solution to "McGee, locate the phone!"00:31
* SpeedEvil ponders again submitting a data protection request for all data held by his telco.00:32
SpeedEvilIncluding location records and any stored data of any form.00:32
DocScrutinizerlocation records have no TA, they usually not even have the sector of the BTS you're in00:33
DocScrutinizer(usual BTS have 3 sectors, some have 4)00:33
javispedro... McGee proceeds to use any of the multiple android remote holes to enable GPS on the criminal's smartphone00:33
SpeedEvilIt would be interesting to get teh actual answer though.00:33
javispedroand also make the phone say with spooky voice "please turn yourself over at the nearest NYC Police Department"00:33
DocScrutinizerjavispedro: nope, McGee is using RRLP00:33
javispedroMcGee needs no stinking RRLP00:34
javispedro(note: never seen the series)00:34
virtualdwho's mcgee?00:34
DocScrutinizer(the hole by design in all recent smartphones that comply US regulations)00:35
DocScrutinizer~wiki Timothy_McGee00:36
infobotAt (URL), Wikipedia explains: "{{Other people}} {{Original research|article|date=October 2009}} {{In universe|date=March 2011}} {{Infobox character | color = #95ABBD | occupation = Special agent, Major Case Response Team Field Agent, NCIS (Seasons 2-Present), Norfolk Case Agent and Major Case Response Team TAD Field Agent, NCIS (Season 1) | image = | caption = Sean Murray as Tim McGee in a promotional photo ...00:37
*** hardaker2 has quit IRC00:37
*** hardaker has joined #harmattan00:41
* itsnotabigtruck is a little disturbed by this, not because the man can track your phone (knew that already), but because the phone itself is doing the tracking00:41
*** zx2c4 has left #harmattan00:48
*** piggz has quit IRC00:55
*** risca has joined #harmattan00:57
virtualdwatch out for silent text messages :)00:59
virtualdand silent phone calls00:59
virtualdif you're on the run haha00:59
virtualdand maybe try out the osmocom catchercatcher01:01
*** diorahman has joined #harmattan01:05
*** cvaldemar has quit IRC01:08
DocScrutinizerimsi catchers are sooo out01:16
DocScrutinizernowadays all services have their own encrypted administrative and surveillance/tapping interface to all networks01:17
itsnotabigtruckDocScrutinizer: i thought imsi catching was a protocol exploit, can't fix it without fixing the protocol01:18
itsnotabigtruckand it's too late to do that01:18
DocScrutinizerit'S indeed not even an exploit, it's simply a not-so-standard regular implementation of a valid BTS01:19
virtualdum yeah a feature01:19
DocScrutinizerthe only 'exploit' in that might be the fact that BTS have no obligation or even method to authenticate to mobiles01:20
itsnotabigtruckDocScrutinizer: well, still counts as an exploit (a mitm), there's all sorts of ways they could have put authentication in01:20
itsnotabigtruckbut why are you saying it's 'sooo out' then01:21
DocScrutinizerbut why set up a 'fake' BTS when you can tap and control the real one?01:21
itsnotabigtruckDocScrutinizer: the encrypted part? unless you're the mob or something the technical solution is probably easier01:22
*** risca has quit IRC01:23
virtualddocscrutinizer: everyone doesn't know how to do that01:24
DocScrutinizerthe mob?01:24
itsnotabigtruckDocScrutinizer: you know, organized crime01:24
itsnotabigtruckthe mafia01:24
DocScrutinizer>>Das D1-Netz ist das Mobilfunksystem der Deutschen Telekom (vorherige Namen: T-Mobile; DeTeMobil), das nach Aussage des Betreibers „nahezu abhörsicher“ ist. Das ist der Grund, weshalb die Betreiber der digitalen D-Netze von der Bundesregierung gezwungen wurden, eine Abhörschnittstelle für die „Dienste“ zu programmieren.<<
DocScrutinizernowadays the services tap your phone via internet01:25
DocScrutinizerimsi catchers are definitely outdated01:26
*** NIN101 has quit IRC01:26
itsnotabigtruckDocScrutinizer: they're outdated if you're the police, and have been for a long time, i assumed this was about non-police-entities pwning your communications01:26
DocScrutinizer(btw this taping interface been invented and standardized - and exported to the world - here in Germany, much like GSM once been)01:27
itsnotabigtruckthe police/feds being able to tap your phone is about as old as old news gets :p01:28
DocScrutinizerI'm sooo proud of being a German :-S01:28
DocScrutinizerwho else would use a 10k imsi catcher? and for what?01:28
DocScrutinizerwhere 10k probably is EUR, for a used one01:29
itsnotabigtruckthe mafia? competing corporations? foreign spies?01:30
itsnotabigtruckhackers using a DIY imsi catcher?01:30
DocScrutinizerfor sure McGee never used an IMSI catcher ;-)01:30
itsnotabigtruckat one of the recent DEFCONs i think someone deployed one01:30
DocScrutinizerwell, if there'd be any info on GSM that is worth spying it by the mafia, then the one that gets spied is really an idiot asshat01:31
DocScrutinizeras taping phones for espionage is even older than police doing that01:32
DocScrutinizerso I think the various advices about what you shouldn't tell on a phonecall are from the early 20s of last century01:33
RST38hAh, Doc, stop ranting, go get some sleep =)01:34
DocScrutinizeranyway nowadays both mob and feds are most concerned about skype - and you could skype from your phone as well, if that'S news to you ;-)01:37
DocScrutinizerunlike tapping interface, only very few services have the credentials to use the secret skype backdoor01:38
DocScrutinizerthough this might have changed a bit lately01:39
DocScrutinizerwith skype now being a M$ project01:39
DocScrutinizerM$ always implemented backdoors to all their "security" stuff, and was very cooperative to officials01:40
*** psycho_oreos has joined #harmattan01:42
DocScrutinizerwhich got rewarded by 99% M$ products in all institutions01:42
itsnotabigtruckDocScrutinizer: erm, skype aside, which MS security-related products have backdoors01:45
itsnotabigtrucklet me guess, you're going to bring up the NSAKEY red herring01:45
itsnotabigtruckit does seem like bitlocker's lack of password or crypto device authentication could be beneficial to police01:46
itsnotabigtruck(it supports TPM and USB drive keyfiles only - keyfiles aren't password protected)01:47
itsnotabigtruckthough that isn't a backdoor per se, just non-ideal security choices01:47
*** diorahman has quit IRC01:54
*** diorahman has joined #harmattan01:55
DocScrutinizerOT factoid about McGee: his sister is actually his stepsister in RL. Miss Bellisario. Nice family cronyism02:06
* DocScrutinizer idly wonders if producer Mr Bellisario has some special appearances like Hitchcock02:08
*** Natunen has quit IRC02:10
*** FACEFOX has joined #harmattan02:22
*** acidjunkie has quit IRC02:23
*** acidjunkie has joined #harmattan02:25
*** risca has joined #harmattan02:28
befordhelp  itsnotabigtruck02:31
befordI forgot the lock code damn XD02:31
*** Necrosporus has quit IRC02:40
*** M4rtinK has quit IRC02:46
DocScrutinizeror you are using open mode which causes lockcode to go invalid02:48
DocScrutinizeractually it's allegedly causing CAL aka config mtd partition to become read-only, which somehow renders all lockcode access attempts to err out02:49
*** AndrewX192 has quit IRC02:49
*** AndrewX192 has joined #harmattan02:50
*** AndrewX192 has quit IRC02:50
*** AndrewX192 has joined #harmattan02:50
befordno .. I was changing it02:50
befordbut I do not remember finishing to change it02:50
