IRC log of #harmattan for Thursday, 2012-03-29

djszapibef0rd: I mean cannot you check with the package mangaer ?00:00
bef0rdthere is no package manager in OSC00:00
bef0rdOS x00:00
*** lizardo has quit IRC00:01
bef0rdnot officially, you can use external to get opensource stuff00:01
bef0rdlike homebrew, macports, fink00:01
*** jluisn has quit IRC00:01
djszapiso you browse the mac ports etc manually ?00:01
djszapiyes, exactly.00:01
djszapiwanted to mention homebrew, fink and friends.00:01
djszapiare any of these partition libraries available in those ?00:02
bef0rdah ok, let me see00:02
bef0rdlibparted and udisk is not available on homebrew00:07
*** befr0d has joined #harmattan00:07
bef0rd DiskManagement framework is the native stuff I think00:10
*** beford_ has joined #harmattan00:12
*** befr0d has quit IRC00:15
*** NIN101 has quit IRC00:19
djszapibef0rd: thanks.00:28
*** piggz has quit IRC00:29
*** teleshoes has quit IRC00:31
itsnotabigtruckwhat's up with newsy and panorama not being accessible from ovistoreclient :/00:40
itsnotabigtrucka regular user is certainly not going to know the backdoor way to download a deb, and then how to install it from the terminal00:40
itsnotabigtruck < $2 for that? wallpaper/ringtone vendors are absolute scum00:42
bef0rdyea, and not everybody is allowed to sell backgrounds imagine if that was the case00:43
itsnotabigtruckso is nokia's ovi operation for both allowing that sort of business, and granting such vendors a monopoly (unlike apps, you have to do a special registration process, and be an actual corporation with substantial liability insurance)00:43
franz`good thing microsoft won't let that happen on the windows marketplace right? right??00:44
itsnotabigtruckfranz`: well, i thought wp marketplace was for apps and apps only00:45
*** niqt has joined #harmattan00:45
itsnotabigtruckso, so far they aren't letting that happen then00:45
itsnotabigtruckmicrosoft is distinctly trying to distinguish itself from some of the other vendors that cuddle too closely with carriers and incumbents and deliver inferior products for it00:46
itsnotabigtruckbef0rd franz` bindi frals rigo: if any of you are still around00:47
itsnotabigtruckwhat do you think about the best approach for a trusted execution utility for inception00:47
itsnotabigtruckthat is, sudo for aegis00:47
itsnotabigtruck(or su, or newrole, or whatever)00:48
*** beford_ has quit IRC00:48
franz`sudo gaincap CAP:whatever /path/to/exec00:49
itsnotabigtrucki was tossing an idea around in my head for some mechanism for defining which credentials a particular user is allowed to assert00:49
itsnotabigtrucklike, root password = any capability, developer password = dev capabilities, etc.00:49
itsnotabigtruckbut it could be reconfigured00:49
franz`oh that'd be nice00:49
itsnotabigtruckbut that's a lot of complexity00:49
itsnotabigtruckalso, forking sudo would add a lot of unwanted complexity, though the basic sudo concept could easily be emulated00:50
itsnotabigtruckthat is, drop a token to allow multiple password-free invocations in a row00:50
franz`how did fremantle handle messing with sudo? (for 'sudo gainroot')00:51
itsnotabigtruckfor the sake of comparison, with selinux you have a) newrole - like su but for selinux roles00:51
itsnotabigtruckb) sudo has selinux support built in, which allows you to change roles along with regular sudo operation if you set that in your sudoers file00:51
itsnotabigtruckso sudo foo would a) become root, b) change to sysadm_r00:52
itsnotabigtruckbut selinux already has that roles concept built in, aegis doesn't00:52
itsnotabigtruckso there's no existing concept that allows for bundling together credentials into roles, or whatnot00:53
franz`can't you piggyback onto those aegis.manifest files?00:53
itsnotabigtruckfranz`: in what way?00:55
franz`aegisload /path/to/aegis.manifest, and it reads what caps a certain exec needs?00:56
itsnotabigtruckalso regarding your original example, there's 33 linux capabilities00:56
itsnotabigtruckno one wants to list all of them on the command line :p00:56
franz`oh :P00:56
itsnotabigtruckalso, if the process had an aegis manifest that asserted the needed capabilities, this program wouldn't be needed00:56
itsnotabigtruckin general this is for running system utilities with elevated capabilities00:57
itsnotabigtruckespecially cap::sys_admin, cap::dac_override, tcb00:57
itsnotabigtruckthat wouldn't normally run with them00:57
franz`how about files with predefined capability lists?00:59
franz`aegisetc chown etc01:00
franz`would look in... I don't know, /usr/share/aegismanifests/chown.manifest01:00
franz`add a couple for the most common tasks01:00
itsnotabigtruckfranz`: why not just assert everything though for root tasks01:01
itsnotabigtruckwell, one reason is the source check01:01
*** smokex|away has quit IRC01:01
itsnotabigtrucki'm wondering if there's a better way to deal with that than having people manually install aegisctl and run it directly every boot01:01
itsnotabigtruckit's a shame very few things use inherit policies (which subset the inherited credentials instead of adding new ones)01:02
franz`a daemon that checks with your server for a list of execs and their needed privileges (haha no there'd be so much drama)01:02
itsnotabigtruckif aegis was based around inherit policies and not add/set policies it would be so much more secure01:03
itsnotabigtruckanyway...the role based approach is growing on me01:05
itsnotabigtruckstill not sure about how to make it usable though01:07
itsnotabigtruckalso, it's highly unfortunate that the n9 doesn't have pam01:09
franz`isn't that a kernel module?01:09
*** risca has quit IRC01:09
franz`oh maybe not nvm01:10
itsnotabigtrucknah, it's a user-mode framework for managing user accounts01:10
itsnotabigtruckthe n9 does it old school with crypt'd passwords in /etc/passwd, world readable01:10
franz`whoa, really? not even an /etc/shadow?01:12
franz`lol nokia01:12
itsnotabigtruckthat might be one thing to fix in a CSSU-type thing01:13
itsnotabigtruckretrofit coreutils/etc., pam, and so on01:13
itsnotabigtruckmake it more like a real *nix system01:13
*** smokex|away has joined #harmattan01:15
aquariusI've been trying to compile a phonegap app for my n9 using qt creator. I've set up scratchbox and pointed QtCreator at it following the instructions on the nokia site, but my app says that it's not a harmattan build, because MEEGO_VERSION_MAJOR isn't defined. Does this suggest I'm doing something wrong?01:17
itsnotabigtruckaquarius: i think that's defined in some qt header file01:17
aquariusitsnotabigtruck, yeah, that's what worries me, because it suggests that I'm not doing the compilation right.01:18
itsnotabigtruckaquarius: hmm, there's a page on the nokia site suggesting defining them explicitly in the pro file01:18
itsnotabigtrucki.e. as compiler flags01:18
aquariushrm hrm.01:18
aquariusI wish the PhoneGap for Qt people hung out in here :(01:19
itsnotabigtruckhow about this01:20
itsnotabigtruckinceptdo program args -> prompts for current user's password and asserts credentials enabled for current user01:20
itsnotabigtruckinceptdo @root program args -> prompts for root's password and asserts credentials enabled for root01:21
itsnotabigtruckcredential-user mapping controlled from a central config file01:21
itsnotabigtruck(should the config file be tcb-protected or not?)01:21
franz`sounds nice01:23
franz`and yeah protect it, don't want random execs tampering with it01:23
itsnotabigtruckalso inceptdo isn't a final name, need to settle on something01:23
itsnotabigtruckbut most users will grant root all access, and then any process can mutate /etc/passwd and change the root password01:24
itsnotabigtruckwithout tcb access01:24
itsnotabigtruckrendering protecting /etc/inceptdoers or whatnot moot01:24
*** niqt has quit IRC01:25
itsnotabigtruckalso, the system has lots of vulnerabilities, an evil program could re-exploit the system, or simply replace inception's package01:25
franz`so you're saying it's pretty much not worth trying to protect it?01:25
itsnotabigtruckthough i'm thinking about mitigations for that 2nd part01:25
itsnotabigtruckmore or less, though i'm not sure01:26
itsnotabigtrucki mean, i don't want to make the system any less secure, but it's pretty damn insecure to begin with01:26
itsnotabigtruckalso as it stands inception works ok on open mode, i wonder what the implications of trying to tcb-protect files on open mode would be01:28
*** rm_work has quit IRC01:28
itsnotabigtruckdpkg doesn't bother trying to tcb-protect aegis files when in open mode01:28
