| *** eijk has joined #maemo | 00:00 | |
| DocScrutinizer05 | jonwil: core repos gone south | 00:00 |
|---|---|---|
| DocScrutinizer05 | nice URL http://www.archiveteam.org/index.php?title=Maemo | 00:01 |
| jonwil | yeah the nokia repos have been gone for a while (hence the fact that I am now using the maemo.muarf.org mirror :) | 00:02 |
| jonwil | I am also using a different repo mirror (probably ovi) from maemo-repos.com | 00:02 |
| *** louisdk has quit IRC | 00:03 | |
| jonwil | so what exactly is the discussion then? Something new about how to solve the core repo issue? | 00:05 |
| sixwheeledbeast | jonwil: HAM and /home/user/.hildon-application-manager/available-notifications file | 00:08 |
| sixwheeledbeast | starts here? http://mg.pov.lt/maemo-irclog/%23maemo.2015-12-26.log.html#t2015-12-26T00:20:50 | 00:10 |
| DocScrutinizer05 | ..and my rant about muarf being a nice but alas unapproved mirror | 00:10 |
| jonwil | ok, so HAM will download a file from a nokia server. Big deal, this doesn't help us (we dont own that server) | 00:11 |
| *** louisdk has joined #maemo | 00:12 | |
| DocScrutinizer05 | but when council gives excommunication and bashing to those who try to deal with approving and supporting obviously not-so-legal mirrors of copyrighted stuff, then we'll have to live with the situation that mirrors are not approved these days, and never again will be | 00:12 |
| DocScrutinizer05 | council and hildon foundation (or whatever is the name now) I have to say | 00:14 |
| jonwil | Seems like the people who supposedly run this community aren't (or weren't if it was different people at the time) running for the benefit of Maemo as a whole | 00:15 |
| *** louisdk has quit IRC | 00:19 | |
| DocScrutinizer05 | this was the time of "we negotiate with Nokia. We must not tell any details. We don't want to talk with you as Nokia might not like this" | 00:21 |
| DocScrutinizer05 | one guy even claiming he might get sued for crimes *I* do 3 years into the future when he gives me some money today for something completely unrelated | 00:22 |
| Oksanaa | Hmm, right now I am wondering if it is possible to negotiate with Nokia-Microsoft about DNS records... | 00:23 |
| DocScrutinizer05 | forget it | 00:24 |
| DocScrutinizer05 | we tried a dozen times | 00:24 |
| DocScrutinizer05 | Nokia won't pass control over *.nokia.com domains to you, no matter what | 00:24 |
| DocScrutinizer05 | when you're lucky, you eventually might own the *.maemo.org domains | 00:25 |
| DocScrutinizer05 | ooh, you already own the maemo.org - congrats, finally | 00:26 |
| DocScrutinizer05 | maybe you could check if HAM et al can work with it, and then get Nokia to change harmattan.nokia.com or whatever to a CNAME | 00:29 |
| DocScrutinizer05 | or maemo.downloads.nokia.com or whatever it been | 00:33 |
| DocScrutinizer05 | tabletteer.nokia.com | 00:33 |
| DocScrutinizer05 | warfare could request such changes and with some luck Nokia will implement them via their DNS management after weeks or months | 00:34 |
| bencoh | I highly doubt you'd ever get any *.nokia.com domain :) | 00:51 |
| *** LauRoman has quit IRC | 00:52 | |
| bencoh | "maemo.org" is a different story - pretty much nobody (outside of our small tech communities) knows what it is or how it's related to nokia | 00:52 |
| DocScrutinizer05 | no way we ever get *.nokia.com | 00:52 |
| *** eijk has quit IRC | 00:53 | |
| DocScrutinizer05 | Pali: freemangordon: please explain http://mg.pov.lt/maemo-irclog/%23maemo.2015-12-26.log.html#t2015-12-26T20:29:19 - I don't grok it | 00:53 |
| bencoh | as for "unapproved mirrors", I hope nobody really gives that any attention nowadays | 00:53 |
| *** RedW has quit IRC | 00:53 | |
| DocScrutinizer05 | bencoh: actually nobody but peeps in hildon foundation ever did | 00:54 |
| bencoh | DocScrutinizer05: I gathered that :) | 00:54 |
| Pali | DocScrutinizer05: HAM checks http page configured in system if it is not changed. and if it is changed it show notify message in status bar "new update" with text and link from that page | 00:54 |
| DocScrutinizer05 | Nokia is obliged by contracts not to publish those closed blob bits (like e.g. flash plugin, PVR lib etc), but they even encouraged users at time to create mirrors | 00:55 |
| bencoh | jonwil: btw, ovi is on maemo.muarf.org as well, but password-protected (with the password used for nokia repos) | 00:55 |
| *** RedW has joined #maemo | 00:55 | |
| bencoh | DocScrutinizer05: :-) | 00:55 |
| Pali | and we could use it to inform users that CSSU exists | 00:55 |
| DocScrutinizer05 | Pali: which URL this page is on? | 00:55 |
| bencoh | the tableteer one ? | 00:56 |
| Pali | http://tableteer.nokia.com/application-notices/notice-RX-51-fremantle | 00:56 |
| DocScrutinizer05 | Pali: alas that doesn't help since that's a Nokia URL | 00:56 |
| DocScrutinizer05 | we *might* talk Nokia into changing content of that page | 00:57 |
| Pali | long time ago Quim Gill wrote us that Nokia is happy with redistributing closed Nokia (C) bits of Maemo sw | 00:57 |
| DocScrutinizer05 | alas to me it seems http://tableteer.nokia.com is dead | 00:58 |
| DocScrutinizer05 | (quim) ack | 00:58 |
| Pali | see dig, it resolve to 217.77.202.40 | 00:58 |
| DocScrutinizer05 | hmm, and? | 00:58 |
| DocScrutinizer05 | still no response | 00:58 |
| Pali | is not it old ip range of maemo servers? | 00:59 |
| bencoh | SATAMA-NET | 00:59 |
| bencoh | mnt-by: ELISA-MNT | 00:59 |
| DocScrutinizer05 | http://wstaw.org/m/2015/12/26/plasma-desktopCS3616.png | 00:59 |
| Pali | DocScrutinizer05: I know, but nokia still has A record in DNS | 01:00 |
| bencoh | Pali: do you mean this page used to be hosted on maemo infra? | 01:00 |
| Pali | yes | 01:00 |
| bencoh | hmm | 01:00 |
| DocScrutinizer05 | umm, you could actually try convincing Nokia to point that URL to recent server IP | 01:00 |
| bencoh | interesting | 01:00 |
| bencoh | yeah | 01:00 |
| bencoh | s/url/dns/ | 01:00 |
| Pali | anyway downloads.maemo.nokia.com does not have A record anymore | 01:00 |
| DocScrutinizer05 | yep, dns | 01:00 |
| DocScrutinizer05 | we could ask nokia to create a new A record for that too | 01:01 |
| Pali | or we can try to contact SATAMA-NET/ELISA-MNT :D | 01:01 |
| DocScrutinizer05 | but that won't help since *we* are not allowed to hos a repo mirror | 01:02 |
| bencoh | or mnt-by: XENETIC | 01:02 |
| bencoh | DocScrutinizer05: maemo could do some redirection :° | 01:02 |
| DocScrutinizer05 | cyrcle closed | 01:02 |
| Pali | DocScrutinizer05: we are not allowd to host our version of notice-RX-51-fremantle file?? | 01:02 |