befordlike I was on the 'change lock code' screen02:50
befordand went to do something else and it locked it self .. now the old password is not working, and I cant remember if I set something new :/02:51
befordwoah. I remembered it02:53
befordnow I will need to get some memory pills or something. jesus.02:53
*** diorahman has quit IRC02:54
*** deimos has quit IRC03:25
*** javispedro has quit IRC03:38
*** arcean has quit IRC03:42
*** n9appscom has quit IRC03:50
*** n9appscom has joined #harmattan03:51
*** diorahman has joined #harmattan03:52
*** n9appscom has quit IRC03:55
itsnotabigtruckbeford: hey, still there?03:57
itsnotabigtruckoh, you got it sorted03:57
itsnotabigtruckDocScrutinizer: well, have you tested that read-only thing?03:58
itsnotabigtrucki believe i mentioned before, that the cal thing is second-hand info from rainisto - if you want to be sure, test it03:58
itsnotabigtruckthe lock code is probably erroring out due to unrelated reasons, namely the whole omap security being deactivated thing03:59
*** trx has quit IRC04:02
*** delphi has joined #harmattan04:02
*** diorahman_ has joined #harmattan04:05
*** diorahman has quit IRC04:06
*** diorahman_ is now known as diorahman04:06
*** vLassi has joined #harmattan04:13
befordhey ieatlint04:17
itsnotabigtruckbeford: for reference if you forget it again, you reset it by zeroizing04:29
itsnotabigtruckhopefully not too many thieves will pick up on that, though the sort of people who steal phones are mostly morans anyway04:30
itsnotabigtruckpetteri: i think your entry for pinkit's missing a description04:30
beforditsnotabigtruck, like using WinFlasher?04:33
*** vLassi has quit IRC04:33
itsnotabigtruckbeford: yeah04:35
*** risca has quit IRC04:35
itsnotabigtruck'zeroize' is the word i used in my guide, because it's awesome04:35
befordah right, erase user data04:35
befordthanks itsnotabigtruck I'll try to not forget my lock code again anyway xD05:16
*** diorahman has quit IRC05:20
*** oberling has joined #harmattan05:58
*** oberling_ has quit IRC06:02
*** hiemanshu has quit IRC06:02
*** hiemanshu has joined #harmattan06:06
*** vincent87 has joined #harmattan06:22
*** vincent87 has quit IRC06:24
*** diorahman has joined #harmattan06:33
*** sigmaorion has joined #harmattan07:07
sigmaorionhi there!!07:07
*** sigmaorion has quit IRC07:15
*** Natunen has joined #harmattan07:20
*** diorahman has quit IRC07:22
*** dymaxion has joined #harmattan07:37
*** niqt has joined #harmattan07:55
*** beford has quit IRC08:00
*** hardaker has quit IRC08:03
*** delphi has quit IRC08:55
*** vLassi has joined #harmattan09:39
petteriitsnotabigtruck: i think you are right. I'll add one :)09:53
*** niqt has quit IRC10:08
*** diverse_izzue has quit IRC10:47
*** NIN101 has joined #harmattan10:51
*** karbas_ has quit IRC11:03
*** blueslee has joined #harmattan11:31
*** cvaldemar has joined #harmattan11:32
*** rlinfati has joined #harmattan11:34
bluesleeDocScrutinizer: ping11:39
*** M4rtinK has joined #harmattan11:41
*** trx has joined #harmattan11:51
*** heymaste_ has quit IRC11:54
*** adlan has quit IRC12:02
auenfhoneycomb takes too many downloads to root12:02
*** Saviq_ has joined #harmattan12:03
*** Saviq_ has quit IRC12:05
*** auenf has quit IRC12:07
*** ZogG_laptop has quit IRC12:09
*** auenf has joined #harmattan12:09
*** rlinfati has quit IRC12:18
*** DocScrutinizer has quit IRC12:39
*** DocScrutinizer has joined #harmattan12:41
*** heymaster has joined #harmattan12:42
*** blueslee has quit IRC12:53
*** Guest92708 is now known as Termana13:06
*** heeeegua has quit IRC13:10
*** djszapi has joined #harmattan13:39
*** Anssi138 has quit IRC13:46
*** diorahman has joined #harmattan13:55
*** djszapi has left #harmattan13:56
*** Anssi138 has joined #harmattan13:59
macmaNsup peeps14:07
macmaNhow to turn off the massively annoying "switch internet connection on" prompt?14:07
macmaNi'd like to *never* see it again14:07
macmaNi have PSM forced on, doesnt help14:07
macmaNi have internet switch off, doesnt help14:08
macmaNinternet apps should not be able to constantly annoy me with a full screen modal dialog, wtf14:08
*** Anssi138 has quit IRC14:14
*** djszapiN9 has joined #harmattan14:24
VelmontmacmaN: Agree. I want it to always be 3G connected.14:32
VelmontI think I had that working before, -- but then I had to disconnect once,and now it's constantly nagging me for internet :-)14:33
macmaNisnt that possible?14:33
VelmontYes, -- but not very obvious at least. I've made it once, but can't find out how to do it again.14:33
macmaNi think you have to go to Edit Networks14:33
macmaNand allow your 3G to be auto-used14:33
macmaNi think 3G is set to no-auto by default14:33
VelmontAh, -- found it.14:34
*** sp3001 has joined #harmattan14:34
macmaNwell im living internet off. dont want to charge battery every 2 hours.14:35
macmaNbut "no" definitely doesnt mean "no" to nokia developers14:35
macmaNit acts more like a horny boyfriend14:36
*** djszapiN9 has left #harmattan14:40
rZrSazpaimon: pong14:42
*** djszapiN9 has joined #harmattan14:45
djszapiN9is there a ctrl+f-like search functionality in grob for finding a dedicated content on a webpage ?14:45
rZrnot i am aware of14:50
djszapiN9bad grob :p14:55
*** GeneralAntilles1 has joined #harmattan15:11
*** gareth___ has joined #harmattan15:12
*** juergbi` has joined #harmattan15:13
*** tsenyk_ has joined #harmattan15:13
*** sp3002 has joined #harmattan15:14
*** denism1 has joined #harmattan15:14
*** rzr` has joined #harmattan15:17
*** sp3001 has quit IRC15:19
*** infobot has quit IRC15:19
*** eman` has quit IRC15:19
*** GeneralAntilles has quit IRC15:19
*** denism has quit IRC15:19
*** rZr has quit IRC15:19
*** tsenyk has quit IRC15:19
*** damaltor has quit IRC15:19
*** juergbi has quit IRC15:19
*** gareth__ has quit IRC15:19
*** infobot has joined #harmattan15:20
*** ChanServ sets mode: +v infobot15:20
*** eman has joined #harmattan15:20
*** FACEFOX has quit IRC15:21
*** damaltor has joined #harmattan15:21
*** FACEFOX has joined #harmattan15:28
djszapiN9interesting why a link does not work for clicking in grob, but works fine if i type it out in the url bar.15:32
*** Sazpaimon has quit IRC15:35
*** Sazpaimon has joined #harmattan15:35
*** NIN101 has quit IRC15:54
*** diorahman_ has joined #harmattan16:04
*** piggz has joined #harmattan16:07
*** diorahman has quit IRC16:07
*** diorahman_ is now known as diorahman16:08
*** blueslee has joined #harmattan16:10
*** GeneralAntilles1 is now known as GeneralAntilles16:12
*** GeneralAntilles has joined #harmattan16:12
bluesleecan someone tell me if the openmode for n9/pr1.2 is full working. what are the (dis)advantages of openmode compared to inception16:14
*** piggz has quit IRC16:15
*** arcean has joined #harmattan16:16
bluesleeopenmode is running harmattan without aegis, right? who build the corresponding kernel? i will see a warning when booting and i can install packages from harmattan devel repo via apt-get not running into signature issues, right?16:16
*** divan has quit IRC16:16
*** divan has joined #harmattan16:18
bluesleeand what will happen when pr.1.3 arrives? do i need to reflash everything?16:18
*** kakashi__ has joined #harmattan16:20
*** n9appscom has joined #harmattan16:20
Tronicblueslee: Depends on how Nokia responds. Quite possibly you can simply uninstall inception, do the upgrade and then reinstall (new version of) inception.16:23