*** teleshoes has joined #harmattan01:35
*** teleshoes has quit IRC01:38
*** nwoki has quit IRC01:45
*** nwoki has joined #harmattan01:45
*** nwoki has joined #harmattan01:45
* DocScrutinizer idly wonders why the hell not a *single* random exec tampered with any file owned by root and properly chmod'ed, on my PC01:49
DocScrutinizernononono, I don't expect anybody to answer. It was rhetorical and sarcastic01:50
itsnotabigtruckwell, the difference is that your normal linmux system doesn't have any levels of access beyond root01:51
DocScrutinizerit has user matrix, user supervisor, user dom001:53
DocScrutinizerand user God01:53
* DocScrutinizer wonders what those "levels of access beyond root" might be on HARM01:57
SpeedEvilroot with all permissions from aegis01:58
DocScrutinizerunless of course you mean HARM abandoned root in favour of a weird halfarsed concept01:58
DocScrutinizerroot with X is not *beyond* root01:59
itsnotabigtruckroot with no capabilities < root with some capabilities < root with all capabilities < root with tcb01:59
itsnotabigtruckof course it is01:59
DocScrutinizerso root with tcb is not root then?01:59
* SpeedEvil for a while had an ordinary user called root.02:00
*** nwoki_ has joined #harmattan02:00
* DocScrutinizer for a while has ordinary users with UID 0 ;-P02:00
*** nwoki_ has joined #harmattan02:00
itsnotabigtruckDocScrutinizer: well, if we define "root" as "having uid=0",  root with tcb is a strict superset of root02:01
DocScrutinizermost easy way to crack a system when you have nothing but a hex diskeditor02:01
*** nwoki has quit IRC02:01
itsnotabigtruckso it is root, but it's more than root02:01
DocScrutinizerand if I define HARM as BS, then everything aegis related is nonsense to discuss02:02
itsnotabigtruckand if you admit the possibility of having uid=0 but being deprivileged, then having the ability to modify a file and obtain those privileges is a security gap02:02
itsnotabigtruckdamn ssh lag, i'm literally sitting here watching my text input go into the box02:03
*** nwoki_ is now known as nwoki02:03
*** nwoki has joined #harmattan02:03
DocScrutinizer>>protect it, don't want random execs tampering with it<< c'mon! BWAHAHA02:03
DocScrutinizerTHINK about it!02:04
DocScrutinizeryou're saying a file needs additional protection because there are root instances that don't have all privileges? sound rationale!02:05
itsnotabigtruckDocScrutinizer: well, were this a selinux system you wouldn't let a program running as uid=0 but user_r mess with the systemwise selinux policy02:07
itsnotabigtruckthis type of scenario exists with EVERY mac architecture02:07
DocScrutinizerand if this were a wiener saussage, it couldn't get used to drill for oil02:08
DocScrutinizerI mean it's only *your* fault if you think it's a good idea to run arbitrary programs with UID=002:09
itsnotabigtruckDocScrutinizer: ood thing i'm not comparing this to a sausage, i'm comparing it to another system with similar goals02:09
itsnotabigtruckwell, not quite, aegis is sort of a weird example of a mac system, but it's the same general concept no doubt02:09
DocScrutinizerand you suppose this sentence is related to my last post how?02:10
*** nwoki has quit IRC02:10
*** Natunen has quit IRC02:11
*** M4rtinK has quit IRC02:11
DocScrutinizerare you suggesting aegis got invented to allow running everything as root, just like on crappy managed windoze systems?02:11
DocScrutinizerI don't see any sense in this discussion02:12
itsnotabigtruckDocScrutinizer: no, but there'sa lot of crap that probably shouldn't be run as root but is02:14
itsnotabigtruckugh, this lag is extreme, i don't now what's going on02:15
DocScrutinizermhm, yeah. And if we have such a great thing like aegis, we finally got the ultimate solution to this02:17
itsnotabigtruckDocScrutinizer: we all know how much you like aegis but being bitter about it all the time is doing absolutely nothing good02:18
DocScrutinizeractually in 30 years on dozens of OS, on 1000s of systems, I *never* encuntered a single problem where I'd have thought "I wish there was a thing like aegis to solve this properly"02:18
DocScrutinizerI'm not bitter at all, I'm ROTFL about it02:19
DocScrutinizerand about the ideas that it gives users, regarding "security"02:19
itsnotabigtruckespecially because it's already there, it's not like nokia is taking it out at this point, and it's probably going the same route as harmattan now that the n9 isn't to have a successor02:20
itsnotabigtruckand you'd think something like that if oneof your servers got owned and gave an attacker all access02:21
itsnotabigtruckaegis is misimplemented for numerous reasons but you seem to just hate security02:21
itsnotabigtruckwell, hate non-conventional security models02:22
itsnotabigtrucksince a lot of the things you bring up are things that are just stuff you have to deal with on any system that goes beyond root / not root02:22
DocScrutinizergo beyond God02:24
*** aquarius has quit IRC02:24
DocScrutinizerinvent a kinky system concept, then come up with a kinky solution for it02:25
DocScrutinizeractaully I'd be bitter if I had spent money for that crap, but I only wasted my time, and that I'm free to stop right here and now02:25
itsnotabigtruckDocScrutinizer: more like - go between peasant and god02:30
itsnotabigtruckall or nothing just isn't that great of a solution02:30
DocScrutinizerand a Wiener actually is no good drilling tool for mineral oil exploration02:35
Sazpaimonanyone with experience with nemo mobile around here? #nemomobile is pretty dead around thid time02:46
itsnotabigtruckSazpaimon: i might have asked you before, but any opinions about the trusted execution utility (i.e. sudo for aegis)03:00
itsnotabigtruckit's somewhat relevant to open mode as well as inception03:00
itsnotabigtruckalso since when were you working w/ nemo so much03:00
Sazpaimonitsnotabigtruck, to be honest I havent really used nemo extensively03:02
Sazpaimoni just want to try to get it to boot with minimal effort03:02
Sazpaimonalso no i dont really have any opinions on that, sorry03:06
itsnotabigtruckSazpaimon: sure you do, everyone who uses the command line should :p03:08
Sazpaimonim perfectly happy with opensh03:08
Sazpaimonarbitrary privilege escalation be damned03:09
itsnotabigtruckSazpaimon: but at the very minimum the syntax isn't very friendly03:09
Sazpaimoni come from a debian world03:10
itsnotabigtruckopensh -c 'aegis-exec -c -a ... program args'03:10
Sazpaimoni just opensh and do my work there03:10
Sazpaimonthen exit when done03:10
Sazpaimonthat's the debian way (tm)03:10
Sazpaimonthe ubuntu way is to basically append sudo to 90% of the commands you run03:11
Sazpaimonyou know what I would do if I had sudo?03:11
Sazpaimonsudo -s03:11
Sazpaimonevery time03:11
itsnotabigtruckthe thing is that with a root shell the temptation is there to open a root shell and leave it there for a long time03:14
itsnotabigtruckand do all sorts of non-root things with it03:14
itsnotabigtruckwhich gives you increased opportunities to get owned03:20
*** etrunko has quit IRC03:31
Sazpaimononly inexperienced people do that03:31
*** arcean has quit IRC03:34
itsnotabigtrucklots of people03:34
Sazpaimonyes lots of people are inexperienced03:35
itsnotabigtruckit's frequently not convenient to open two shells03:35
itsnotabigtruckespecially with ssh03:35
itsnotabigtruckespecially if you use command history a lot03:35
Sazpaimoni do it all the time03:35
Sazpaimonor you can use terminator03:36
Sazpaimonor whatever the console equivalent is03:37
Sazpaimoni cant remember03:37
itsnotabigtruckSazpaimon: screen/tmux?03:42
itsnotabigtruckthat works, though i'm not sure if it's been ported to harmattan yet?03:42
Sazpaimonthat was oit03:42
Sazpaimonits on the community repo03:42
itsnotabigtruckanyhow, you'll still be able to open a root shell with this thing03:44
itsnotabigtruckSazpaimon: what about this role system idea, that's one of the main things i'm getting at03:49
itsnotabigtruckone approach i was thinking of was, assign permissions to users (or assign permissions to roles and then 1 role to a user, same thing)03:49
itsnotabigtruckand then let the user specify which account to select permissions from (entering the pass for that account)03:50
itsnotabigtruckso inceptdo @root sh = root password, root permissions03:50
itsnotabigtruckinceptdo sh = user password, user permissions03:50
itsnotabigtruckusually the entire reason the user is running it is to get the @root permissions, and that model also isn't very flexible03:51
itsnotabigtrucke.g. what if you want to have more sets of privileges than 1 per user account03:54