| DocScrutinizer05 | [2015-12-26 Sat 22:27:42] <DocScrutinizer05> the tricky part is: such patch to etc/hosts would need to point to a IP that holds the repos, which is... questionable | 01:02 |
| bencoh | :) | 01:03 |
| Pali | notice-RX-51-fremantle is announcement for *all* n900 devices with internet connection to show something | 01:03 |
| DocScrutinizer05 | Pali: we are allowed to do that. We are not allowed to host the repos and stuff usually found under downloads.maemo.nokia.com | 01:03 |
| *** futpib has quit IRC | 01:05 | |
| *** sunshavi has joined #maemo | 01:06 | |
| DocScrutinizer05 | anyway it seems to me the box behind http://tableteer.nokia.com is dead. A very usual thing with nokia boxes that are not maintained anymore but still akamai receives payment for the iron | 01:07 |
| DocScrutinizer05 | I've seen such zombie boxes linger on for years at nokia | 01:07 |
| bencoh | hmm I dont think akamai is still hosting (or receiving anything) for d.m.n.c | 01:08 |
| DocScrutinizer05 | of course not since that's a dead domain | 01:08 |
| bencoh | no I mean, even when hardcoding the akamai ip in /etc/hosts, they dont host anything there anymore | 01:08 |
| DocScrutinizer05 | though, you never know. I've even see zombie boxes under IPs where the DNS record vanished long ago | 01:09 |
| bencoh | so nokia notified akamai | 01:09 |
| DocScrutinizer05 | aah ok | 01:09 |
| DocScrutinizer05 | http://tableteer.nokia.com otoh obviously still exists | 01:09 |
| bencoh | (I tried that when the maemo.n.c NS vanished) | 01:09 |
| *** xorly has quit IRC | 01:10 | |
| DocScrutinizer05 | could run nmap against that box, to see if it's showing any sign of life still | 01:10 |
| Pali | do you have A records of downloads.maemo.nokia.com? | 01:10 |
| Pali | A records when worked? | 01:10 |
| DocScrutinizer05 | me not | 01:11 |
| bencoh | I used to | 01:14 |
| kerio | meh | 01:15 |
| kerio | maemo is like super dead anyway :c | 01:15 |
| jonwil | So Nokia unofficially has no problem with people hosting repo mirror but officially they cant endorse HiFo/maemo.org/etc hosting anything... | 01:18 |
| xes | kerio: if it's dead, why are loosing your time here? :) | 01:18 |
| kerio | necrophilia | 01:19 |
| jonwil | I for one don't consider Maemo dead... | 01:19 |
| kerio | the rotting, maggot-infested carcass of maemo 5 is still better than android | 01:19 |
| DocScrutinizer05 | jonwil: (endorse) exactly | 01:19 |
| Pali | ok, so we can power-up unofficial mirror for downloads.maemo.nokia.com? | 01:21 |
| Pali | without problems? | 01:21 |
| xes | kerio: a walking dead is always better than a spy-worm's slave | 01:22 |
| *** shentey has quit IRC | 01:22 | |
| kerio | indeed | 01:22 |
| jonwil | Ultimately I suspect its all academic since I seriously doubt MS/Nokia would ever point any *.nokia.com domain to any machine they don't control. | 01:25 |
| DocScrutinizer05 | Pali: yes, aiui | 01:26 |
| DocScrutinizer05 | jonwil: ack | 01:26 |
| Pali | do you have any contact to nokia? | 01:26 |
| DocScrutinizer05 | nope, afaik nobody has anymore | 01:27 |
| DocScrutinizer05 | there is no more nokia, as far as maemo is concerned | 01:27 |
| DocScrutinizer05 | if anybody still has any contacts then that's HiFo | 01:28 |
| DocScrutinizer05 | but I seem to remember their last contact waved a farewell long ago | 01:29 |
| *** Oksanaa has quit IRC | 01:29 | |
| Pali | http://www.microsoft.com/en-gb/mobile/support/product/n900/softwareupdate/ | 01:33 |
| jonwil | I dont see any reason why another mirror of downloads.maemo.nokia.com would somehow be any more useful than of maemo.muarf.org or maemo-repos.com | 01:34 |
| DocScrutinizer05 | Pali: ROFL | 01:34 |
| jonwil | I suspect that page is simply something from an old Nokia webpage grabbed up and reformatted onto a MS websie | 01:35 |
| DocScrutinizer05 | jonwil: it only would be more useful if it was as smartly crafted into a sekrit organizational network as skeiron was | 01:35 |
| Pali | http://www.microsoft.com/en-gb/mobile/support/product/n900/faq/?action=singleTopic&topic=FA121619&category=warrantyandrepair | 01:35 |
| Pali | :D:D | 01:35 |
| kerio | wat | 01:36 |
| Pali | dists/mistral | 01:36 |
| Pali | Could not resolve 'repositor.maemo.org'. | 01:36 |
| Pali | :D | 01:36 |
| DocScrutinizer05 | "was this helpful?" [X]NO | 01:37 |
| jonwil | what made skeiron better than other mirrors? | 01:38 |
| bencoh | they existed at that time :) | 01:38 |
| bencoh | err, they did not existed at that time | 01:39 |
| DocScrutinizer05 | jonwil: it was embedded into a sekrit organizational framework that ensured that the content on skeiron was authentic and untampered | 01:41 |
| DocScrutinizer05 | it also was maximum comprehensive | 01:41 |
| DocScrutinizer05 | with almost 2TB of data | 01:42 |
| DocScrutinizer05 | and though council and HiFo never knew, they actually had some indirect control over it | 01:42 |
| DocScrutinizer05 | they used that indirect control to nuke it | 01:43 |
| DocScrutinizer05 | now we got mirrors we know zilch about | 01:44 |
| Pali | what happened with skeiron mirror? | 01:46 |
| jonwil | AFAIK the mirrors we have are still signed (just with an expired key) so we should be able to verify that the signature is intact and the files on those mirrors are genuine | 01:46 |
| DocScrutinizer05 | it got discontinued when peeps at HiFo started bitching and acting destructive | 01:46 |
| *** Pali has quit IRC | 01:48 | |
| DocScrutinizer05 | to make things more bizarre: same peeps who formerly helped in inventing and supporting the whole thing | 01:48 |
| DocScrutinizer05 | jonwil: sure, that's true for the Nokia repos | 01:51 |
| DocScrutinizer05 | however that doesn't prevent any fraudulent stuff getting done to them tomorrow | 01:52 |
| *** sunshavi has quit IRC | 01:52 | |
| jonwil | Are there any other repos other than the Nokia repos (downloads.maemo.nokia.com) and the repos that exist on *.maemo.org? | 01:52 |
| DocScrutinizer05 | also note that we as well have no control whatsoever over the domain | 01:52 |
| DocScrutinizer05 | so if muarf or whatever mirror vanishes tomorrow, we're at square zero again | 01:53 |
| *** louisdk has joined #maemo | 01:54 | |
| DocScrutinizer05 | well, we can't do much about it. So it's futile to discuss it | 01:54 |
| * DocScrutinizer05 idly wonders if a CNAME for the downloads.maemo.nokia.com domain would work with ham/apt | 01:59 | |
| *** arossdotme-planb has joined #maemo | 02:00 | |
| DocScrutinizer05 | or a HTTP forward (301 Moved Permanently) | 02:01 |