TronicThe right thing for Nokia to do would be not to patch the inception hole at all or even provide such functionality by default in PR1.3. It is not like any content providers actually cared about Harmattan at this point.16:24
bluesleeTronic: okay, thats about inception. i am tending to enter the openmode but i am not sure about it, the kernel for pr1.2 is there for one week or so16:27
bluesleeTronic: its sounds simpler to install just the inception package but the repository/signature issue will stay or not?16:28
*** koe has left #harmattan16:36
hiemanshuTronic: not patching a hole in aegis that can be expoilted by malcious software? LOL, right16:44
Tronichiemanshu: OMGWTF16:44
TronicN900 *never* had any sort of platsec.16:45
qronicwoohoo, seeing malicious software for hamattan would be so exciting. another new software for n9, wow!16:45
TronicExactly how many malware apps did you ever see for Maemo (inlc. Harmattan)?16:45
TronicLinux/Maemo - security by platform obscurity.16:46
*** decibyte has quit IRC16:46
*** djszapiN9 has left #harmattan16:46
*** sp3002 has quit IRC16:46
*** Saviq_ has joined #harmattan16:48
*** Saviq_ has quit IRC16:48
hiemanshuTronic: they are going to do the obvious thing and fix the hole, and its not about how many, its about the idea of being able to do it that scares most people away16:48
TronicBtw, is disk encryption already available for Harmattan?16:49
TronicI would like to have some security for my personal information in case the phone is stolen or examined by border control or whatnot.16:50
Tronichiemanshu: I am not exactly sure what you mean by people (content providers or users) but for starters, regular users mostly have no idea what platsec even is and most of those who do prefer not to have it.16:51
*** decibyte has joined #harmattan16:52
TronicIt does not protect the user against malware because it doesn't actually provide useful access control (e.g. against recording audio and phone calls and streaming them to the eavesdropper).16:52
TronicThe only reason why it is there is to "protect" some content providers who still think that DRM is a must-have.16:53
hiemanshusure, but nokia isnt going to leave it open just like that16:53
*** blueslee has quit IRC16:53
TronicYou are probably right.16:54
TronicHowever, Nokia has been firing Harmattan developers and moving them to new tasks (Windows Phone) at such rate that I must wonder how much maintenance they are going to be doing anymore.16:54
jonniTronic: thats what lock code is for, so your data wont leak if your phone is stolen, as they need to do erase-user-data=secure in order to use it.16:55
Tronicjonni: Not quite as secure as I'd prefer (because it relies on the platform being secure) but maybe it is good enough.16:56
jonniit relies that you dont use 12345 as a lock code16:57
Tronicjonni: Considering that I don't give out the code to the TSA agent, I wonder whether he can or will bother to (a) use a government-enforced built-in backdoor, (b) circumvent the security system in some other way (e.g. read directly from the flash chip).16:58
jonnia no, b yes if some goverment has flash chip readers. If you want to secure some of your data, then you can make an application that uses aegisfs to secure it really.17:00
TronicFortunately I don't have secrets of such level stored on my device to warrant all the effort.17:00
*** javispedro has joined #harmattan17:01
Tronicjonni: Why no to a? I would think that this is the most straight-forward way to go.17:01
TronicWell, Harmattan is not officially sold in the US, so possibly they don't have that backdoor, but I wouldn't count on it.17:02
jonnithere is no back door, we dont live in america17:02
jonnikernel is open source so you can hunt your backdoor in there. :)17:05
Corsacjonni: btw it's a bit sad the whole stuff is not encrypted, but eh :)17:08
jonniCorsac: well then bootup time to start the device would be 15+ minutes, and imho that is a bit slow :)17:09
jonniif you are really an internation spy agent, then there is no phone secure enough for you, and you should use some laptop that you encrypt the stuff yourself :)17:12
Tronicjonni: The backdoor could be in many other places than the kernel, and also we cannot really verify that the binaries provided by Nokia actually come from that source code.17:13
Tronic(have fun trying to replicate the exact same binary even when your source code is exactly the same)17:13
Corsacjonni: what are you talking about?17:15
TronicBut yes, you are right, cannot really trust such specialized hardware in any case, if the security really matters.17:15
*** kakashi___ has joined #harmattan17:16
*** kakashi___ has joined #harmattan17:16
*** liar has joined #harmattan17:16
jonniwell you can compile the sources, and do diff to files, and you can also disassemble with ida pro to see that its really that source which matches. As only difference there is the timestamps.17:16
*** kakashi__ has quit IRC17:17
Corsacjonni: where exactly did you get the impression that encrypting stuff would result in 15m boot time?17:19
Tronicaegisfs does a full-fs verification on boot?17:20
*** NIN101 has joined #harmattan17:20
*** hardaker has joined #harmattan17:21
SpeedEvilIt verifies signatures at load-time only17:24
jonniSpeedEvil: and you are sure that you are not mixing aegis refhaslist to aegisFS? :). Well anyways aegisFS use FUSE and its notoriously slow on each syscall.   But if you are app developer make an app which stored data you want to be secure, you can always write your data to /home/user/private/
*** NIN101 has quit IRC17:40
*** NIN101 has joined #harmattan17:40
*** liar has quit IRC17:48
*** liar has joined #harmattan17:49
*** bradfo_ has joined #harmattan17:50
*** bradfo_ has quit IRC17:52
*** FACEFOX has quit IRC17:53
*** FACEFOX has joined #harmattan17:54
SpeedEvilOk - yes, I knew that - just different context17:58
*** franz2k has joined #harmattan18:12
*** diorahman has quit IRC18:12
*** franz2k has left #harmattan18:13
*** jaywink has joined #harmattan18:26
itsnotabigtruckTronic Corsac: i don't know about a backdoor, but none of the secure storage facilities provided with the os are secure18:34
itsnotabigtruckmaybe if you set up a password-based full-flash encryption arrangement18:34
*** admiral0 has joined #harmattan18:36
itsnotabigtruckhey admiral018:36
admiral0itsnotabigtruck: hey dude18:36
admiral0how are you?18:36
*** piggz has joined #harmattan18:37
admiral0i need help with qml maps...18:38
admiral0is there an easy way to populate with mapobjects with coordinates i supply from C++?18:38
admiral0i mean without going through "My mind is full of fuck and Models"18:39
admiral0as i saw i can't even implement landmarkmodel in C++18:40
infobotit has been said that update is
infobothmm... aegis-no-thanks is
M4rtinKadmiral0: no idea about the default maps, I'm using AGTL's PinchMap instead18:42
M4rtinKit's quite usable18:42
*** Free-MG has joined #harmattan18:43
admiral0come on guys, it'll be a free app for all of you18:43
admiral0(yes, it will be _Free_ in the store)18:44
itsnotabigtruckadmiral0: publish it to appsformeego18:44
itsnotabigtruckin fact you should publish lps2 there too18:45
M4rtinKjust gut out some of the AGTL/geocaching specific things and you are good to go18:45