mtddoes anybody know what setting I can change or file I can edit that will get me the clock on the standby screen of my N950?  I'm jealous of all the N9 users that seem to have this, but I've never seen anything on the screen when locked, only when the phone is off and charging (then I see a big-ish battery icon)04:10
itsnotabigtruckmtd: any opinion on this sudo business04:22
itsnotabigtruck(i know, this doesn't help with your question, but no one seems to be suggesting anything :/)04:23
*** phako has quit IRC04:23
mtditsnotabigtruck: just read it.  I don't count as inexperienced...but FWIW I also tend to open a root shell if I'm going to do more than one or two commands as root.  I'm OK leaving it open for a time, doesn't bother me.04:25
mtditsnotabigtruck: I of course got burned that way once or twice, and now do actually think about which shell I'm going to use depending on how careful I'm going to be :)04:25
mtditsnotabigtruck: I'm not sure you're going to spend your time wisely working around what experience is the best teacher of04:26
mtditsnotabigtruck: After two kids I know I prefer them to learn that I'm not just being a controlling parent when I tell them "be careful, you could get hurt if you touch that oven", and of course I don't try to teach that lesson when they could seriously hurt themselves, but I think at some point people are going to want to learn to think about this aspect of what they're doing or they're not.04:27
mtditsnotabigtruck: give them a big easy way to reset things back to a known working state (reflash), and then give them as much rope to hang themselves otherwise.04:28
mtditsnotabigtruck: but I don't know your problem space / use cases very well, so lots of this is probably beside the point, sorry04:28
Sazpaimon[21:25] <mtd> itsnotabigtruck: just read it.  I don't count as inexperienced...but FWIW I also tend to open a root shell if I'm going to do more than one or two commands as root.  I'm OK leaving it open for a time, doesn't bother me.04:47
Sazpaimonthank you04:47
*** crevetor has joined #harmattan04:53
mtdSazpaimon: heh04:54
mtdanybody used memotoo (syncml) for harmattan?  Would love a way to sync my contacts to evolution / desktop (no, Ovi's not working for me, duplicating stuff, etc, and I don't want to give everything to google either)04:55
itsnotabigtruckmtd Sazpaimon: let me emphasize, this isn't about opening a root shell vs not04:55
itsnotabigtruckit's about permissions04:55
itsnotabigtruckthe other part is totally on the wrong track, how to use the program is the prerogative of the user04:55
*** decibyte has quit IRC04:56
mtditsnotabigtruck: I guess I thought your question was more "if you had to use sudo or other fine-grained access control / permissions escalation tool, vs. one big hammer to let you do anything, what would you prefer?"04:56
mtditsnotabigtruck: is there a place I can read about the background so I give you a more relevant answer?04:57
itsnotabigtruckmtd: well, it's not like i've written up a document or wiki page04:57
itsnotabigtruckthe general problem is: how to make something better than opensh for privilege activation04:57
itsnotabigtruckthe only hard requirement is that it prompt for a password when activating privileges04:58
mtditsnotabigtruck: ah, ok, I don't know about opensh so will have to read about it04:58
itsnotabigtruckmtd: it's like develsh but instead of activating a few privileges, it activates all of them04:58
itsnotabigtruckand it doesn't ask for a password04:59
mtditsnotabigtruck: ah, I like the sound of activating all of the privileges...05:00
mtditsnotabigtruck: not fussed about the password prompting05:01
itsnotabigtruckmtd: well, some other people are, and frankly, providing no-password root access isn't that smart in the long term :p05:01
mtditsnotabigtruck: why not?  It's the users' phone.  By the time someone has a terminal / physical access, the phone is kinda gone.05:02
mtditsnotabigtruck: but don't worry, not too fussed so will let the other people that are hash it out.05:03
itsnotabigtruckmtd: if something like opensh becomes ubiquitous05:03
itsnotabigtruckthen half-assed devs will spawn things through it to do privileged actions05:04
franz`(like sudser on fremantle)05:04
*** decibyte has joined #harmattan05:06
itsnotabigtruckfranz`: is that an example of what to do, or what not to :p05:06
franz`not to :P05:06
itsnotabigtrucklooking up sudser, it looks like it asks for a password05:07
itsnotabigtruckwhat's the issue with it?05:07
franz`it doesn't05:07
franz` this thing requires it05:08
franz`and it uses to spawn processes as root on its whim05:08
itsnotabigtruckfranz`: lol05:10
itsnotabigtruck "Unlike most similar packages05:10
itsnotabigtruck (becomeroot, easyroot, rootsh), it can provide additional security05:10
itsnotabigtruck by protecting root access with a password"05:10
itsnotabigtruck(didn't realize that had newlines in it)05:10
itsnotabigtruckthe other thing - i was thinking about making it so that you wouldn't need to enter the password to activate the role for your current uid, i.e. you could inceptdo w/o a password as root05:13
itsnotabigtruckwhich could be used to make the root login shell have all capabilities f.ex05:14
itsnotabigtruckthe problem with that is: just about anything can assert uid::root05:14
itsnotabigtruckwhich could then obtain any credential from there05:14
itsnotabigtruckbut doc's pov is trying to keep capabilities away from someone who's already root is dumb05:14
itsnotabigtruckand there's a bit of logic to that05:14
itsnotabigtrucki guess the user could just use my program in place of devel-su altogether, that's probably a better idea05:17
mtditsnotabigtruck: yeah sounds like it's a more powerful devel-su05:19
mtditsnotabigtruck: I've not thought deeply enough about the threat model to opine on the best use of (your?) limited time.05:19
mtditsnotabigtruck: I bet we could talk for hours on the pros and cons of sudser, etc.05:20
Sazpaimontgalal never responded to my request to delay whatsapp for a week every time someone asks for an update05:25
mtdspeaking of security, what's the deal with dbus access denied messages: dbus-send --system --print-reply --type=method_call /com/nokia/mce/request string:"PatternPowerOff"05:26
mtd--> Error org.freedesktop.DBus.Error.AccessDenied: Rejected send message, 3 matched rules05:26
mtdman, this security stuff must keep some people well employed.  Just pisses me off most of the time :/05:27
itsnotabigtruckmtd: you need an aegis credential to do that05:27
mtditsnotabigtruck: develsh not enough?05:27
itsnotabigtruckthink something = DeviceModeControl or some such05:27
itsnotabigtruckopensh is05:28
mtditsnotabigtruck: first two things I do when ssh'ing in are always develsh + bash05:28
mtditsnotabigtruck: ok, thanks05:28
* mtd facepalms.05:28
itsnotabigtruckah, you're trying to control the led05:28
itsnotabigtrucki think it's mce::LEDControl05:28
mtditsnotabigtruck: yes05:28
*** teleshoes has joined #harmattan05:28
mtditsnotabigtruck: thanks05:28
mtditsnotabigtruck: how did you figure that out?05:28
itsnotabigtrucki didn't, but other people have experimented with the led05:28
itsnotabigtruckand been pissed that nokia denied led control to plebeians like us :p05:29
mtditsnotabigtruck: ah, ok.  I couldn't find any info on the led on the n950 using dbus-send.  Plenty on the n900...05:29
itsnotabigtruckif this is for something "real", be advised that users will need to incept the program05:29
mtditsnotabigtruck: how can I get opensh?  Do I need open mode or can I just install a deb or three on my standard PR1.2 installation?05:29
mtditsnotabigtruck: no, just playing05:30
teleshoesin this case, "real" means "commercial"05:30
mtdteleshoes: gotcha05:30
itsnotabigtruckteleshoes: or mainstream, anyway05:30
itsnotabigtruckmtd: inception05:30
teleshoesyou dont need opensh-05:30
teleshoesjust inception05:30
itsnotabigtruckyou need to install inception normally, then run pasiv, then incept opensh05:30
itsnotabigtruckright, you only need opensh for testing directly at the command line05:30
teleshoes{sry, misread question}05:31
itsnotabigtruckfor the actual program, you can assert ledcontrol in your manifest05:31
itsnotabigtruckand have users incept the deb05:31
itsnotabigtruckno opensh required05:31
mtditsnotabigtruck: sure, cool.  Thanks, I saw inception before but didn't have a chance to read through all the details on your web page05:32
teleshoesthe page goes into more detail than most people need, if they just want to install some non-nokia blessed debs05:33
itsnotabigtruckyeah, i guess my site is more than a little bit off-putting to many05:33