| DocScrutinizer05 | dos1: could we create a subdomain downloads.maemo.neo900.org? and for now point it to muarf? | 02:03 |
| *** darkschneider has quit IRC | 02:03 | |
| *** darkschneider has joined #maemo | 02:03 | |
| DocScrutinizer05 | by either an A, CNAME, or even a webpage with a 301 - whatever works best for HAM | 02:04 |
| kerio | DocScrutinizer05: i think our apt doesn't follow redirects, idk about HAM though | 02:06 |
| DocScrutinizer05 | hmm, HAM uses apt | 02:06 |
| kerio | yeah but it's its own implementation, or something | 02:06 |
| DocScrutinizer05 | k | 02:06 |
| dos1 | DocScrutinizer05: we could, but for A/CNAME it most likely needs webserver config support on muarf side | 02:07 |
| dos1 | (vhost) | 02:07 |
| DocScrutinizer05 | :nod: | 02:07 |
| kerio | it's all in apt-worker | 02:07 |
| DocScrutinizer05 | that's what I meant by "we have no control over muarf" | 02:07 |
| DocScrutinizer05 | dos1: could we test if muarf has a catch-all (*) vhost? | 02:08 |
| dos1 | I have downloads.maemo.nokia.com pointed via /etc/hosts to my local PC configured to accept this vhost | 02:08 |
| dos1 | sure, just give me a link to muarf | 02:08 |
| DocScrutinizer05 | ~repo | 02:08 |
| infobot | repos is probably "deb http://maemo.muarf.org/apt-mirror/mirror/downloads.maemo.nokia.com/fremantle/ssu/apps/ ./ ;; deb http://maemo.muarf.org/apt-mirror/mirror/downloads.maemo.nokia.com/fremantle/ssu/mr0/ ./", or see http://wiki.maemo.org/Repository#List_of_Maemo_repositories | 02:08 |
| *** Arch-KT has joined #maemo | 02:10 | |
| dos1 | nope, default vhosts points to something that returns HTTP/1.1 401 Authorization Required | 02:11 |
| dos1 | s/vhosts/vhost/ | 02:11 |
| infobot | dos1 meant: nope, default vhost points to something that returns HTTP/1.1 401 Authorization Required | 02:11 |
| *** lool- has joined #maemo | 02:11 | |
| *** Arch-TK has quit IRC | 02:11 | |
| DocScrutinizer05 | grr | 02:11 |
| *** Arch-KT is now known as Arch-TK | 02:11 | |
| *** flo_lap has joined #maemo | 02:12 | |
| *** louis_ has joined #maemo | 02:12 | |
| DocScrutinizer05 | we need a mirror that allows council to point to it via a DNS record the community has under direct control | 02:12 |
| DocScrutinizer05 | so if anybody decides to take down the mirror, the DNS could get updated to point to another one | 02:13 |
| DocScrutinizer05 | or would the domain owner be responsible for content under a IP he doesn't own? | 02:14 |
| dos1 | I think that might depend on jurisdiction | 02:15 |
| DocScrutinizer05 | when neo900 points A to muarf, if somebody approaches me I only can take down the DNS record since I got no clue where and who is muarf | 02:15 |
| DocScrutinizer05 | I'd prefer a CNAME or 301 though | 02:15 |
| DocScrutinizer05 | CNAME should be resolver level, 301 alas is HTTP level | 02:16 |
| dos1 | A and CNAME are here virtually the same cases, the only thing that changes is that we wouldn't have to update our domain is muarf A record changes | 02:17 |
| DocScrutinizer05 | :nod: | 02:17 |
| DocScrutinizer05 | CNAME however documents that we're not necessarily owner of the domain | 02:18 |
| *** ab_ has joined #maemo | 02:18 | |
| *** ab_ has joined #maemo | 02:18 | |
| *** louisdk has quit IRC | 02:18 | |
| *** florian has quit IRC | 02:18 | |
| *** xes has quit IRC | 02:18 | |
| *** lool has quit IRC | 02:18 | |
| *** Mek has quit IRC | 02:18 | |
| *** ab has quit IRC | 02:19 | |
| *** ab_ is now known as ab | 02:19 | |
| DocScrutinizer05 | and since we're not related to council, we may point to a domain we shouldn't point to if we were council or HiFo | 02:19 |
| dos1 | well, instead of pointing to IP, you point to another domain - and you don't own that domain just the same way you don't own that IP | 02:19 |
| DocScrutinizer05 | yes, *I* know that ;-) | 02:20 |
| dos1 | not trying to explain technicalities to you :D I just don't see anything "documented" there regading the ownership | 02:20 |
| DocScrutinizer05 | the amount of ownership info differs between IP and domain though | 02:20 |
| *** Mek has joined #maemo | 02:21 | |
| DocScrutinizer05 | CNAME muarf.org; whois muarf.org | 02:21 |
| dos1 | ah, "look, whois says it's not mine" :) | 02:21 |
| DocScrutinizer05 | A <IP-of-muarf.org>; ??? IP | 02:21 |
| DocScrutinizer05 | yes, exactly | 02:22 |
| DocScrutinizer05 | warfare: would you consider using a "downloads.maemo.maemo.org CNAME muarf.org" a thing we might dare to do? | 02:23 |
| DocScrutinizer05 | prolly using a 'foreign domain' like downloads.maemo.neo900.org is less conflict potential for the maemo 'authorities' | 02:26 |
| DocScrutinizer05 | actually it's jussi who 'owns' maemo.org | 02:29 |
| DocScrutinizer05 | according to whois | 02:30 |
| DocScrutinizer05 | of course HiFo/whovernow-eV is the legal owner | 02:30 |
| *** xes has joined #maemo | 02:37 | |
| *** louis_ has quit IRC | 02:49 | |
| *** flo_lap has quit IRC | 02:55 | |
| *** vectis3 has joined #maemo | 02:56 | |
| M-bobsummerwill | Hello everyone! I'm a bit late to the party, I know but ... | 02:56 |
| M-bobsummerwill | https://twitter.com/doublethink_co/status/680056050880389120?s=09 | 02:56 |
| *** louis_ has joined #maemo | 03:02 | |
| *** SpeedEvil has quit IRC | 03:03 | |
| *** SpeedEvil has joined #maemo | 03:04 | |
| DocScrutinizer05 | humm, what is ethereum? | 03:16 |
| DocScrutinizer05 | the N+1'th container implementation? | 03:18 |
| *** louis_ has quit IRC | 03:22 | |
| *** SpeedEvil has quit IRC | 03:24 | |
| *** SpeedEvil has joined #maemo | 03:25 | |
| *** realitygaps has quit IRC | 03:32 | |
| *** vectis3 has quit IRC | 03:36 | |
| *** vectis3 has joined #maemo | 03:36 | |
| *** hashcore has joined #maemo | 03:50 | |
| Luke-Jr | DocScrutinizer05: a group of guys learning consensus systems; (possibly legally) funded by idiots who think it will become the next Bitcoin | 03:51 |
| DocScrutinizer05 | duh, realy? | 03:51 |
| DocScrutinizer05 | https://www.ethereum.org/ didn't give that away | 03:52 |
| DocScrutinizer05 | oh yeah, keywords "contracts" and "blockchain" | 03:53 |
| *** realitygaps has joined #maemo | 03:53 | |
| *** realitygaps has quit IRC | 03:53 | |
| *** realitygaps has joined #maemo | 03:53 | |
| *** Luke-Jr has quit IRC | 03:55 | |
| *** Luke-Jr has joined #maemo | 03:56 | |
| Luke-Jr | there may be ethical problems with their public-facing promotional materials (but I don't have time to go through them and state for certain) | 03:56 |
| DocScrutinizer05 | indeed that website doesn't tell too much about what this stuff _really_ is and does. I mean... "Ethereum is how the Internet was supposed to work." really now? | 03:58 |