itsnotabigtruckM4rtinK: why not use the stock maps?18:45
admiral0oh, lps2... i have to work on that18:46
admiral0it's quite reaady18:46
Free-MGhow can i connect to WLAN / 3G from command line?18:46
M4rtinKI wan't a more low-level access to it18:46
M4rtinKdidn't really study the default one though :)18:47
admiral0Free-MG: explore dbus with qdbus18:47
itsnotabigtruckadmiral0: make sure to run it by me before releasing so i can package-nazi it :p18:47
admiral0itsnotabigtruck: package-nazi?18:48
admiral0it should be in system bux18:48
*** adlan_ has joined #harmattan18:48
admiral0ah, you are the human version of namcap in archlinux18:48
admiral0i see18:48
itsnotabigtruckhm, i guess namcap is like lintian on debian18:48
admiral0or perl_critic for perl18:49
itsnotabigtruckanyway, i'm just worried about things like the handling of the css patching/unpatching18:50
itsnotabigtruckneed to make sure it won't asplode when users upgrade to 1.318:50
admiral0i imagine those thingies with this face
admiral0also i have quite an idea of replacing meteo widget with a secondary part for lpsmagic18:51
admiral0who needs *current* weather? captain obvious?18:52
admiral0i find this more useful and entertaining:
*** piggz has quit IRC18:55
TronicCurrent weather is useful for not having to open the curtains and actually look outside, or even worse, opening the window to find out how warm it is.18:56
admiral0use gary's forecasting stone you dummy18:57
*** admiral0 has quit IRC18:59
*** niqt has joined #harmattan19:02
*** TNZ has joined #harmattan19:02
itsnotabigtruckit would be nice if meecast would get with the program and use the right fonts19:03
Corsacitsnotabigtruck: I didn't really look at how the secure storage facilities worked, but what makes you say that?19:03
itsnotabigtrucktypography matters, sheesh :p19:03
itsnotabigtruckCorsac: well, one of a zillion ways to get into your locked phone would be:19:04
itsnotabigtruckconnect to the flash chips, put a payload in and get it to run during the boot sequence19:04
itsnotabigtruckdisconnect and boot it up19:05
itsnotabigtruckand then use your payload to siphon off all the data19:05
itsnotabigtruckand that's just the naive way, there's no doubt simpler solutions19:05
DocScrutinizermeh, when you already have access to raw storage, then why not simply dump it to the in circuit debugger right away?19:06
*** psycho_oreos has quit IRC19:06
itsnotabigtruckDocScrutinizer: i think the assumption is that the data is in aegisfs19:06
itsnotabigtruckso the phone has to be online and pwned to get the data19:06
itsnotabigtruckbut if you can get a shell on the phone, you can get into any aegisfs, so yeah19:06
DocScrutinizerthe concept of "secure" storage that'S not unlocked by a password you have to enter each boot is broken by design19:07
DocScrutinizerthe aegisfs idea of "secure" storage is just the augmentation of credentials per process to storage and files19:09
SpeedEvilIt has some usages, if your attacker does not have root, and if your system is secure.19:09
SpeedEvilAnd your attacker can't do advanced ICD19:10
DocScrutinizerexactly, and that's about the only usage I could figure19:10
DocScrutinizerhowever this would be a simple matter of proper setting of permissions and ACLs in a regular aegis-free linux^Wunix19:11
*** TNZ has quit IRC19:11
DocScrutinizerso aegis is 99% about reinventing the wheel, to cope with problems we wouldn'T have without aegis19:12
SpeedEvilI suspect it may have been more interesting if finished.19:14
SpeedEvilFor example - protected storage appears under a known per-app directory19:15
SpeedEvilthey just have to treat it like normal files19:15
*** rlinfati has joined #harmattan19:33
*** djszapiN9 has joined #harmattan19:33
DocScrutinizerthere's not a single evidence or instance where we missed aegis on fremantle19:34
DocScrutinizerso all it implements is for made up scenarios invented by platsec19:34
DocScrutinizereven the core reasoning which got conceniently quoted in19:35
infobot , or "The purpose of this framework is: ... to make sure that the platform meets the requirements set by third party software that requires a safe execution environment.", or, or
DocScrutinizeris never really happening19:36
DocScrutinizeras there simply is no such 3rd party app, and never will be19:36
DocScrutinizernota bene "safe execution environment" simply means "user got no means to run gdb or strace or whatever against the process, to crack any secret CSS keys or whatever"19:38
*** vLassi_ has joined #harmattan19:41
*** dymaxion has quit IRC19:42
DocScrutinizersecurity as defined by aegis never been about *your* security, it's always been about security of apps *from* you messing with them19:43
DocScrutinizerit's really brilliant how TrustedComouting apologetics and proponents managed to suggest to joe average user that it's not like that19:45
DocScrutinizereven 75% of platsec folks themselves believe in that lie19:45
CorsacDocScrutinizer: well, some people /do/ care about trusted computing for other stuff than drm19:47
CorsacDocScrutinizer: including people at TCF19:47
DocScrutinizerTC by design is at least not needed for anything except DRM in a broader sense19:48
*** adlan_ has quit IRC19:48
DocScrutinizerusually it's even useless for anything but exactly DRM and "ensuring safe environment"19:48
DocScrutinizerthere have been working security solutions for all the supposed other usecases of TC since ages19:49
DocScrutinizerso it's fair to say TC got invented and is useful for DRM only19:50
*** cvaldemar has quit IRC19:51
MohammadAGwhy the fuck does the dorm table fuck the iPhone's and N950's screens19:51
*** gabriel9 has joined #harmattan19:52
DocScrutinizerMohammadAG: ???19:53
MohammadAGDocScrutinizer, double tapping the N950 doesn't work19:54
MohammadAGand the sliding gesture sometimes fails midway19:55
DocScrutinizerseen here as well19:55
MohammadAGtill I ground the device19:55
DocScrutinizerI always thought it's caused by RF interference from nearby LCD screens, PSUs etc19:55
MohammadAGah, removing the iPhone from the metallic charger case fixes it19:55
javispedrothe problem is clearly that you are holding them wrong19:56
DocScrutinizerand yes, I also could fix the issue by "grounding" the device by holding it with my other hand19:56
DocScrutinizerjavispedro: exactly ;-D19:56
DocScrutinizerthe electric design of the touchpanel controler/sensor is meant for a "touching object" that is connected to controller's GND19:57
DocScrutinizerrandom arbitrary isolatedobjects tend to not work correctly when tuching the screen19:58
itsnotabigtruckimo aegis would have been useful if it implemented role based access control19:59
itsnotabigtruckbut there's existing rbac systems for linux that could have been used instead of setting up this new system19:59
itsnotabigtruckones that are more proven security-wise19:59
itsnotabigtruckin a functioning security arrangement, methods of elevating privilege are kept to an absolute minimum20:00
SpeedEvilThe autogeneration of credentials is in principle interesting.20:00
itsnotabigtrucke.g. only a tiny number of security-aware binaries are made setuid root on a normal linux system20:00
SpeedEvilIf combined with a fine enough grained permission architecture, and sane permission review.20:00
itsnotabigtruckso in order to be secure, aegis should have been based around restricting credentials from those already there20:00