itsnotabigtruckand somebody here was chiding me for all the "blinkenlights" :p05:33
teleshoesi like it, btw05:33
teleshoesbut it no doubt pushes certain people away05:34
*** Jare has quit IRC05:34
mtditsnotabigtruck: am I correct in thinking that if I install inception and opensh using your instructions, which are basically "install inception.deb, run PASIV, install opensh deb", right -- then I will be able to use opensh instead of develsh and basically have all aegis-grantable privileges?05:35
itsnotabigtruckyeah, the problem is finding a balance between hacker chic and web two point oh05:35
itsnotabigtruckmtd: yep, but you have to install opensh through 'incept'05:35
itsnotabigtrucknot dpkg or pkgmgr05:35
mtditsnotabigtruck: it's not the blinkenlights, it's that it's a lot of text for someone who knows a bit about debs and aegis and develsh to get the essence05:35
mtditsnotabigtruck: gotcha05:35
itsnotabigtruckincept is a utility that installs a package into the trusted inception domain05:35
itsnotabigtruckinception doesn't mess with any of the defaults05:36
itsnotabigtruckit just adds its own domain off to the side05:36
mtditsnotabigtruck: I don't think I understand what "the inception domain" is05:36
itsnotabigtruckmtd: heh05:36
mtditsnotabigtruck: is that an aegis concept, "domain"?05:36
itsnotabigtruckyeah, it is05:36
*** dymaxion_ has joined #harmattan05:36
mtdah, making sense05:36
itsnotabigtruckyou might have noticed that when installing things, it says installing from
itsnotabigtruckor installing from ''05:36
itsnotabigtruckor installing from
itsnotabigtruckthat sort of thing05:36
teleshoeswhich is nonsense lies05:36
mtditsnotabigtruck: yup, noticed that05:36
mtdteleshoes: heh05:36
itsnotabigtruckthose are sets of privileges assigned to a particular signing key05:37
itsnotabigtruckinception adds another one05:37
mtditsnotabigtruck: ah, ok05:37
mtdah so "domain" is really just DNS domain, but specially privileged from aegis' POV05:37
itsnotabigtruckmtd: nah, there's no connection to dns05:38
itsnotabigtruckexcept that nokia sort of used a reverse-dns convention for naming some of them05:38
itsnotabigtrucka la java05:38
mtditsnotabigtruck: well not directly, sorry, yeah, I understood it as a naming scheme like java's that's similar in content to DNS for convenience05:39
itsnotabigtruckbut i guess a dns domain is generally controlled by some administrative domain05:39
teleshoesit would totally make senes05:39
itsnotabigtruckand each administrative domain would have its own aegis domain05:39
teleshoesif some third party signing body05:39
teleshoeswas responsible for signing them05:39
mtditsnotabigtruck: got it - the "domain" is just the name, it's the association of domain to a key and the key's privileges that's the imnportant part05:39
mtdteleshoes: sure05:39
teleshoesbut it is just fucking nonsense05:39
teleshoesthey should be named sensibly05:40
mtdteleshoes: well in theory, maybe, but in practice, seems like a sensible place to start before said trusted third party and welcoming user + developer ecosystem exist.05:40
mtdteleshoes: what should be named sensibly?05:40
teleshoes'installing from'05:40
mtdteleshoes: instead of should be super.trusted....?05:40
teleshoes'aegis permission level/name/thing: nokia-system'05:41
mtditsnotabigtruck: thanks, that makes things make a lot more sense for someone less familiar with the aegis universe of discourse05:41
mtdteleshoes: yeah, gotcha05:41
itsnotabigtruckyeah, the dns naming thing was probably a mistake05:41
itsnotabigtruckesp because it isn't applied consisently05:41
teleshoesi hate the convention in java packages too05:41
mtditsnotabigtruck: doesn't seem too bad to me05:41
teleshoesexactly05:41, but
mtditsnotabigtruck: in your "CONDUCT THE INCEPTION" instructions, the PASIV step is completely opaque to me05:42
teleshoesstrikes of businessy bureaucratic bureaucrats05:42
itsnotabigtrucka subordinate domain represents a delegation of trust, not a part of the same organization exactly05:42
Sazpaimoni cant for the life of me figure out how so many idiots managed to buy an N90005:42
mtditsnotabigtruck: what is pasiv?  why do I need it? etc.05:42
itsnotabigtruckmtd: pasiv is what does the magic05:42
Sazpaimoni always guessed that the N900 was for, well, you know05:42
Sazpaimonintelligent people05:42
itsnotabigtruckinstalling inception just puts the software on your N905:42
teleshoespasiv is opaque to me too05:42
itsnotabigtruckyou have to run pasiv to make it do anything05:42
mtditsnotabigtruck: ah so pasiv is part of what inception.deb installs?05:42
teleshoesits the hacky bit05:42
Sazpaimonbut i look at any thread on TMO05:43
teleshoespasiv is the nokia-security-hole exploitation05:43
Sazpaimonand almost all of them are littered with posts from complete idiots05:43
mtdteleshoes: ah ok.05:43
itsnotabigtruckSazpaimon: well, that's kind of a problem with forums in general05:43
mtdSazpaimon: ignorant people, probably.  Idiots might be a bit harsh.05:43
itsnotabigtruckmtd: imo idiots is about right05:43
teleshoesi dont think its harsh05:43
teleshoesthere are definitely stupid people05:44
Sazpaimoni just want to know where they got their devices05:44
teleshoesthey have job titles like senior vice-president of managing05:44
mtdstart a poll "what's your IQ" :)05:44
itsnotabigtruckthe other thing is, i want to say "it sounds dumb because they're new at english" or some such, but much of the time the posts are dumb no matter the language05:44
Sazpaimonhere's a random post05:44
Sazpaimonitsnotabigtruck, the language of stupid is universal05:45
itsnotabigtrucki guess the people who know what they're doing also often happen to have better writing05:45
teleshoesthe scary thing is05:45
Sazpaimonits like05:45
teleshoestheyre certainly smarter than half of the other people05:45
Sazpaimonwhat appeal did a device like the N900 have on these guys05:45
teleshoeswho cant think enough to sign up, find a place, and post05:46
teleshoestheir crazy stupidness05:46
mtditsnotabigtruck: it might be better to explain "pasiv will do the critical privilege escataion to allow you to do all the rest of the magic" in addition to the link to the strange PASIV user manual, but it's probably just an in joke that I wouldn't get05:46
Sazpaimonthat it was linux? im pretty sure many of them never even heard of linux05:46
itsnotabigtruckmtd: lol05:46
mtditsnotabigtruck: perhaps I can suggest something better than "rest of the magic", too05:46
Sazpaimonthat it was multitasking? symbian can multitask05:46
itsnotabigtruckit's called pasiv because that's what the dream machine is called05:46
Sazpaimonbecause it's a nokia? i would submit that there are a ton of nokia phones more suitable for these people05:46
teleshoesthe guide does go back and forth between elitist in-talk and baby-got-a-boo-boo05:46
itsnotabigtruckteleshoes:'s hard to write stuff targeted at a broad audience05:47
itsnotabigtruckand i probably was off the mark a bit05:47
teleshoesi think it did the job, though05:47
itsnotabigtruckteleshoes: which parts are the most condescending / the most opaque05:47
Sazpaimoni want to spend a day looking at old TMO posts and find the tipping point05:47
mtditsnotabigtruck: yeah, I get the etymology but it's not helping an ignorant person understand that particular step :)05:47
teleshoesof alluring people with a movie jokey thing05:47
Sazpaimonbecause ive been around TMO for years05:47
Sazpaimonand it was never, *never* as bad as it was today05:47
teleshoesthe pasiv thing like he says, and the opensh bit, and the thing at the bottom05:48
teleshoesi forget which, one tic05:48
Sazpaimonjust compare the N900 announcement thread to the N905:48
Sazpaimonboth very large, but you can clearly see the difference05:48
mtditsnotabigtruck: I would say that your instructions and tools are a HUGE improvement over anything else I've seen to do this type of thing05:48
mtdSazpaimon: any time you ask a large group of people for considered opinions you are going to get a race to the bottom of communication quality.05:49
teleshoesright, aegistctl05:49
itsnotabigtruckteleshoes: well, it gets progressively less detailed because i didn't want to retread over the same stuff already done in previous sections05:49
teleshoesi think a wiki would be best05:49
teleshoesbut i really like wikis05:50
mtditsnotabigtruck: so I'm trying to be constructive because it is really helpful, please don't think I'm being ungrateful.05:50
Sazpaimonalso, it seems in the last year ive heard the word "petition" thrown around tmo about 831 times05:50
itsnotabigtrucke.g. if you ran pasiv, you figured out how to launch the terminal, so there's no need for the [a) open terminal b) log into ssh] stuff past "conduct the inception"05:50