| Luke-Jr | they take too much in the footsteps of many scam "altcoins" before them | 03:58 |
| Luke-Jr | basically trying to keep the scamcoin 'profits' but do it legit | 04:00 |
| DocScrutinizer05 | >>Ether is the internal 'fuel' of Ethereum. Programs running on Ethereum need to pay the network for the resources they consume.<< | 04:00 |
| DocScrutinizer05 | all sounds *very* cloudy and weird | 04:00 |
| Luke-Jr | it's basically stupid, but hopefully they'll learn something in the process of doing it | 04:02 |
| DocScrutinizer05 | why the heck would I "run a program on Ethereum"? | 04:02 |
| Luke-Jr | (no reasons come to mind) | 04:02 |
| DocScrutinizer05 | if this is the future then please I want to die before it becomes prevalent | 04:04 |
| Luke-Jr | it isn't. :P | 04:04 |
| Luke-Jr | Bitcoin has scaling problems already; with Ethereum's nonsense, those become 100000000 times worse | 04:05 |
| Luke-Jr | and Bitcoin's solutions no longer really work | 04:05 |
| Luke-Jr | essentially every program run "on Ethereum" really means every single computer in the Ethereum network is independently and redundantly executing it | 04:06 |
| DocScrutinizer05 | ouch | 04:06 |
| Luke-Jr | the same is more or less true of Bitcoin, but Bitcoin is specifically a single *simple* purpose (currency/finance), and there is scalability work to cut-through overlapping transfers | 04:07 |
| DocScrutinizer05 | doubleplusOUCH | 04:07 |
| Luke-Jr | (that is, if A pays B, B pays C, and C pays A, only the differences get settled on the public/shared ledger) | 04:07 |
| Luke-Jr | (more complex routing also possible of course) | 04:08 |
| DocScrutinizer05 | such a thing obviously can't scale | 04:08 |
| *** hashcore has quit IRC | 04:09 | |
| *** realitygaps has quit IRC | 04:09 | |
| Luke-Jr | DocScrutinizer05: the routing network is implemented without the shared execution | 04:10 |
| DocScrutinizer05 | M-bobsummerwill: >>So I have *cracked* and bought a N900 on eBay to see for myself what is so special about it.<< welcome on board :-) and you'll notice the most special thing about N900 is that there's aömost nothing special with it. It's smply a very small linux computer, with a phone built in | 04:11 |
| DocScrutinizer05 | a slightly unusual desktop manager called hildon - though you *could* even run KDE or whatever you like, on it | 04:13 |
| DocScrutinizer05 | and that's the very unusual thing for a phone: it's a very usual linux PC | 04:14 |
| *** jonwil has quit IRC | 04:17 | |
| *** realitygaps has joined #maemo | 04:19 | |
| *** realitygaps has quit IRC | 04:19 | |
| *** realitygaps has joined #maemo | 04:19 | |
| DocScrutinizer05 | M-bobsummerwill: or simply watch this: https://www.youtube.com/watch?v=66RBfrBgL2E | 04:21 |
| DocScrutinizer05 | M-bobsummerwill: first thing you want to do on N900: ~flashing anew, then open browser and navigate to http://maemo.cloud-7.de/maemo5/et_al/HAM-catalogs/muarf.install | 04:37 |
| DocScrutinizer05 | ~flashing | 04:37 |
| infobot | maemo-flashing is, like, http://wiki.maemo.org/Updating_the_tablet_firmware, or - on linux PC - download&extract http://maemo.cloud-7.de/maemo5/patches_n_tools/maemo-my-private-workdir.tgz, cd into it, do sudo ./flash-it-all.sh | 04:37 |
| DocScrutinizer05 | then: | 04:38 |
| DocScrutinizer05 | ~cssu | 04:38 |
| infobot | hmm... cssu is http://wiki.maemo.org/Community_SSU, or (Community Seamless Software Update) | 04:38 |
| *** Humpelstilzchen has joined #maemo | 04:47 | |
| *** eMHa__ has joined #maemo | 04:47 | |
| *** Defiant has quit IRC | 04:49 | |
| *** eMHa_ has quit IRC | 04:51 | |
| *** krnlyng has quit IRC | 05:11 | |
| *** krnlyng has joined #maemo | 05:12 | |
| *** ruskie has quit IRC | 05:15 | |
| *** realitygaps has quit IRC | 05:43 | |
| *** ruskie has joined #maemo | 05:43 | |
| *** protem has quit IRC | 05:48 | |
| *** realitygaps has joined #maemo | 05:58 | |
| *** realitygaps has quit IRC | 05:58 | |
| *** realitygaps has joined #maemo | 05:58 | |
| *** DocScrutinizer05 has quit IRC | 06:10 | |
| *** DocScrutinizer05 has joined #maemo | 06:10 | |
| *** Venusaur has quit IRC | 06:16 | |
| *** Roth has joined #maemo | 06:39 | |
| *** Venusaur has joined #maemo | 06:54 | |
| *** Arch-TK has quit IRC | 07:11 | |
| *** Ras_Older has quit IRC | 07:12 | |
| *** Arch-TK has joined #maemo | 07:27 | |
| *** Arch-TK has quit IRC | 07:32 | |
| *** Gadgetoid has quit IRC | 07:54 | |
| *** Gadgetoid has joined #maemo | 07:57 | |
| *** Arch-TK has joined #maemo | 08:09 | |
| *** jonwil has joined #maemo | 08:32 | |
| jonwil | hi | 08:34 |
| *** robink_ has quit IRC | 09:33 | |
| *** robink_ has joined #maemo | 09:33 | |
| *** Arch-TK has quit IRC | 09:33 | |
| *** robink_ is now known as robink | 09:45 | |
| *** coderus has joined #maemo | 09:50 | |
| coderus | plz save me | 09:50 |
| coderus | Sorry, it seems that you are using an IP address or a proxy that is listed in the forum anti spam blacklist. | 09:50 |
| coderus | Feel free to contact our staff on irc freenode #maemo channel. | 09:50 |
| coderus | 188.165.30.151 | 09:51 |
| KotCzarny | ~unbanip | 09:51 |
| infobot | i guess unbanip is please contact techstaff <at> maemo <dot> org with your request, or see ~techstaff | 09:51 |
| coderus | okay emailed, thx! | 09:53 |
| *** coderus has left #maemo | 09:53 | |
| *** Arch-TK has joined #maemo | 10:03 | |
| *** krnlyng has quit IRC | 10:10 | |
| *** flo_lap has joined #maemo | 10:15 | |
| *** Arch-TK has quit IRC | 10:19 | |
| *** Pali has joined #maemo | 10:24 | |
| *** krnlyng has joined #maemo | 10:24 | |
| KotCzarny | pali, why do you want to rely on .n.c/m$ anyway? | 10:24 |
| KotCzarny | imo there should be cssu release as a flashable firmware | 10:25 |
| KotCzarny | call it 1.4-cssu1 or something | 10:25 |
| *** vahe has joined #maemo | 10:25 | |
| KotCzarny | or just 1.4 | 10:25 |
| Pali | KotCzarny: we cannot redistribute nokia bins via r.m.o | 10:25 |
| Pali | only unofficial | 10:25 |
| KotCzarny | can't you do it unofficially? | 10:26 |
| Pali | how? | 10:26 |
| Pali | I want to have one "official" location | 10:26 |
| Pali | for all maemo stuff | 10:26 |
| Pali | and it is r.m.o domain | 10:26 |
| KotCzarny | make the image, put on the internet, google will direct people easily | 10:26 |
| Pali | it is "trusted" by all n900 users | 10:26 |
| KotCzarny | as most just want 'latest' | 10:26 |
| vahe | hi all :) | 10:26 |
| Pali | KotCzarny: ask merlin if he can host such firmware on site where is cssu-devel | 10:27 |
| Pali | and once we will have location where to host, I could prepare "firmware" file | 10:28 |