itsnotabigtruckinstead of granting credentials out of thin air20:01
itsnotabigtruckwhich is just asking for insecurity20:01
itsnotabigtruckalmost everything on harmattan is a p/e hole of some sort20:01
SpeedEvilI do not ever want a calculator program to be able to access the internet. It can have a small sandbox for storage - and that's it.20:01
itsnotabigtruckthe package based policy generation is a cool idea, that no other distribution has picked up afaik20:01
itsnotabigtruckit's why selinux is so difficult to deal with, because you have to deal with this gigantic monolithic policy that's not integrated with anything and isn't very complete20:02
MohammadAGandroid does it best tbh20:03
MohammadAGiOS comes next when talking about location20:03
DocScrutinizeritsnotabigtruck: well that are implementation details simple to solve with a subdir structure like seen in /etc/*.d/*20:03
MohammadAGApple knowing your location doesn't count20:03
MohammadAGbut they failed with contacts20:04
MohammadAGPath and Twitter were both copying contacts server side with no prompt20:04
MohammadAGand Apple approved them20:04
MohammadAGApple's approval process is there for a reason, protecting Apple, not the user20:05
DocScrutinizeritsnotabigtruck: sudo had same issues until they came up with /etc/sudoers.d/$randomfilename20:05
itsnotabigtruckwith something like selinux, the contacts data could be labeled contacts_t and the data could only go where the policy says the data can go20:05
itsnotabigtruckaegis completely ignores protecting the filesystem20:05
DocScrutinizerthat's why they need aegisfs20:06
itsnotabigtruckand on a system like linux that is all about the filesystem20:06
itsnotabigtruckthat's a grave mistake20:06
MohammadAGitsnotabigtruck, with android you get a list of what the app does20:06
itsnotabigtruckbut aegisfs is only used for few and small things20:06
DocScrutinizerlike tracker ;-P20:06
* djszapiN9 rotlf-ing at the many security experts from out of the thin air20:06
MohammadAGwith iOS (for location and soon contacts), you get a prompt saying "App would like to use your location"20:06
DocScrutinizertracker as well is about abandoning unix fs hierarchy20:06
MohammadAGdjszapiN9, clearly Aegis's devs weren't one of them20:07
javispedroMohammadAG: IOS has the least granularity of all (same as webos)20:07
MohammadAGin any way20:07
javispedrobasically the same security than on any average desktop20:07
MohammadAGthis should be implemented API wise20:07
MohammadAGnot with a lame security system20:07
djszapiN9MohammadAG, android, meego etc replicated aegis in a way or other20:08
MohammadAGif app uses location_get_current_location(), prompt the user, block the code20:08
MohammadAGdjszapiN9, android replicated aegis?20:08
djszapiN9so it does not seem too bad.20:08
javispedrotbh I feel that if I had to "build" a security system with the same goals as aegis, I'd end up replicating aegis.20:08
* javispedro wins most obvious sentence of the day award20:09
MohammadAGjavispedro, aegis's roles are?20:09
DocScrutinizermeh, and aegis replicated what? UNIX of 1948? Dang I have to tweak my ignore list20:09
MohammadAGI don't see android having the same crap as Aegis20:09
javispedroMohammadAG: minimal intrusiveness to existing apps, for example20:09
MohammadAGNoLED allows you to light up the screen, control brightness etc20:10
MohammadAGit's in the android market, tokens aren't denied20:10
javispedropolicy, policy...20:10
MohammadAGwhereas Aegis decides lighting up the LED blows up the user20:10
itsnotabigtruckimo just replicating the capability setups in android, symbian, whatever isn't good enough20:10
MohammadAGwell yeah, Nokia's Aegis policy20:10
itsnotabigtrucki want to control exactly has access to what data20:10
itsnotabigtruckthat means filesystem labeling20:10
MohammadAGjavispedro, Apple has a sandbox20:10
MohammadAGyou can't access contacts outside the Apple API20:10
javispedro(and webos, fwiw)20:11
MohammadAGnot without using private headers I guess20:11
itsnotabigtruckthat means not what android/harmattan/iphone/symbian/anything else have20:11
javispedrobut what use is a sandbox if dialing numbers is public API20:11
MohammadAGjavispedro, well, on iOS, not modifying filesystem files20:11
djszapiN9itsnotabigtruck, wrong, we did such a thing in meego20:11
MohammadAGjavispedro, on iOS you can't dial number unless you use openURL or whatever the method's called20:11
javispedroso you can =)20:12
MohammadAGand that opens the UI20:12
MohammadAGthere's no way the user can't know20:12
itsnotabigtruckdjszapiN9: in meego = in mssf2?20:12
itsnotabigtrucki haven't looked into mssf220:12
javispedroMohammadAG: not modifying system files sounds to me like usual root vs user separation, not sandboxing. Not modifying other app's files might be.20:12
itsnotabigtruckmssf2 uses smack and smack has labeling, right?20:12
djszapiN9meego is upstream linux20:12
MohammadAGjavispedro, no, iOS is like Symbian20:12
MohammadAGevery app has its private folder to write in, it can't access anything outside that20:12
MohammadAGwhether it's another app's folder, or the filesystem itself20:13
MohammadAGjavispedro, ^20:13
javispedroso, not modifying each other app's files.20:13
itsnotabigtruckDocScrutinizer: linux ACLs aren't exactly a winning strategy20:13
javispedroin webos, they do this by basically just chroot apps20:13
MohammadAGjavispedro, not sure how Apple does20:13
MohammadAGbut basically, jailbreaking is breaking the sandbox20:13
itsnotabigtrucki guess you could build a system based around linux ACLs but as it stands hardly anything is ACL-aware20:13
MohammadAGand running unsigned code20:14
DocScrutinizerooh but everything is aegis aware, right?20:14
MohammadAGsandboxed apps are still sanboxed though20:14
djszapiN9DocScrutinizer, architecture wise, yes.20:14
DocScrutinizerwhy would I need to sign my code?20:14
DocScrutinizerdamn, where are those ignore lists in this client?20:15
DocScrutinizerhope this "*" fixed the issue20:16
itsnotabigtruckDocScrutinizer: well, since aegis doesn't have any kind of file permission scheme, things generally don't need to be aegis-aware20:17
itsnotabigtruckaegis doesn't have that problem because it doesn't address that part of security20:17
itsnotabigtruckwell, it sort of does, through regular unix permissions, but that doesn't count20:17
*** piggz has joined #harmattan20:19
* djszapiN9 is proud of the aegis team's work.20:19
DocScrutinizerapps in OVI store are under Nokia control, no need to sign them. If I don't install any app from outside OVI, I have no potentially dangerous apps on my system. When all apps are properly installed under root-only-writable perms, no rogue app can alter code of installed apps... I really fail to see the whole purpose, for anything except "3rd party software that needs a 'secure evironment' to run" - read things like MP3 players that don'20:19
DocScrutinizert allow to copy or re-record your music you paid for20:19
itsnotabigtruckaegis would have been a lot more useful if a) it provided more comprehensive protection, b) everything was comprehensively audited, c) it was used for things beyond just keeping 3rd party apps from doing certain things20:20
itsnotabigtruckit's not a bad concept, but i don't think it turned out the way it could have20:21