Sazpaimonmore or less05:50
itsnotabigtruckmtd: i don't think so at all05:50
mtditsnotabigtruck: just wanted to be sure, and confirm with some positive feedback :)05:50
itsnotabigtruckand yeah, i thought about opening an inception wiki, but getting a new wiki going is hard05:50
mtditsnotabigtruck: that's a fair point about progressively increasing concision in the instructions05:50
itsnotabigtruckand the maemo and meego wikis are pretty dead05:51
itsnotabigtruckbut at least they have content already05:51
mtditsnotabigtruck: I think that's a good approach05:51
mtditsnotabigtruck: err, no the wiki necessarily, talking about progressively increaing conciseness :)05:51
*** adlan has joined #harmattan05:51
mtdnot a terrible question, but ignorant, yes05:52
* mtd has no idea what ISC might mean, can't be bothered to think about that one05:52
Sazpaimoni think he meant ICS05:52
itsnotabigtruckSazpaimon: that's not unreasonable05:53
mtdSazpaimon: you baited me into replying :)05:53
itsnotabigtruckof a question, that is05:53
Sazpaimonexcept you can extract the kernel from any fiasco image05:53
itsnotabigtruckanswer is, do flasher -f -F main.img --flash-only=kernel, but that won't revert open mode05:53
Sazpaimoneasy peasy05:53
itsnotabigtruckand Sazpaimon: that's pretty much nowhere documented, i figured out you had to do that with flasher 3.5 by trial and error05:53
Sazpaimonthere was also one guy in the nitdroid thread that was doing "-flash-only=kernel" and couldnt figure out why it wasnt working05:54
mtdSazpaimon: yeah, but might not be obvious - don't underestimate how much info one needs to understand before things start to make sense05:54
itsnotabigtruckyou can't expect people to just know something when it's not at all intuitive even to skilled users05:54
Sazpaimondespite the fact that passing that command would show the help screen05:54
itsnotabigtruckand it's not documented anywhere except maybe a random irc log line or forum post05:54
Sazpaimonwhich CLEARLY shows that you need --flash-only05:54
Sazpaimonwith two dashes05:54
Sazpaimonim sorry, it just seems like people at TMO have little to no basic problem solving skills05:54
itsnotabigtruckSazpaimon: true, my point is though that this question is low on the ignorance scale05:54
itsnotabigtruckit's perfectly valid05:55
itsnotabigtruckthere's a lot of questions that aren't05:55
itsnotabigtruckor people that post over and over and over and over and over when no one answers in 5 mins05:55
Sazpaimonoh and then there's the overclockers05:55
Sazpaimonthe overclockers05:55
Sazpaimonwho get their N900 clocked to 1.5Ghz and wonder why its melting05:55
Sazpaimonand everything is crashing05:56
teleshoesmine had a ton of cpu errors at 110005:56
Sazpaimonand thats not even sarcasm05:56
teleshoes850 was stable05:56
mtdSazpaimon: heheh05:56
Sazpaimonim pretty sure people ask why their 1000mhz overclock isnt stable05:56
teleshoes1000 worked if i overvolted it05:56
*** e-yes has quit IRC05:57
Sazpaimoni can just understand why some people revert to trolling05:57
Sazpaimoni like that specc guy05:57
Sazpaimoneveryone has a fake N9 according to that guy05:58
Sazpaimonhe's ok in my book05:58
Sazpaimonhe's insisting that everyone who's N9 is peeling has a fake device05:58
itsnotabigtruckthere's a lot of dumb posts in my flashing guide thread05:58
itsnotabigtrucklike which image should i flash to, when i pretty much explained it in the op, and clarified in a bunch more posts05:59
Sazpaimonyes because people that make fake devices somehow manage to get the motherboard of the device05:59
Sazpaimonand just fake the casing05:59
Sazpaimonhappens all the time05:59
Sazpaimonwait, except it DOESNT05:59
teleshoesyou increased the likelihood of that rumour spreading but saying it in a matter of fact tone where the intarwabs could hear you06:00
teleshoesoh, a feature for inception that id like06:01
teleshoesa deb that ran pasiv during the install process06:01
teleshoescould be possible, right?06:01
teleshoesmaybe not06:01
itsnotabigtruckteleshoes: it's a bit problematic because of how pasiv works06:01
Sazpaimoni understand now why e-yes insisted on moving all nitdroid discussion to his own forum06:01
Sazpaimonbecause goddamn06:02
Sazpaimonwhat TMO needs is more nazi moderation06:02
itsnotabigtruckdpkg messes with the policy during the install process, pasiv also messes with the policy06:02
itsnotabigtruckSazpaimon: maybe06:02
itsnotabigtruckit seems like forum moderation usually ends up being on one extreme or the other06:02
itsnotabigtruckone can't force people to be civil or intelligent06:02
teleshoesyea, i agree06:03
Sazpaimonwell those people have no place on my internet06:03
teleshoeswhat can be done about it?06:03
itsnotabigtruckimo forum modding should be limited to operations like merging, stickying, moving06:03
itsnotabigtruckthe tmo mods don't even seem to be doing that06:03
teleshoesyea, there are like no mods06:03
teleshoesone model thats nice is a volunteer program for modding06:04
Sazpaimon[23:03] <teleshoes> but06:04
Sazpaimon[23:03] <teleshoes> what can be done about it?06:04
teleshoesyou need mods to do that06:04
teleshoesand nothing stops them from coming right back06:04
Sazpaimonor a well placed sql injection06:04
teleshoesthere are tons of determined trollers and determined idiots06:04
franz`it's a forum for a dead OS. time will take care of it lol06:04
itsnotabigtruckalso "nazi modding" never seems to recognize intent06:05
Sazpaimonfranz`, tell that to my-symbian06:05
teleshoesyea, moderators arent usually very devvy06:05
itsnotabigtruckit usually isn't just the idiots who bear the brunt of it06:05
Sazpaimontheir forums are still "alive" and "kicking"06:05
teleshoestmo is incredibly thrive-y06:05
franz`I should check the picodrive s60 thread, now that you reminded me06:05
teleshoestime will tear down the mountains06:05
Sazpaimoni think the problem is, and ive noticed this with all nokia devices, is after a few years the third world gets wind of a device06:06
Sazpaimonand thats when it becomes a problem06:06
Sazpaimoni noticed it with s60v206:06
teleshoeshmm, this is sounding suspiciously nazi-ish in general06:06
teleshoesthe problem is that with popularity, the idiots come out of the dark06:06
itsnotabigtruckSazpaimon: right, and that's sort of what i was hinting at with the english stuff earlier...but at the same time, you don't notice a lot of people are from the 3rd world because you have no reason to take notice, they speak just like everyone else06:06
teleshoesas they start hearing about it06:06
franz` still going on lol06:07
itsnotabigtruckbut then there's all these people with tech savvy about as good as their english savvy06:07
franz`~1 year bump too, nice06:07
Sazpaimonwhen opera released opera mobile, and made it s60v3 only, the s60v2 people came out of the woodwork06:07
Sazpaimondespite the fact that their OS was dead06:07
Sazpaimonand all of them seemed to be from developing countries06:08
Sazpaimonand india06:08
Sazpaimonindia isnt a developing country anymore right?06:08
itsnotabigtruckSazpaimon: sure it is06:08
itsnotabigtruckit probably defines "developing"06:08
itsnotabigtruckalong with brazil06:08
Sazpaimonim sorry but brazil is pretty much its own planet06:08
*** dymaxion_ has quit IRC06:08
Sazpaimoni dont even consider brazil to be part of earth06:09
Sazpaimoni dont have a problem with brazil06:09
teleshoesor mars?06:09
Sazpaimonits just that they live in their own little bubble06:09
itsnotabigtruckit's definitely a pretty weird place it seems, and their government has a rather isolationist trade policy06:09
teleshoesthings are different in brazil, to be sure06:10
itsnotabigtruckand a nonconvertible currency06:10
teleshoesugh yea06:10
Sazpaimonespecially with electronics06:10
Sazpaimonfun fact06:11
Sazpaimonin brazil, many video game series have their own canon06:11
Sazpaimonseperate from the rest of the world06:11
mtditsnotabigtruck: the warning about not upgrading to new firmware versions without confirming inception is compatible...06:11
mtditsnotabigtruck: is that gneeral boilerplate, or is there some known problem are?06:11
mtditsnotabigtruck: with my limited undrstanding I can't see what would be the problem06:12
Sazpaimonmtd, because inception exploits a part of aegis, nokia can patch it at any time06:12
mtditsnotabigtruck: unless I installed some packages that interfered with the new firmware's, etc.06:12
Sazpaimonthey wouldnt even need to issue a PR update06:12
Sazpaimonjust an update to developer-mode06:12