| *** sparetire_ has quit IRC | 10:28 | |
| KotCzarny | hmm, cssu-thumb might be nice candidate because 'its incompatible with regular stuff' | 10:28 |
| Pali | in cssu-devel is prepared new kernel | 10:29 |
| KotCzarny | and 'its untested/unstable' | 10:29 |
| Pali | with thumb support | 10:29 |
| KotCzarny | pali, i know, but if anyone asks why ;) | 10:29 |
| Pali | and after testing I would suggest to mark it as stable | 10:29 |
| KotCzarny | vahe: hi you | 10:29 |
| Pali | because kernel contains also fixes | 10:30 |
| *** flo_lap has quit IRC | 10:38 | |
| *** vahe has quit IRC | 10:41 | |
| *** Arch-TK has joined #maemo | 11:08 | |
| *** Ras_Older has joined #maemo | 11:11 | |
| * jonwil wonders what the minimum set of files required to get a N900 to boot is and how many of those remain closed source' | 11:15 | |
| jonwil | probably more than I thought (e.g. ICD is necessary) | 11:15 |
| KotCzarny | boot is one thing, boot maemo is another | 11:16 |
| kerio | to boot what? | 11:16 |
| kerio | yea | 11:16 |
| KotCzarny | for minimal set see rescueos | 11:16 |
| kerio | NOLO is closed i think | 11:16 |
| jonwil | yeah it is closed unfortunately :( | 11:16 |
| kerio | so | 11:17 |
| kerio | that's it really | 11:17 |
| kerio | and we can't run uboot directly because nolo does some hardware initialization that we're not aware of | 11:18 |
| jonwil | well if we can clone MCE and camera-ui and the various other packages, I am sure we could figure out the important bits of what nolo is doing. If I knew how to get nolo into IDA etc I would take a look myself. | 11:21 |
| KotCzarny | nolo is arm binary without any particular format, executed directly by cpu i think | 11:22 |
| kerio | well | 11:23 |
| jonwil | yeah but you need to know where in memory it sits and what's code and what's data and etc which isn't easy | 11:23 |
| kerio | ROMBL probably does stuff | 11:23 |
| KotCzarny | if you can get uboot into ida, then nolo is probably few first kbytes from the nand | 11:23 |
| KotCzarny | and i guess you will need to know asm well enough | 11:24 |
| jonwil | HexRays will help a bit with some of the work if you can get everything lined up properly | 11:25 |
| KotCzarny | i wonder if qemu would be able to boot from exact nand dump | 11:27 |
| jonwil | probably not since you dont have rombl | 11:27 |
| jonwil | and whatever rombl does | 11:27 |
| KotCzarny | http://wiki.maemo.org/N900_Hardware_Hacking/serial_dump | 11:28 |
| KotCzarny | Über-cool backlight fade-in took 9 ms | 11:29 |
| KotCzarny | hehe | 11:29 |
| Pali | KotCzarny: qemu implement only GP device (general purpose), not HS (high secure) | 11:30 |
| Pali | so qemu ROM cannot parse special header in x-loader where are certificates and RSA keys | 11:30 |
| KotCzarny | pali, did someone actually tried installing generic boot loader? | 11:30 |
| Pali | KotCzarny: nokia got us x-loader & nolo for GP devices | 11:31 |
| Pali | and this is used in qemu! | 11:31 |
| kerio | Pali: pls implement nolo in uboot :3 | 11:31 |
| Pali | kerio: do it yourself :-) | 11:31 |
| kerio | nu :c | 11:32 |
| KotCzarny | jonwil: also here: http://wiki.maemo.org/Firmware_hacking | 11:36 |
| bencoh | DocScrutinizer05: if you actually do it, please use a CNAME to maemo.muarf.org or whatever *.maemo.muarf.org subdomain, not just "muarf.org" :) | 11:39 |
| kerio | the muarf.org home page lists a SHA1 sshfp for a DSS key | 11:40 |
| kerio | do two wrongs make a right? | 11:41 |
| kerio | or is it just a double wrong | 11:41 |
| bencoh | hmmm? | 11:41 |
| bencoh | ah you mean sha1 is broken and dss should no longer be used? :D | 11:41 |
| kerio | it's also got a CAcert https certificate :\ | 11:41 |
| KotCzarny | muarf.org uses an invalid security certificate. | 11:41 |
| KotCzarny | The certificate is not trusted because it was signed using a signature algorithm that was disabled because that algorithm is not secure. | 11:41 |
| bencoh | I haven't updated it for a long time | 11:41 |
| kerio | oh god, a sha1 cert | 11:41 |
| kerio | bencoh: letsencrypt? :3 | 11:42 |
| bencoh | kerio: no fscking way | 11:42 |
| kerio | 3: | 11:42 |
| bencoh | not for now at least | 11:42 |
| kerio | y not | 11:42 |
| bencoh | their "automagic" stuff is .... awful | 11:43 |
| kerio | so don't use that client | 11:43 |
| kerio | there's plenty of other ACME clients | 11:43 |
| bencoh | yeah sure, like I want to let a cron update a file on my server so that they can fetch it - wtf is wrong with them? | 11:43 |
| *** xorly has joined #maemo | 11:43 | |
| bencoh | 1. I dont like the idea 2. it's http-centric | 11:44 |
| bencoh | 3. I dont like automagic stuff | 11:44 |
| bencoh | 4. I dont need my cert to change every 3 months | 11:44 |
| kerio | wut | 11:47 |
| *** pozitrono has joined #maemo | 11:47 | |
| KotCzarny | bencoh, still, you should update that cert to something more secure, otherwise there is no point in https/ssh | 11:47 |
| * jonwil is bored | 11:48 | |
| kerio | i mean, dns verification is coming soon, afaik | 11:48 |
| * jonwil has run out of N900 stuff to do | 11:48 | |
| bencoh | Signature Algorithm: sha256WithRSAEncryption | 11:51 |
| bencoh | according to openssl (?) | 11:51 |
| Pali | using non-own CA is unsecure | 11:52 |
| kerio | and short-lived certs are a workaround for the unreliable revocation of certs in the TLS PKI | 11:52 |
| Pali | just own certificates could be secure by definition | 11:52 |
| kerio | secure according to what | 11:52 |
| bencoh | Pali: :) | 11:52 |
| bencoh | kerio: according to "who can I trust" | 11:53 |
| Pali | secure according from client to server connection | 11:53 |
| KotCzarny | trust no 1 | 11:53 |
| kerio | no authentication | 11:53 |
| Pali | if I'm connecting from my mobile to server XYZ, then of course verisign or other CA has nothing to do with connection | 11:53 |
| Pali | it is peer-to-peer connection | 11:54 |
| kerio | yes, but there's no reasonable way to get your server to be trusted by a majority of clients without using a PKI | 11:55 |
| jonwil | Lets see what www.ssllabs.com has to say about maemo.muarf.org :P | 12:00 |
| jonwil | it points to a bunch of dangerously weak cyper suites and gives it a fail | 12:04 |
| Wizzup | jonwil: and now you have to wonder what maemo actually supports, with an aging openssl | 12:05 |
| kerio | *aging NSS | 12:06 |
| kerio | but yea | 12:06 |
| jonwil | depends whether you are talking SSL for the browser (which is NSS) or SSL for other things like apt-transport-https (which probably uses openssl) | 12:06 |
| Wizzup | or wget,curl,ssh :) | 12:07 |