SpeedEvilIut was planned for a billion phones.20:21
djszapiN9interesting that certain person(s) have the same lack of understanding as one year ago.20:22
itsnotabigtruckDocScrutinizer: well, *in theory* it allows ovi qa to assume that an app is only capable of doing things in a bounded set20:23
itsnotabigtruckso if the program doesn't declare it can send text messages, it can't send text messages20:23
DocScrutinizerso what?20:23
itsnotabigtruckwhich means there isn't a risk of a logic bomb that goes and sends premium text messages to russia or whatever20:23
itsnotabigtruckbut really, this is a problem with auditing programs without the source code20:23
DocScrutinizerthis is done by madde or whatever now, and could be done as well on ovi store evaluation20:24
DocScrutinizerno friggin need to sign anything20:24
itsnotabigtruckbut i'd bet most commercial developers wouldn't be too happy with sending all teh source to ovi to have it audited and built on their side20:24
itsnotabigtruckbut if you're dead serious about screening apps that's what would have been needed20:24
DocScrutinizeritsnotabigtruck: that's about proper dropping of posix credentials20:25
DocScrutinizernot about an idiotic signing scheme20:25
djszapiN9yes sure, commercial companies like rovio gives out their value for fun....20:25
itsnotabigtruckDocScrutinizer: posix capabilities don't do anything about tasks like text messages20:25
DocScrutinizeroopsa capas, yes20:25
javispedroI mean20:26
javispedroDoc is right20:26
itsnotabigtruckdjszapiN9: well, i did just say that i doubt many commercial outfits would go along with it :p20:26
javispedroif by "posix credentials" you mean gids, etc.20:26
*** piggz has quit IRC20:27
*** gabriel9 has quit IRC20:27
javispedrohrmpf, left the N950 GPS for a 10 minutes, in stable position, got ~500 points, bounding box area around 0.3 square frigging _KM_20:28
DocScrutinizerwell, maybe posix capas are not as finegrained as you'd wnat them to be. So what? Go improve / augment them. You don't need any signing of pkgs to do so20:28
itsnotabigtruckDocScrutinizer: the thing is that posix capabilities are exclusively about administrative tasks20:29
SpeedEviljavispedro: Extreme solutions happen.20:29
djszapiN9why wouldn't you ?20:29
itsnotabigtruckif you're not root, you normally don't have any capabilities, and that's how it should be20:29
itsnotabigtruckit should be extremely rare for a user app to assert posix capabilities20:29
javispedroitsnotabigtruck: DocScrutinizer: that's why I said that Doc was right in saying "credentials", not capas20:29
javispedroitsnotabigtruck: DocScrutinizer: credentials include pid, uid, gids, etc.20:29
DocScrutinizer:nod: so I was right :-)20:30
SpeedEviljavispedro: - 100m errors occurred about every 2000th sample on average.20:30
djszapiN9no he was wrong20:30
DocScrutinizerwe'd not need a restok and other shit to get there20:30
javispedroSpeedEvil: I am trying to deduce if sw is filtering or not20:31
djszapiN9actually quite wrong20:31
DocScrutinizerand for sure we'd not need any hashes20:31
DocScrutinizerand signatures20:31
djszapiN9please note that it is called capabilities.h, and not just for fun20:31
*** piggz has joined #harmattan20:32
djszapiN9anyway, i so not see the point in this discussion20:32
djszapiN9i do not see any fruit of it just randomly training minds.20:32
*** MohammadAG has quit IRC20:32
*** MohammadAG has joined #harmattan20:32
djszapiN9feel free to send me the architecture from a-z for a full replacement.20:33
itsnotabigtruckyeah...the last thing we need is another endless back and forth about aegis20:33
djszapiN9that would be fruitful.20:33
itsnotabigtruckdjszapiN9: well, the problem isn't coming up with one, it's pulling it off20:34
itsnotabigtrucksince aegis is part of everything it's not like it's easy to swap something else in20:34
djszapiN9nah, you do not listen20:34
djszapiN9come up with an architecture which would be sensible.20:35
djszapiN9and try to make it work on mer eg.20:35
djszapiN9wr have heard enough guys saying "the big things"20:36
djszapiN9i would like to see an architecture proposal.20:36
djszapiN9swearing randomly is possible any architecture and implementation.20:37
itsnotabigtruckdjszapiN9: well, one approach would be to use selinux, and implement something like aegis-install that produces policy at install time20:38
djszapiN9about*, let us make it fruitful and get a proposal with an overthought architecture.20:38
itsnotabigtruckthe problem is that selinux is complicated and that means defining policy is complicated20:38
itsnotabigtruckbut the complication could be simplified from the pov of app packagers20:39
javispedroso, what does selinux have that aegis doesn't?20:39
djszapiN9you seem to be a new guy in security altogether20:39
itsnotabigtruckjavispedro: file labeling20:39
itsnotabigtruckright, it's well analyzed20:39
djszapiN9javispedro, overcomplexity20:39
itsnotabigtruckdjszapiN9: a lot of the complexity is due to the "reference policy"20:39
itsnotabigtruckthis would be something different20:39
djszapiN9turning into useless category just as linus torvalds and others wrote....20:40
* javispedro is yet to see a "security paradigm" that cannot be implemented by traditional users and groups20:40
DocScrutinizerexcept DRM signing TC shit20:40
djszapiN9javispedro, no security system is implemented luke that for obvious reasons20:41
djszapiN9especially for mobile.20:41
itsnotabigtruckhere's the problem: aegis could be the best shit ever, and you guys would still complain about it endlessly because it's not what you're used to (classic linux permissions)20:41
javispedroitsnotabigtruck: no20:42
*** arcean_ has joined #harmattan20:42
djszapiN9...and this swearing i do not need about our job.20:42
javispedroIf classic unix users and groups were to be used to lock me out of my device, I would still complain.20:42
DocScrutinizerI would ask why the fsck we *need* it first instance20:42
djszapiN9good luck with swearing guys20:42
djszapiN9and with the time wasting :d20:42
itsnotabigtruckDocScrutinizer: because classic linux users and groups are extremely difficult to use for anything more than simple access control20:43
DocScrutinizeras elaborated above there's nothing in aegis that can't be done (better) in any of the already known concepts like SElinux etc - except that deprivation of root rights from user20:43
itsnotabigtrucklike keeping users separate, and only letting root change the system20:43
*** arcean has quit IRC20:44
itsnotabigtruckbut the goal here is to allow applications to be confined to precisely what the user is comfortable with allowing and absolutely no more20:44
itsnotabigtruckand to prevent applications from wreaking havok if they get exploited20:44
itsnotabigtruckfor example, the web browser should be extremely confined20:44
DocScrutinizersigh yeah, it never worked for the last 40 years, we needed aegis to finally come up with a solution to this age old problem :-P20:44
*** djszapi has joined #harmattan20:45 was hacked recently.20:45
djszapihow does it work ?20:45
itsnotabigtruckDocScrutinizer: you're being facetious but - you're right, it did never work for the last 40 years20:45
javispedrodjszapi: one could argue  that aegis has been cracked numerous times. I'm not counting implementation bugs towards the quality of the design of a security software.20:45