Sazpaimonthe way nokia wants you to get around aegis is through open mode06:12
itsnotabigtruckmtd: because there's no way to know with 100% certainty what pr1.3 will bring06:13
itsnotabigtruckSazpaimon: sort of...realistically they have to issue a pr update06:13
itsnotabigtruckand the pr update is 1.306:13
itsnotabigtruckmtd: so with pr1.3 being an unknown quantity, users are advised not just to hit the button without a second thought06:14
mtditsnotabigtruck: yeah, fair enough, just wondering if my understanding was deeply flawed06:14
mtdSazpaimon: understood06:14
itsnotabigtruckbut instead, go download the new inception when it's out06:14
mtdSazpaimon: the failure mode then is unclear to me though06:14
itsnotabigtruckmtd: it's not clear what'll happen when upgrading an already incepted phone to pr1.306:14
itsnotabigtruckinception might keep working, or they might put in a countermeasure06:15
itsnotabigtruckincepting with the *old version* after upgrading to pr1.3 definitely isn't going to work06:15
mtdSazpaimon: if I install some packages with inception, then nokia patches the hole, then presumably still running those packages' software should be fine06:15
mtditsnotabigtruck: ah, ok06:15
itsnotabigtruckmtd: if the pr1.3 upgrade leaves the policy alone it'll stay incepted06:15
teleshoesnokia can do absolutely anything they want in the pr upgrade06:15
itsnotabigtruckright, the whole thing is a wildcard06:16
teleshoesif they specifically hate inception, they can change policy06:16
teleshoesand invalidate everything06:16
teleshoesor they can wipe your phone if youve installed inception06:16
Sazpaimonif they dont fix inception, couldnt nitdroid work with closed mode kernel06:16
teleshoestheres a closed nitdroid kernel?06:16
itsnotabigtruckSazpaimon: nah, because nitdroid still requires a different kernel06:16
itsnotabigtruckand that means open mode06:16
Sazpaimonoh right duh06:16
mtditsnotabigtruck: ok, so just to see what I don't understand, if they change the policy, then is that policy, like, checked every time a binary installed under the aegis (heh) of that policy going to have it's privileges revoked, or is that just an install-time control?06:16
itsnotabigtruckwell, or if someone figures out how to kexec06:17
itsnotabigtruckthen you could boot closed mode with the regular kernel, then boot closed mode again with a custom kernel06:17
Sazpaimonitsnotabigtruck, kexec needs to be compiled in the kernel06:17
mtditsnotabigtruck: ...and thus then all those binaries are going to stop working?06:17
Sazpaimonwhich would trigger open mode06:17
itsnotabigtruckSazpaimon: well, you'd have to do something 'interesting' with a kernel module06:17
teleshoesmtd: its unlikely that your packages will stop working with pr1.306:17
teleshoesbut wait and see06:17
mtdteleshoes: understood then can change policy / wipe phone06:17
teleshoesbefore upgrading06:17
Sazpaimonmy basic understanding of inception is that in a chroot environment you have privlige escalation06:17
Sazpaimonis that right?06:17
mtdteleshoes: yeah, sure, just checking as it doesn't sound too scary06:18
itsnotabigtrucki highly doubt they're going to do anything too aggressive when it comes to un-doing inception on upgrade06:18
teleshoesim not worried06:18
itsnotabigtrucklike wiping phones06:18
mtditsnotabigtruck: sure06:18
teleshoesbesides, there will always be openmode06:18
teleshoesopenmode is nokia-blessed with fairy dust06:18
itsnotabigtruckmtd: just install inception, and when pr1.3 comes out, inception 0.2 will be there06:18
Sazpaimonopen mode is the way to go imo06:18
Sazpaimonno offense to inception06:18
itsnotabigtruckor whatever version number i put on it, anyway06:19
mtditsnotabigtruck: yup, installing :)06:19
teleshoesopenmode is only better because its guaranteed to still be there06:19
teleshoesinception has large advantages06:19
teleshoesdoesnt require reflash06:19
teleshoesdoesnt have big scary warning/disclaimer06:19
Sazpaimonopenmode doenst either06:19
teleshoesand makes aegis not suck06:19
Sazpaimonif you remove it beforehand06:19
teleshoesno reflash yea06:19
itsnotabigtruckSazpaimon: well, it definitely requires reflash to get *out* of open mode06:19
teleshoes{as of yday for me, yea}06:19
Sazpaimonbut once you get openmode set up, there's no reason to go bacl06:20
teleshoesi reflash like all the time06:20
teleshoesonce every two weeks at most06:20
mtditsnotabigtruck: wget is complaining about your links vs your SSL cert: ERROR: certificate common name `' doesn't match requested host name `'.06:20
mtditsnotabigtruck: very small nit, sorry :)06:20
mtditsnotabigtruck: perhaps I came in on the wrong link?  I had
Sazpaimonwget is annoying with many ssl sites06:21
Sazpaimonmtd, you want
Sazpaimonor just --no-check-certificate06:21
Sazpaimonwhich i do almost all the time now06:21
mtditsnotabigtruck: yeah, tried that, but, redirects06:21
mtditsnotabigtruck:, and then the warning gets triggered06:22
itsnotabigtruckSazpaimon: it's because harmattan comes with an old wget06:22
mtditsnotabigtruck: it's not a big deal at all, of course06:22
itsnotabigtruckand its ssl cert checking is dumb06:22
itsnotabigtruckthe cert is valid but wget doesn't think so06:22
Sazpaimonitsnotabigtruck, yeah harmattan's wge tdoesnt have subject alternative name support06:22
Sazpaimonin fact, i dont thinkt it has support for --content-disposition either06:22
Sazpaimonwhich makes downloading forum attachments a royal pain06:23
itsnotabigtruckwhoops, that was @mtd06:24
itsnotabigtruckand it's because startcom doesn't issue certs to bare domains06:24
itsnotabigtruckat least with the free account06:24
itsnotabigtruckit always issues to something.domain.tld + domain.tld as an alternative name06:25
itsnotabigtruckin this case something is www06:25
itsnotabigtruckso the domains are backwards from what i'd prefer06:25
itsnotabigtruckand it trips up wgey06:25
Sazpaimonactually i think it took the wget guys like06:25
mtditsnotabigtruck: yeah, understood06:25
Sazpaimon3 years to support subject alternative name06:25
Sazpaimoni love bugs that just sit in a bugtracker for years and nothing happens to them06:26
Sazpaimonespecially when theyre completely valid bugs06:26
itsnotabigtruckif you have an N950 you have curl which might work better06:27
itsnotabigtruckfor whatever reason curl is not part of the N9 builds06:27
teleshoescurl is in harmattan-dev06:29
*** aquarius has joined #harmattan06:33
*** dymaxion has joined #harmattan06:34
*** natunen has joined #harmattan06:35
mtditsnotabigtruck: I realised you're going to get even more tired of these nits, but says "INCEPTION is: ... Safe." and the PASIV disclaimer says "INCEPTION is a dangerous task".06:38
mtditsnotabigtruck: I don't know how to rectify this, because I get what you mean in both cases.06:38
mtditsnotabigtruck: it just appears a bit odd at first blush.06:38
itsnotabigtruckmtd: lol, good point06:39
itsnotabigtrucki wrote the web page and the pasiv disclaimer at different times06:39
itsnotabigtruckalso "inception is dangerous" had a nice ring to it06:39
mtditsnotabigtruck: of course, not an issue06:39
mtditsnotabigtruck: you have more important things to do06:40
mtditsnotabigtruck: just putting it somewhere in your swap space in case you come across that page later06:40
mtd :)06:40
itsnotabigtruck like putting off other work >_>06:40
itsnotabigtrucki'm tempted to just forget all the complicated features i was talking about for inceptdo and just have one function, prompt for the root password and activate all permissions06:41
teleshoesthat is the main use case, i think06:44
mtditsnotabigtruck: yeah seems quite useful06:44
teleshoesand none, for chaining with aegisctl06:44
*** teleshoes has quit IRC06:45
itsnotabigtruckalso i could implement the timestamp feature by taking the system monotonic clock and signing it with an aegis credential06:46
* mtd has never killed pkgmgrd before running apt-get install -- is it really necessary?06:48
itsnotabigtruckmtd: no, but nuking that dpkg lock file if it's there is06:52
itsnotabigtruckkilling pkgmgrd just makes sure it isn't actually doing anything when you do that06:52
mtditsnotabigtruck: gotcha - once it was there and I did need to, but it wasn't there this time06:52
mtditsnotabigtruck: thanks06:52
mtditsnotabigtruck: I'm confused by "opensh allows ... any program on your phone the same level of access.".  Presumably that's means that opensh will let whatever programs it invokes have full access (credentials or whatever the right term is are inherited), not that by running opensh, somehow all running processes now have all credentials, right?06:54