| Wizzup | (the latter is not so relevant for http) | 12:07 |
| kerio | anyway, openssl 0.9.8 supports a vaguely decent cipher in DHE-RSA-AES256 | 12:07 |
| kerio | (or aes128 i guess) | 12:07 |
| jonwil | SSH is in extras so its age is less of a factor (its not installed by default and someone could update it to something modern without breaking things) | 12:08 |
| *** rm_work has quit IRC | 12:08 | |
| kerio | i updated mine to something modern :3 | 12:08 |
| kerio | i like me some ed25519 | 12:08 |
| *** Tekk_ has quit IRC | 12:08 | |
| *** Tekk_ has joined #maemo | 12:09 | |
| jonwil | yeah apt-transport-https does use openssl | 12:09 |
| *** flo_lap has joined #maemo | 12:09 | |
| kerio | we really ought to start using openssl 1.0.2 for extras | 12:09 |
| jonwil | we should ship latest openssl in community-ssu and recompile everything that uses it that is FOSS (or has been cloned) against that version too | 12:10 |
| kerio | let's move to libressl instead :> | 12:10 |
| jonwil | even better :) | 12:11 |
| kerio | i have to run openssl for my tls terminator :< | 12:12 |
| kerio | libressl doesn't have SSL_CTX_add_server_custom_ext | 12:12 |
| FIQ | file a bug report | 12:12 |
| kerio | it's already filed | 12:12 |
| *** xorly has quit IRC | 12:13 | |
| FIQ | make a pull request | 12:13 |
| Wizzup | kerio: would be good to push out open/libressl and then a recent ssh | 12:13 |
| *** realitygaps has quit IRC | 12:13 | |
| Wizzup | jonwil: +1000 | 12:13 |
| bencoh | 12:10 < kerio> let's move to libressl instead :> | 12:16 |
| bencoh | and rewrite everything? yeah, sure, good luck :p | 12:16 |
| *** flo_lap is now known as florian | 12:16 | |
| kerio | it's very api-compatible | 12:16 |
| jonwil | I am going to go through my on-disk copy of the stock N900 root filesystem, identify everything that links to openssl and make a post about it | 12:17 |
| KotCzarny | how very is very? | 12:17 |
| jonwil | documenting all the binaries that link to openssl | 12:17 |
| jonwil | whether they are open or closed | 12:17 |
| jonwil | what package they are in | 12:17 |
| kerio | KotCzarny: you could be missing some include or something like that | 12:17 |
| jonwil | and if they are closed, what openssl functions they call | 12:17 |
| KotCzarny | kerio: is there any distro that uses libressl by default? | 12:17 |
| kerio | openbsd | 12:17 |
| KotCzarny | and for linux world? | 12:18 |
| kerio | linux sucks | 12:18 |
| FIQ | yeah but no sane people use openbsd ;) | 12:18 |
| KotCzarny | having linux distro patches would ease eventual fixing | 12:18 |
| kerio | os x's openssh is statically linked against libressl | 12:18 |
| kerio | KotCzarny: oh there's a ton of those actually | 12:18 |
| Wizzup | bencoh: libressl works quite well | 12:18 |
| kerio | openbsd ports and the like | 12:19 |
| Wizzup | bencoh: gentoo has it for most major packages too | 12:19 |
| kerio | freebsd ports, too! | 12:19 |
| Wizzup | KotCzarny: perhaps alpinelinux uses it, otherwise perhaps voidlinux | 12:19 |
| Wizzup | KotCzarny: and for gentoo you can just set USE="libressl" | 12:19 |
| *** rm_work has joined #maemo | 12:19 | |
| jonwil | We dont need to replace every single binary that calls openssl in order to improve security (for example its unlikely to matter so much if something like the ActiveSync/Exchange support is still using weak old OpenSSL 0.9.8 | 12:22 |
| FIQ | it does for people who actually use that | 12:22 |
| Wizzup | that and you can have both openssl 0.9.8 and libressl installed | 12:23 |
| Wizzup | (or openssl 0.9.8 and openssl 1.0.2) | 12:23 |
| jonwil | It also depends on exactly which calls in openssl each closed-source binary is making | 12:26 |
| jonwil | If its only calling functions to do, say, SHA1 hashing and isn't using any of the actual SSL logic, it probably isn't a security problem. | 12:26 |
| Wizzup | It would be great if it could all be switched over to a new libre/openssl though | 12:35 |
| Wizzup | If then mainline kernel is managed somehow, you'd have one even more epic system :) | 12:35 |
| KotCzarny | then all we would need is thinning/removing apps | 12:37 |
| KotCzarny | having 128M of ram free would make it usable | 12:38 |
| freemangordon | jonwil: what were those 2 functions that were waiting to be REed in devicelock? | 12:38 |
| freemangordon | and could I have your IDA DB, to not reinvent the wheel | 12:38 |
| jonwil | its libcodelockui that needs work done | 12:39 |
| freemangordon | ok, whatever it is, just hand me the DB :) | 12:39 |
| jonwil | I believe I gave you my latest IDB before | 12:40 |
| jonwil | but yeah let me get it anyway | 12:40 |
| jonwil | the missing ones should be marked with todo in the code IIRC | 12:41 |
| jonwil | https://drive.google.com/file/d/0B9idqO9KygGsdXltRVBEYWtUQmM/view?usp=sharing | 12:41 |
| jonwil | latest db | 12:41 |
| freemangordon | ok, thanks | 12:42 |
| xes | coderus seems gone ..next time time i hope he would provide real ip while asking for a check of the ban.. | 12:43 |
| freemangordon | jonwil: wht is the "todo mark", 'z' at the beginning of the name? | 12:43 |
| jonwil | cant remember off the top of my head | 12:44 |
| freemangordon | ok, will check against the source code | 12:44 |
| *** futpib has joined #maemo | 12:45 | |
| KotCzarny | xes, most of those people are from shared ips with reported spammers anyway | 12:46 |
| KotCzarny | xes, maybe you should add info about it too, and probably link to google in form: http://google.com/?q=$ip | 12:47 |
| xes | KotCzarny: yes, i know. I want give support explaining and checking. ..But that ip isn't banned and never asked for a TMO page | 12:53 |
| KotCzarny | xes, i think you can do /whowas coderus and use that one | 12:54 |
| KotCzarny | or just reply to his mail | 12:54 |
| xes | in fact, coderus is logged in TMO now... | 12:57 |
| KotCzarny | so, either a spammer or clueless user | 13:03 |
| ceene | jonwil: maybe a priority regarding ssl is QT itself | 13:03 |
| KotCzarny | - coderus is ~coderus@static.88-198-208-108.clients.your-server.de (backdoor) | 13:03 |
| jonwil | QT is open source so its easy to fix | 13:03 |
| KotCzarny | nice 'realname' | 13:03 |
| ceene | i know for a fact that by default it tries to use unsecure algos | 13:03 |
| *** KotCzarny has quit IRC | 13:03 | |
| *** KotCzarny has joined #maemo | 13:04 | |
| jonwil | I am concerned about the closed source bits so we know what might be worthwhile targets for cloning | 13:04 |
| ceene | on yappari i had to forbid it from using ssl3 beause the servers were rejecting that kind of connection | 13:04 |