itsnotabigtruckit worked for what it's for, but it doesn't work for the level of sandboxing i'm describing20:45
itsnotabigtruckthat's precisely why mandatory access control exists20:45
djszapijavispedro: you propose that once I get the root password I can do anything on your system ?20:46
itsnotabigtruckjavispedro: the problem is that aegis has a security model that lends itself to being cracked, because almost everything that requires permissions has to be trusted to be perfectly secure20:46
DocScrutinizerwe're spinning in circles here, I'm off20:46
djszapiseriously, -> yay linux security \o/20:46
djszapivery proven....20:48
itsnotabigtruckdjszapi: well...that was just due to not following good server security practices20:48
*** niqt has quit IRC20:49
djszapisurely, the server was maintained by graduated students having zero knowledge.20:49
javispedroitsnotabigtruck: "almost everything that requires permissions has to be trusted to be perfectly secure" I fail to understand how any security system in the world could fix this.20:49
djszapinothing can fix that, obviously.20:49
itsnotabigtruckjavispedro: but the thing is that aegis centers around granting privileges to processes when they're launched from something unprivileged20:50
* djszapi is amazed this time the server maintainers made a crappy job according to itsnotabigtruck 20:50
itsnotabigtruckit's like a system where half of everything is setuid root20:50
djszapifunny to hear everybody is getting crappy, quite funny really :)20:51
itsnotabigtruckdjszapi: i think you're taking what i said the wrong way...20:51
itsnotabigtrucki mean obviously we all have the benefit of hindsight20:51
itsnotabigtruckif somebody got hacked, then they were doing something wrong20:51
djszapino, you always call everybody crappy20:51
djszapilast time our job about the standard...20:51
djszapiI am quite tired of it...20:51
TronicSeriously, everything of interest will get hacked, sooner or later.20:52
itsnotabigtrucksure, it's bloody hard to anticipate exactly what you could be doing wrong until something bad happens20:52
itsnotabigtrucki didn't say locking things down was easy20:52
djszapibut also the json guysmaking the official page etc, they did not know what they wrote about etc20:52
itsnotabigtruckdjszapi: that isn't what i said, you keep twisting my words and turning everything into a black and white matter20:52
djszapicannot take comments too seriously after "everybody is making wrong" :)20:52
itsnotabigtruckthere is no such thing as black or white20:52
TronicThey have hacked aircraft carriers, FBI and plenty of other very safety-critical systems already.20:52
dm8tbrcould you just stop trolling each other? KTX20:53 is obviously a high-profile target and it is astonishing that they managed to hold it that far.20:53
itsnotabigtruckTronic: safety critical usually = hesitant to apply security updates20:54
djszapiexactly, especially with the Linux stuff20:54
itsnotabigtruckand no one wants to touch it20:54
djszapithough, "hold it that far" is not quite right since it was not the first.20:54
itsnotabigtruckbut yeah, if you want something to be secure, airgap it20:54
itsnotabigtruckor better yet, encase it in concrete and drop it in the ocean ;)20:54
djszapiquite frankly, I listen to this conversation, and I do not see outcome.20:55
djszapino any fruit.20:55
djszapirandom ideas around without anybody making an architecture documentation and at least draft.20:55
djszapiso that we could study the "big things".20:56
*** Anssi138 has joined #harmattan21:00
djszapiit is not accident nobody used ACL out of the known linux mobile distributions.21:00
djszapiI know, Google, Nokia, Intel etc sucked as the usual saying here... :)21:00
itsnotabigtruckdjszapi: well, it's not like anyone sets out to make something that doesn't work...everybody's talking about everything with the benefit of hindsight21:01
djszapibenefit of what ?21:02
itsnotabigtruckit's not like any of these things that "sucked" (your turn of phrase, not mine) were built by idiots21:02
djszapiyou did not listen to others21:02
djszapiDoc* said many times we were idiots21:02
itsnotabigtruckhindsight, as in, looking back at how something turned out, with the lessons learned since21:02
djszapiretarded idiots or something like that21:02
djszapiit is /not/ my turn21:02
djszapiI have been told word by word that way.21:03
djszapimany times.21:03
*** hhartz has joined #harmattan21:03
itsnotabigtruckhow something is intended to be, and how it ends up being, are very different things, and it's easy to criticize after the fact21:03
djszapiI see zero technical critizising.21:03
itsnotabigtruckbut criticism is still important since that's how you avoid the same problems again21:03
djszapisince I have not still received a better architecture idea21:04
djszapior implementation.21:04
itsnotabigtruckwell, i made my fair share of technical criticisms just now21:04
itsnotabigtruckwell, 15 mins ago21:04
djszapiwhere is the architecture documentation ?21:04
djszapifrom A-Z ?21:04
*** ChanServ sets mode: +o dm8tbr21:05
itsnotabigtruckthat's a rather ridiculous demand21:05
itsnotabigtrucklove aegis, or write a zillion page manual about an alternative?21:05
djszapiitsnotabigtruck: no, you can copy the same architecture and fix up parts.21:05
*** dm8tbr sets mode: +q djszapi!*@*21:05
*** dm8tbr sets mode: +q itsnotabigtruck!*@*21:05
dm8tbrI asked kindly21:05
javispedrocan I talk about my stupid GPS things no one is interested in now? :D KTHXBYE!21:06
dm8tbrjavispedro: you've got a GPS thingy? is that contagious? ;)21:08
*** dm8tbr sets mode: -qq djszapi!*@* itsnotabigtruck!*@*21:09
itsnotabigtruckjavispedro: gps things? like the waas business from the other day?21:10
javispedronah, just kidding, still doing accuracy tests21:10
dm8tbrjust GPS or against the whole positioning thing in harmattan?21:11
javispedrojust GPS, although I have to let the data go through positioningd because I don't know how to speak the raw GPS proto21:12
javispedroand I suspect it is doing Kalman or similar filtering21:12
djszapidm8tbr: please write into the topic, if security cannot be discussed. I would be the happiest.21:13
*** teleshoes has joined #harmattan21:13
djszapithere was no "trolling", at least I did not get itsnotabigtruck that way.21:13
djszapinot sure what he thinks.21:13
dm8tbrdjszapi: at least he got the clue, you apparently didn't. now be a good boy and shut up.21:14
itsnotabigtruckwell, i don't think it was trolling, but i can see why everyone's tired of more aegis back-and-forths21:14
javispedro/join #harmattan-security :D21:14
djszapiitsnotabigtruck: exactly, that is why I suggested the topic extension.21:14
itsnotabigtruckdjszapi: but banning security talk would be strange, for one this is the main place people ask for help from with aegis21:14
djszapiit was way unhealthy topic many times already last summer.21:14
itsnotabigtruckaww, no one there @javispedro21:15
djszapihelp is okay, but not arguing and calling others' job shit or retarded itiots.21:15
dm8tbrdjszapi: you already have your special bit especially for you in the topic. one per person, sorry.21:15
*** dm8tbr sets mode: +q djszapi!*@*21:15
dm8tbrI can also make you shut up if I have to...21:15
*** gabriel9 has joined #harmattan21:15
dm8tbrand apparently I do have to :(21:16