* mtd is going to stop with these documentation questions very soon, promise.06:54
itsnotabigtruckmtd: nah, it's fine, they're not bad questions06:55
itsnotabigtruckwhat i mean is that any program could do its bidding through opensh06:55
*** oberling_ has joined #harmattan06:55
itsnotabigtrucke.g. system("opensh")06:55
mtditsnotabigtruck: ah, due to lack of password, sure.06:56
itsnotabigtruckwithout being incepted, and thus requiring you to enter your root password to acknowledge it06:56
mtditsnotabigtruck: gotcha06:56
*** oberling has quit IRC06:56
mtditsnotabigtruck: yeah, I see the concern.  I think it's relatively theoretical, but you'll know you've arrived when malware starts probing for opensh's presence in a system :)06:57
mtdwow, I sure have a lot of groups when running opensh06:58
mtdthat dbus call works now, which is nice :)06:58
itsnotabigtruckmtd: or just apps written by people who don't know what they're doing06:59
itsnotabigtrucklike franz was talking about earlier w/ sudser06:59
mtdhmm, trying to run "/bin/bash" gets "Operation not permitted"06:59
itsnotabigtruckrainisto was concerned about opensh probing, though there's much worse issues than that06:59
mtditsnotabigtruck: yeah, I see (but can't get too worried about that problem)06:59
itsnotabigtruckyeah, read the next section in the docs, after the opensh part :p06:59
itsnotabigtruckand the end of the opensh part also07:00
mtditsnotabigtruck: doh, sorry07:00
itsnotabigtruckalso people on the forums have already suggested opensh probing as a real solution for things07:00
itsnotabigtrucklike coderus i think07:00
itsnotabigtruckso sooner or later someone is actually going to do that, lol07:01
mtditsnotabigtruck: sigh...sign there is a need for...something, I guess :)07:01
*** crevetor has quit IRC07:15
*** aquarius has quit IRC07:22
itsnotabigtruckmtd: any idea how sudo actually invokes its argument07:33
itsnotabigtrucklike does it run it through a shell, etc.07:33
*** djszapi has left #harmattan07:39
*** chouchoune has quit IRC07:50
*** jpwhiting has quit IRC07:59
*** lfrb has quit IRC07:59
*** Hei_Ku has quit IRC08:00
mtditsnotabigtruck: no, sorry...yeah that must be careful magic, that step08:18
*** lfrb has joined #harmattan08:20
*** jpwhiting has joined #harmattan08:20
*** jpwhiting has joined #harmattan08:20
*** Hei_Ku has joined #harmattan08:21
itsnotabigtruckmtd: i'm just going to use execvp08:26
itsnotabigtruckit looks like sudo does a lot of validation of things but that's mostly because sudo allows delegating to untrusted users08:26
itsnotabigtruckthis is exclusively for fully trusted users08:27
itsnotabigtruckonce the validation checks are passed it doesn't matter what happens as long as the user requested it08:27
*** djszapi has joined #harmattan08:35
djszapibef0rd: what you gave me is a daemon, not a library :/08:36
*** dymaxion has quit IRC08:38
*** xarcass has joined #harmattan08:42
*** psycho_oreos has joined #harmattan08:44
*** tgalal has joined #harmattan08:46
tgalalSazpaimon: LOL and that would delay the project for years08:47
*** rnovacek_away is now known as rnovacek08:53
*** dymaxion has joined #harmattan08:56
*** dymaxion_ has joined #harmattan08:57
DocScrutinizerwe're so happy aegis and now even inception are solving the problems we never had on regular systems, means those systems that had classical user / file permissions concept08:59
SpeedEvilDon't forget the cunning marketing that means most people interested can't buy it, so avoid any possibility of problems.08:59
*** dymaxion has quit IRC09:00
*** dymaxion_ has quit IRC09:12
*** miroslav has joined #harmattan09:16
*** dymaxion has joined #harmattan09:28
*** liar has joined #harmattan09:31
*** ciacon has joined #harmattan09:33
*** hardaker has joined #harmattan09:34
*** gabriel9 has quit IRC09:35
*** M4rtinK has joined #harmattan09:38
*** hardaker has quit IRC09:43
*** beford_ has joined #harmattan09:52
*** bef0rd has quit IRC09:52
*** djszapi has left #harmattan09:53
*** gabriel9|work has joined #harmattan09:57
*** ciacon has quit IRC10:01
*** aleksander_m has joined #harmattan10:03
*** bef0rd has joined #harmattan10:05
*** tbf has joined #harmattan10:06
*** leinir has quit IRC10:07
*** liar has quit IRC10:09
*** tgalal has quit IRC10:10
*** guruz is now known as mgoetz10:12
*** Stecchino has quit IRC10:15
*** tarantism has quit IRC10:15
*** bef0rd has quit IRC10:18
*** chouchoune1 has joined #harmattan10:20
*** chouchoune1 is now known as chouchoune10:20
*** leinir has joined #harmattan10:21
*** leinir has joined #harmattan10:21
*** Stecchino has joined #harmattan10:22
*** Stecchino has joined #harmattan10:22
*** jreznik has joined #harmattan10:24
*** Saviq_ has joined #harmattan10:25
*** Saviq_ has quit IRC10:28
*** cvaldemar has quit IRC10:35
*** heymaster has quit IRC10:39
*** M4rtinK has quit IRC10:49
*** smokex|away has quit IRC11:00
*** e-yes has joined #harmattan11:05
*** phako has joined #harmattan11:08
*** nwoki has joined #harmattan11:11
*** nwoki has joined #harmattan11:11
*** nwoki has quit IRC11:44
*** nwoki has joined #harmattan12:01
*** nwoki has joined #harmattan12:01
*** zk8 has joined #harmattan12:11
*** arcean has joined #harmattan12:15
*** aheinecke_ has joined #harmattan12:15
*** nwoki has quit IRC12:16
*** aheinecke has quit IRC12:19
*** zk8 has quit IRC12:25
*** e-yes has quit IRC12:51
*** snowpong has joined #harmattan13:01
*** lucido has quit IRC13:10
*** diorahman has joined #harmattan13:13
diorahmanWoohhooo, is this a good news for Qt and MeeGo?
diorahmanyeah, why?
bindiitsnotabigtruck: wut13:17
X-FadeArticles full of wishful thinking..13:17
bindioh nevermind13:18
*** lucido has joined #harmattan13:19
diorahmanJust for laugh :-)13:20
*** faenil has joined #harmattan13:24
*** diorahman has quit IRC13:25
*** lizardo has joined #harmattan13:27
*** adlan has quit IRC13:30
jrezniknokia still exists? :D13:35
*** SpeedEvil has quit IRC13:49
*** SpeedEvil has joined #harmattan13:52
*** faenil has quit IRC13:56
*** DocScrutinizer has quit IRC13:58
*** miroslav has quit IRC14:06
*** DocScrutinizer has joined #harmattan14:06
*** dm8tbr has quit IRC14:12
*** dm8tbr has joined #harmattan14:13
*** dm8tbr has quit IRC14:18
*** dm8tbr has joined #harmattan14:20
*** heymaster has joined #harmattan14:25
gabriel9|workyou guys don't trust nokia anymore :D14:26
gabriel9|workand why low end? everybody wants smartphone today to play games14:28
psycho_oreosI don't think anyone would trust nokia considering the way the handled the meego/maemo community. Not unless if they are a newcomer and are oblivious to the aforementioned fact14:28
*** natunen has quit IRC14:28
*** Natunen has joined #harmattan14:30
*** faenil has joined #harmattan14:35
*** arcean has quit IRC14:39
*** arcean has joined #harmattan14:42
jreznikbuild qt strategy, destroy qt strategy (and repeat the next billion without any info), force them to wp and then - hey, we have a new qt strategy, join us! :) that's great :)))14:44
Anssi138*gets popcorn*14:56
Khertanjreznik, there is no new qt strategy15:00
* Khertan just discover that is debian gnome session crash due to flash in iceweasel15:01
Khertan.... strange ...15:01
jreznikKhertan: I still believe there will be :)15:02
*** jluisn has joined #harmattan15:29
itsnotabigtruckdid some new info come out about these 2 new phones15:50
itsnotabigtruckbeyond the bs articles floating around yesterday15:50
*** folivora has quit IRC15:52
*** aquarius has joined #harmattan15:54
*** psycho_oreos has quit IRC15:54
*** xarcass has quit IRC16:00
*** jluisn has quit IRC16:05
*** jluisn has joined #harmattan16:05
*** adlan has joined #harmattan16:14
*** jluisn has quit IRC16:19
*** jluisn has joined #harmattan16:20
*** tbf_ has joined #harmattan16:22
*** folivora has joined #harmattan16:25
*** tbf has quit IRC16:26
*** etrunko has joined #harmattan16:26
itsnotabigtruck lol16:30
*** [XeN] has joined #harmattan16:35
*** tbf_ is now known as tbf__16:38
*** tbf__ is now known as tbf16:38
*** pinheiro has quit IRC16:39
*** pinheiro has joined #harmattan16:39
*** beford_ has quit IRC16:40
*** leinir has quit IRC16:57
gabriel9|worki don't get this stuff17:04
gabriel9|workwhat is the catch17:04
*** befr0d has joined #harmattan17:09
*** pinheiro has quit IRC17:09
*** benares_98 has joined #harmattan17:18
*** etrunko has quit IRC17:21
*** rm_work has joined #harmattan17:21
*** rm_work has joined #harmattan17:21
*** etrunko has joined #harmattan17:25
*** gabriel9 has joined #harmattan17:25
*** gabriel9_ has joined #harmattan17:28
*** gabriel9|work has quit IRC17:29
itsnotabigtruckgabriel9: the catch?17:30
itsnotabigtruckalso, speaking of morons on TMO...