| ceene | i guess that gtk/qt will make the majority of ssl users | 13:05 |
| ceene | but certain closed sources could use openssl by themselves, that's true | 13:05 |
| KotCzarny | wow, maemo.sexy domain is free to register | 13:07 |
| KotCzarny | is.my.maemo.sexy ;) | 13:07 |
| ceene | lol | 13:07 |
| *** realitygaps has joined #maemo | 13:08 | |
| *** louis_ has joined #maemo | 13:12 | |
| *** Roth has quit IRC | 13:35 | |
| *** rm_work has quit IRC | 13:47 | |
| jonwil | http://talk.maemo.org/showthread.php?p=1492735#post1492735 | 13:47 |
| jonwil | So there are a total of 9 binaries that are closed source and call openssl functions | 13:50 |
| KotCzarny | how did you make that list? ldd? | 13:50 |
| jonwil | no | 13:51 |
| jonwil | I have a local copy of a stock untouched (e.g. no optification) root filesystem on my disk | 13:51 |
| jonwil | I searched that for everything that linked to libssl and libcrypto | 13:51 |
| *** Halftux has joined #maemo | 13:51 | |
| KotCzarny | but how did you actually test if package links to libssl | 13:51 |
| jonwil | Its easy enough to tell by searching for the right strings (i.e. libssl.so and libcrypto.so) | 13:53 |
| jonwil | So then I matched each of those binaries (the ones referencing libsso and libcrypto in their strings) to a package | 13:54 |
| jonwil | and then for the closed source ones I dumped a list of symbols | 13:54 |
| jonwil | list of imported symbols | 13:54 |
| jonwil | and compared it to the list of symbols exported from libssl/libcrypto | 13:54 |
| KotCzarny | uhum | 13:54 |
| jonwil | trust me when I say that the info in the forum thread is accurate and complete | 13:54 |
| Wizzup | Use ldd? | 13:54 |
| Wizzup | Ah | 13:55 |
| Wizzup | Sorry. Didn't read up. | 13:55 |
| kerio | jonwil: is that only for the default rootfs, though? | 13:55 |
| jonwil | yes only for the stock rootfs | 13:55 |
| jonwil | I dont see anywhere else where there are closed source binaries that need examination | 13:55 |
| kerio | idk, the nokia repo | 13:56 |
| Pali | jonwil: can you look at http://talk.maemo.org/showpost.php?p=1491455&postcount=476 ? | 14:01 |
| jonwil | I tried to find where nokia debugging messages come from but was unable to properly reverse engineer the relavent bits (my clone does the same job as stock but it does it in a different way) | 14:02 |
| Pali | just add them into your clone | 14:03 |
| Pali | run binary and copy strings (if you do not know from where comes from) | 14:03 |
| Pali | this should be easy | 14:03 |
| *** louis_ has quit IRC | 14:04 | |
| *** geaaru has joined #maemo | 14:05 | |
| *** rm_work has joined #maemo | 14:06 | |
| Halftux | Pali you still need this available-notifications file? | 14:09 |
| jonwil | ok, so I checked the list of packages that http://mirrors.muarf.org/maemo/apt-mirror/mirror/downloads.maemo.nokia.com/fremantle/ssu/mr0/ (nokia repo) says it provides against the list of packages installed on the root filesystem image I have | 14:16 |
| jonwil | Then for the ones on the repo but not the root FS I checked if they were in the SDK repo as source | 14:17 |
| jonwil | and for the few that aren't FOSS, they aren't using OpenSSL (I checked) | 14:17 |
| Pali | Halftux: of course :-) | 14:17 |
| jonwil | so http://talk.maemo.org/showthread.php?p=1492735#post1492735 contains the complete list of all the closed-source things talking to openssl unless there is a repo somewhere I dont know about | 14:18 |
| jonwil | and we now have enough information (hopefully) to evaluate each of those closed binaries and figure out what the security risks might be going forward if those binaries continue to talk to openssl 0.9.8 | 14:19 |
| jonwil | hmmm, I never knew modest used microb-engine... | 14:22 |
| KotCzarny | almost everything in maemo uses microb engine | 14:22 |
| KotCzarny | at least if there is html involved in app | 14:23 |
| jonwil | yeah :) | 14:23 |
| *** florian has quit IRC | 14:24 | |
| Halftux | Pali: I had a look at my phone which had ota updates from Nokia. But the file was not there. Then the yellow update notification pops up and a file available-notifications.tmp was created. I think when the blinking stops the file disappears. After ignoring the updates a seen-updates file was created. Don't know if the temp file is of any help sadly I was to slow to copy it. | 14:25 |
| jonwil | The good news is that everything talking to NSS seems to be FOSS | 14:28 |
| jonwil | microb-engine and bits of modest being the main ones | 14:28 |
| jonwil | so it should be possible to replace NSS with something newer (and make any necessary changes in microb-engine etc) easily enough | 14:29 |
| Wizzup | I guess it's very hard to port microb engine to use newer firefox engines | 14:29 |
| jonwil | yes it is | 14:30 |
| jonwil | for a bunch of reasons including Flash | 14:30 |
| jonwil | but updating NSS and the security sensitive stuff should be possible without breaking things | 14:31 |
| bencoh | modest depends on NSS? | 14:31 |
| xes | Flash? Who is so mad to use it? | 14:31 |
| jonwil | yes it does | 14:31 |
| bencoh | oh and, seriously, flash... | 14:31 |
| bencoh | I'm sure most of us would be happy to trade a flash-enabled browser with a real "fast" html5-compatible browser | 14:32 |
| Pali | Halftux: .tmp file is created and HAM try to download new version to it from nokia server (which is down) | 14:32 |
| Wizzup | jonwil: I think gnash does better flash than the maemo flash :) | 14:33 |
| jonwil | Fennec probably has just as many security issues as microb but since its not an official part of the system (not even sure where it comes from) its not within the scope of CSSU | 14:35 |
| Halftux | Pali: ok I see | 14:35 |
| jonwil | and therefore CSSU people dont need to care about fixing it | 14:36 |
| jonwil | main thing is, we have target list for closed source binaries that may present security risk if not moved to newer openssl | 14:37 |
| Wizzup | :) | 14:39 |
| bencoh | hmm, looks like curl on maemo doesnt make any use of tlsv1 (?) | 14:44 |
| bencoh | error SSL routines:SSL23_GET_SERVER_HELLO ... | 14:44 |
| *** Vajb has quit IRC | 14:50 | |
| *** realitygaps has quit IRC | 14:56 | |
| *** Fulltux has joined #maemo | 15:04 | |
| *** realitygaps has joined #maemo | 15:06 | |
| *** Halftux has quit IRC | 15:06 | |
| jonwil | would be good to see security improvements for Maemo | 15:11 |
| jonwil | but its a matter of finding people who understand the libraries and code involved (openssl, libcurl, microb, nss etc) | 15:12 |
| KotCzarny | in case of libressl it could be as simple as recompiling | 15:12 |