*** vLassi_ has quit IRC21:27
*** djszapiN9 has quit IRC21:31
*** risca has joined #harmattan21:33
Anssi138damn i missed good old fashioned security discussion.21:33
* matrixx just got some popcorn but the show was already over :(21:33
Anssi138<- likes aegis.21:35
javispedro~lart Anssi13821:36
* infobot DoSes Anssi13821:36
*** liar has quit IRC21:36
javispedrodm8tbr: unmute djszapi already, the discussion can continue on #harmattan-security21:37
*** djszapi has left #harmattan21:37
*** dm8tbr sets mode: -q djszapi!*@*21:38
dm8tbrjavispedro: the guy sadly doesn't get a clue, even if it comes as a 2x421:39
Anssi1388 ?21:39
Anssi138but yep.21:39
SpeedEviljavispedro: ?Has someone suggested that it might be cell-positions ?21:40
javispedroSpeedEvil: technically I've tried to configure it to avoid cell positions; also, cell positioning would be more accurate21:40
javispedrothan the readings I'm getting21:40
javispedroin any case it seems like it does not like this place21:40
* javispedro curses that the qt-sdk updater umask seems to be 007721:41
*** teleshoes has quit IRC21:48
*** piggz has quit IRC21:49
MohammadAGoooh, my hard drive clicked again21:54
gabriel9i just buyed xbox 36021:58
gabriel9and now i don't know what to do with it :/21:58
gabriel9i can't install Linux on it21:58
DocScrutinizerMohammadAG: clicking HDD shouldn't concern you21:58
DocScrutinizerhdparm -S $yourdrive will cause that21:58
mgedminMohammadAG, because you have up-to-date backups, right? ;)21:58
javispedrogabriel9: you can pair it with lumia21:58
javispedrogabriel9: though garbage+garbage is still garbage ;P21:59
gabriel9i don't want to do that :D21:59
MohammadAGmgedmin, because I have no backups21:59
MohammadAGor a place to backup to21:59
DocScrutinizerclicking is caused by heads parking21:59
MohammadAGDocScrutinizer, that's normal clicking21:59
MohammadAGthis is the clicking you hear when the power's out in a spinning disk21:59
javispedroyou can also check SMART22:00
MohammadAGthat can check my ass22:00
DocScrutinizeryu should check smart indeed22:00
MohammadAGonly time it worked was when it was too late22:00
MohammadAGfor me at least22:00
*** gabriel9 has quit IRC22:00
javispedronot saying that it will say "YOUR HDD WILL DIE IN 3 WEEKS, 1 DAY, 4 HOURS AND 57 MINUTES" but at least it will tell if it is the head parking or what22:01
DocScrutinizerwell, any unusual clicking would mean heads running into a stopper, which implies positioning error that shall get noticed by smart22:01
SpeedEvilOr simply the head parking.22:02
DocScrutinizerI already mentioned that, yes22:02
DocScrutinizer[2012-03-18 20:59:48] <MohammadAG> DocScrutinizer, that's normal clicking22:02
DocScrutinizerwhich implies for me the clicking was not normal22:03
MohammadAGDocScrutinizer, javispedro SMART tests passed22:08
javispedronot the tests22:09
javispedrocheck the counters22:09
javispedroand compare after a few days22:09
javispedrospecially after hearing one such click22:09
RST38hMeanwhile: Downloading music, movies, e-books and Apps could soon cost Connecticut residents more as lawmakers consider a tax on digital downloads. The bill, proposed by the General Assembly's Finance, Review and Bonding Committee, would have consumers pay the 6.35% sales tax on any electronic transfer.22:21
RST38hMoo, javispedro22:21
itsnotabigtruckMohammadAG: check the SMART statistics22:22
itsnotabigtruckoh, you already did22:22
itsnotabigtrucklooks like i missed gabriel9, but...he could play games with it >_>22:23
DocScrutinizerRST38h: how much costs one byte?22:24
RST38hDoc: You can ask CT legislature22:24
RST38hBut I suggest you ask them what "byte" is first.22:25
itsnotabigtrucki just realized why people are getting this "package syntax invalid" message22:26
itsnotabigtruckthey're trying to wget my example url22:26
itsnotabigtruckwhich is producing a bogus file, which they then try to install with incept22:26
RST38hbad idea to create such urls22:26
itsnotabigtruckRST38h: but it's not even a valid domain name!22:27
javispedrowhy is it producing a bogusfail?22:27
itsnotabigtruckjavispedro: i think wget sometimes writes error messages to the output file22:28
javispedrothat's impossible22:28
javispedrounless ....22:28
itsnotabigtruckjavispedro: nm, i was thinking of curl22:28
itsnotabigtruckit creates an empty file22:28
itsnotabigtruck*it = wget22:28
javispedroyou are with one of those ISPs that hide NXDOMAIN failures and return a spam page22:28
itsnotabigtrucknah, it's not that22:28
itsnotabigtruckit's that wget opens the output file before trying to connect22:29
itsnotabigtruckcurl actually does write error messages to the output file unless you tell it you want to actually fail on errors22:29
itsnotabigtruckso you'll end up with a file containing "file not found" or something22:29
* RST38h found that Android users are unable to input series of numbers into their phones. Found it the hard way.22:31
*** piggz has joined #harmattan22:31
RST38hWhich by the way created an interesting intellectual problem: how do you create UI for people who cannot folllow repeatedly given instructions. I am feeling like Steve Jobs tonight.22:37
Piruusers are idiots22:45
*** ajalkane has joined #harmattan22:52
*** liar has joined #harmattan23:05
*** niqt has joined #harmattan23:07
*** hardaker has quit IRC23:08
*** hhartz has quit IRC23:11
*** jaywink has quit IRC23:11
ajalkaneanyone know what I have to select from QtCreator's update tool, to get the harmattan APIs like "gconfitem" ?23:13
ajalkaneThere's in the Update tool "Harmattan development environment", which is installed, but also one in the "Experimental" section23:13
*** zk8 has joined #harmattan23:14
*** kakashi__ has joined #harmattan23:15
*** kakashi__ has joined #harmattan23:15
*** javispedro has quit IRC23:15
*** kakashi___ has quit IRC23:16
*** tgalal has joined #harmattan23:18
tgalalon scratchbox if I try to use the accounts API, as soon as I create a Manager instance I get "Manager could not be created. DB is locked". any idea ?23:19
Anssi138is there manager already created?23:22
tgalalAnssi138: nope, not by me. It's very similar to this issue:
Anssi138if you find the db, the "fuser" shows who is using it.23:23
tgalalfuser is usable from scratchbox ?23:24
*** deimos has joined #harmattan23:25
tgalalAnssi138: nm, went through from outside and killed the process that was using .accounts/accounts.db, but the same error displays and nothing is using that db file23:27
tgalalI suppose that means there is another db23:27
liardoes anybody of you develop for the nokia n9 on a x86_64 arch linux (or similar) system?23:28
tgalalliar: yeah me23:29
liartgalal: can you help me setting it up? i've got a problem with qemu i think23:29
Anssi138tgalal: maybe there is just something else then.23:29
tgalalliar: I couldn't run qemu, I'm using scratchbox.23:29
liarisnt scratchbox using qemu?23:30
liari do get "Error -8 while loading /usr/bin/apt-get"...23:30
tgalalliar: I don't know lol. probably.23:32
tgalalnot sure what that error means though23:32
liari suppose its comming from qemu-armeb-sb and means "Exec format error"23:33
*** zk8 has quit IRC23:35
liarah.. apparently i was using the wrong cpu-transparency method23:36
*** gabriel9 has joined #harmattan23:48
*** ajalkane has quit IRC23:55

Generated by 2.15.1 by Marius Gedminas - find it at!