*** [XeN] has quit IRC17:31
*** gabriel9 has quit IRC17:31
*** faenil has quit IRC17:42
*** faenil has joined #harmattan17:43
*** mzanetti has quit IRC17:50
*** Tronic has quit IRC17:50
*** Tronic has joined #harmattan17:51
*** mzanetti has joined #harmattan17:52
*** faenil has quit IRC17:56
*** lbt has quit IRC18:04
*** M4rtinK has joined #harmattan18:06
*** rnovacek has quit IRC18:16
*** gabriel9_ has quit IRC18:22
*** tomyri has quit IRC18:37
*** tomyri has joined #harmattan18:43
*** NIN101 has joined #harmattan18:45
*** M4rtinK has quit IRC18:52
*** arcean has quit IRC19:00
*** snowpong has quit IRC19:01
*** hardaker has joined #harmattan19:01
*** arcean has joined #harmattan19:11
Corsachmhm, can I select text from the n9 browser?19:17
itsnotabigtruckCorsac: nope, it's a notable limitation19:18
fluxhmm, but you can?19:19
fluxit came with pr1.219:19
itsnotabigtruckany idea why mkdir(2) might refuse to make a directory at ~/foo19:19
itsnotabigtruckflux: oh, ok19:19
itsnotabigtruckare you sure that's not just in the address bar19:19
fluxbasically hold your finger at some text and it starts19:19
itsnotabigtruckflux: ok19:19
fluxdo it over link and you have the option to do it19:19
*** folivora has quit IRC19:19
itsnotabigtruckany idea about the mkdir thing?19:19
fluxitsnotabigtruck, as root or user?19:19
itsnotabigtruckmkdir(1) - that is, the shell command - works fine19:20
fluxstrace mkdir ~/foo ten19:20
itsnotabigtruckin scratchbox, as user19:20
fluxooh scratchbox19:20
*** gabriel9 has joined #harmattan19:21
itsnotabigtruckbut in my c program it fails with "no such file or directory"19:21
flux1) strace mkdir19:21
itsnotabigtrucki'm wondering if mkdir doesn't know about ~19:21
flux2) strace yourproggy19:21
flux3) observe difference :)19:21
fluxmkdir doesn't know about ~19:21
fluxyou're really trying to mkdir '~/foo'?19:21
fluxyou need to expand it yourself19:21
fluxbtw, the strace would've revealed that as well ;)19:22
*** djszapiN9 has joined #harmattan19:23
itsnotabigtruckflux: and it did, just now...but i thought it was automatically expanded19:24
itsnotabigtruckdoesn't e.g. open("~/...", ...) work?19:24
itsnotabigtruckif so, a lot of other stuff wouldn't work19:24
itsnotabigtruck*if not19:24
fluxitsnotabigtruck, no, no c functions know about ~, only shell does19:25
flux~foo etc19:25
* infobot foo! || <action> bar etc || <reply> foo etc bar || foo19:25
itsnotabigtruckflux: cat: ~/test.txt: No such file or directory19:26
itsnotabigtruckhrm, indeed19:26
itsnotabigtrucknever realized that was shell magic19:26
itsnotabigtruckthought it was libc magic or something19:26
fluxthe only magic close to it I know of is the glob-function19:26
fluxbut that's it.19:26
fluxitsnotabigtruck, you do know that *.foo gets expanded by the shell as well?-)19:27
itsnotabigtruckflux: yeah19:33
itsnotabigtruckbut that's different19:33
virtualdhey guys do you think aegis has something to do with uefi secure boot?19:34
itsnotabigtruckvirtuald: no, not's the same general type of concept though19:36
SpeedEvilvirtuald: Seperate unrelated implementations.19:36
*** faenil has joined #harmattan19:37
*** pa has left #harmattan19:38
*** pa has joined #harmattan19:38
itsnotabigtruckvirtuald: also, aegis is really separate from the secure boot stuff19:39
itsnotabigtruckwhich is all in the bootloader19:39
itsnotabigtruckthat latter part would be more comparable to UEFI's setup, except19:40
itsnotabigtruckthe N9's arrangement, like most embedded devices, is to lock the device to officially shipped firmware19:40
itsnotabigtruckwhereas the UEFI setup is a lot more configurable than that19:40
SpeedEvilNot on ARM itsnotabigtruck19:40
itsnotabigtruckSpeedEvil: yeah :/19:41
itsnotabigtruckwell, not on tablets shipped for windows arm, which is going to be all the uefi tablets probably19:41
itsnotabigtruckis anyone able to connect to right now19:43
itsnotabigtruckwait, i just did19:43
itsnotabigtruckmy jabber server must be down independently of the server19:43
itsnotabigtrucklooks like it bombed out 6 hours ago :/19:45
*** jreznik has quit IRC19:47
*** M4rtinK has joined #harmattan19:49
*** NIN101 has quit IRC19:52
*** lbt has joined #harmattan19:53
*** lbt has joined #harmattan19:53
*** lmoura has quit IRC19:54
*** lmoura has joined #harmattan19:57
itsnotabigtruckok, finally got my home directory resolution working20:00
*** lucido has quit IRC20:04
*** lucido has joined #harmattan20:10
*** rlinfati has joined #harmattan20:22
rlinfatiis possible boot the n950 from a nfs root ?20:23
*** risca has joined #harmattan20:23
*** e-yes has joined #harmattan20:24
*** diorahman has joined #harmattan20:34
*** jluisn has quit IRC20:36
*** jluisn has joined #harmattan20:36
*** benares_98 has left #harmattan20:37
*** diorahman has quit IRC20:38
*** hardaker has quit IRC20:43
*** piggz has joined #harmattan20:43
*** ninnnu has quit IRC20:44
*** ninnnu has joined #harmattan20:44
*** faenil has quit IRC20:47
*** faenil has joined #harmattan20:47
*** tgalal has joined #harmattan20:48
*** piggz has quit IRC20:48
*** piggz has joined #harmattan20:49
*** faenil has quit IRC20:57
*** dymaxion has quit IRC20:57
*** mece has quit IRC21:02
*** piggz has quit IRC21:03
*** piggz_ has joined #harmattan21:03
*** befr0d has quit IRC21:04
*** jluisn has quit IRC21:10
*** jluisn has joined #harmattan21:10
*** jluisn has quit IRC21:14
*** jluisn has joined #harmattan21:15
*** jaywink has joined #harmattan21:17
*** rlinfati has quit IRC21:36
*** gabriel9 has quit IRC21:39
*** gabriel9 has joined #harmattan21:41
*** faenil has joined #harmattan21:43
*** pinheiro has joined #harmattan21:43
itsnotabigtruckanyone know the correct way to include the openssl blurb in a debian source package21:45
itsnotabigtruckhm, rereading the license i guess that's not needed21:46
*** mgoetz has quit IRC21:46
*** guruz has joined #harmattan21:46
*** etrunko has quit IRC21:47
*** jluisn has quit IRC21:52
*** jluisn has joined #harmattan21:53
*** jreznik has joined #harmattan21:55
*** Free-MG has joined #harmattan22:00
*** blueslee has joined #harmattan22:04
*** jluisn has quit IRC22:06
*** jluisn has joined #harmattan22:06
*** decibyte has quit IRC22:10
*** decibyte has joined #harmattan22:13
*** faenil has quit IRC22:13
*** blueslee has quit IRC22:20
*** aleksander_m has quit IRC22:26
*** jluisn has quit IRC22:26
*** jluisn has joined #harmattan22:27
*** tomyri has quit IRC22:27
*** etrunko has joined #harmattan22:29
*** jluisn has quit IRC22:38
*** jluisn has joined #harmattan22:38
*** Natunen has quit IRC22:52
*** tomyri has joined #harmattan22:59
*** Free-MG has quit IRC23:06
*** jaywink has quit IRC23:07
*** gabriel9 has quit IRC23:07
itsnotabigtruckwow, it's really dead today23:14
itsnotabigtruckwhat happened23:14
*** jreznik has quit IRC23:20
*** spenap has quit IRC23:20
*** spenap has joined #harmattan23:21
*** tomyri has quit IRC23:28

Generated by 2.15.1 by Marius Gedminas - find it at!