| jonwil | for the things that are FOSS yes | 15:12 |
| KotCzarny | (and source available) | 15:12 |
| jonwil | but for the closed source things we need to figure out which ones are using openssl in a way that matters for security | 15:13 |
| jonwil | also we need to deal with how certain things use openssl (e.g. lubcurl and libqt4-network) to make sure they use it in a way that is secure | 15:13 |
| jonwil | i.e. selecting the right algorithms and stuff and not claiming to support the old insecure stuff | 15:14 |
| *** vahe has joined #maemo | 15:14 | |
| *** florian has joined #maemo | 15:17 | |
| bencoh | is libcurl part of the stock system? | 15:17 |
| jonwil | yes it is | 15:17 |
| bencoh | ah. | 15:18 |
| jonwil | its used by (among other things) apt-transport-https | 15:19 |
| jonwil | and nokia maps | 15:19 |
| jonwil | and flash | 15:20 |
| jonwil | and activysync daemon | 15:20 |
| jonwil | activesync | 15:20 |
| bencoh | hmm | 15:21 |
| jonwil | hmm what? | 15:21 |
| bencoh | then we need to either patch it to use the tlsv1 function or try to pull a recent version from upstream | 15:22 |
| bencoh | first option is probably the easiest one | 15:22 |
| *** Vajb has joined #maemo | 15:22 | |
| jonwil | yeah once we have newer openssl/libressl we need to fix up libcurl so that it makes the right calls to openssl to do all the correct security stuff (and none of the stuff we dont want like sslv3) | 15:23 |
| *** florian has quit IRC | 15:25 | |
| bencoh | we dont even need to upgrade for that | 15:27 |
| bencoh | (ssl*_ | 15:27 |
| *** florian has joined #maemo | 15:40 | |
| *** florian has quit IRC | 15:49 | |
| merlin1991 | iirc curl in cssu is "newer" and should behave better | 15:51 |
| jonwil | we do, we dont just want TLS1.0 we want whatever the latest TLS standard is | 15:51 |
| jonwil | TLSv2 or whatever it is | 15:51 |
| bencoh | merlin1991: in -testing maybe | 15:51 |
| bencoh | (-testing/-devel) | 15:52 |
| merlin1991 | bencoh: yep | 15:52 |
| merlin1991 | (testing) | 15:52 |
| merlin1991 | iirc luf did that | 15:52 |
| bencoh | luf? | 15:52 |
| merlin1991 | hm stable also has curl 7.26 | 15:54 |
| bencoh | yeah, that's what I have here as well | 15:58 |
| *** hashcore has joined #maemo | 15:59 | |
| *** realitygaps has quit IRC | 16:00 | |
| *** hashcore has quit IRC | 16:07 | |
| *** FlameReaper-PC has joined #maemo | 16:12 | |
| *** realitygaps has joined #maemo | 16:15 | |
| *** realitygaps has quit IRC | 16:20 | |
| *** realitygaps has joined #maemo | 16:31 | |
| *** realitygaps has quit IRC | 16:46 | |
| ceene | qt4 doesn't support tlsv1.2 i think | 16:50 |
| ceene | or at least it needs openssl 1.0.1 | 16:50 |
| ceene | so... | 16:51 |
| ceene | sometime in the future we may be not even able to access https sites? | 16:51 |
| jonwil | depends what browser you are using | 16:53 |
| jonwil | microb needs nss updated | 16:53 |
| ceene | i was trying to get at why getmewheels wasn't working | 16:54 |
| jonwil | fennec is likely using its own copy of NSS (although by all accounts there are builds of Fennec for the N900 that are a fair bit newer than microb) | 16:54 |
| ceene | and it's because car2go site uses tlsv1.2 | 16:54 |
| ceene | getmewheels an interface to an http based api | 16:54 |
| *** vahe has quit IRC | 16:54 | |
| ceene | so... this application is now useless | 16:54 |
| jonwil | its not useless, it just needs someone to bring newer OpenSSL to Maemo then someone to fix QT to use the new OpenSSL and pick the best/most secure/etc settings | 16:55 |
| ceene | i don't think it's going to be very easy, isn't it? | 16:55 |
| jonwil | it probably wont be as hard as it looks... | 16:56 |
| Sicelo | sorry to go back to 'old' news ... i don't understand the significance of the file Pali was working on for HAM. we've been getting updates without it. what is it important for? | 16:57 |
| *** realitygaps has joined #maemo | 16:57 | |
| Pali | Sicelo: update for stock n900 devices | 16:58 |
| Pali | not apt update, just pop-up note with URL link | 16:58 |
| *** louis_ has joined #maemo | 17:01 | |
| jonwil | ok, zzz time | 17:02 |
| jonwil | cya later :) | 17:02 |
| KotCzarny | sicelo: it was to notify users that dont know about t.m.o or w.m.o or cssu that there is something they can install | 17:02 |
| *** jonwil has quit IRC | 17:02 | |
| KotCzarny | pali, but if the sources for ham are available, maybe its just as simple as pushing updated ham into extras? | 17:03 |
| Pali | KotCzarny: no, HAM does not allow updates for NokiaSSU packages which are not from NokiaSSU repo | 17:04 |
| Pali | it has special pinning in HAM for it | 17:04 |
| KotCzarny | uhum | 17:04 |
| Pali | reason why we need to patch everything in CSSU | 17:04 |
| Pali | CSSU installer adds new repo with higher priority | 17:04 |
| Pali | and so this repo can update packages also from NokiaSSU repo | 17:05 |
| Pali | it is security framework, something like in harmattan, but fully open and configurable | 17:05 |
| KotCzarny | btw. if m$ ever decides to revive nssu repos and push rogue things there to install bugs, will they succeed? | 17:05 |
| *** Pali has quit IRC | 17:06 | |
| *** louis_ has quit IRC | 17:13 | |
| Sicelo | why would they do that? | 17:18 |
| Sicelo | thanks for explanation by the way :) | 17:19 |
| KotCzarny | sicelo, because evil people often do evil things | 17:19 |
| *** guest123 has joined #maemo | 17:19 | |
| guest123 | there also is http://maemo-repos.com/apt-mirror/ | 17:20 |
| guest123 | http://talk.maemo.org/showthread.php?t=95870 | 17:20 |
| *** guest123 has left #maemo | 17:20 | |
| KotCzarny | wtf was that? | 17:20 |
| sixwheeledbeast | Singapore calling... | 17:21 |
| *** vahe has joined #maemo | 17:36 | |
| *** freemangordon has quit IRC | 17:37 | |
| *** realitygaps has quit IRC | 17:40 | |
| *** krnlyng has quit IRC | 17:49 | |
| *** heroux has quit IRC | 17:50 | |
| *** ced117 has quit IRC | 17:50 | |
| *** realitygaps has joined #maemo | 17:57 | |
| *** krnlyng has joined #maemo | 18:02 | |
| *** freemangordon has joined #maemo | 18:03 | |
| *** ced117 has joined #maemo | 18:04 | |
| M-bobsummerwill | DocScrutinizer05 and infobot: Thanks! Will do that when my N900 arrives. | 18:06 |
| KotCzarny | infobot is a bot | 18:07 |
| KotCzarny | infobot: botsnack | 18:07 |
| infobot | aw, gee, KotCzarny | 18:07 |
| Wizzup | aw, gee, KotCzarny | 18:07 |
| M-bobsummerwill | Doesn't mean I can't say thanks :-) | 18:08 |
| KotCzarny | wizzup: rollover | 18:08 |
| Wizzup | \o/ | 18:08 |
| KotCzarny | bob: sure, why not | 18:08 |
| M-bobsummerwill | :-P | 18:08 |
| *** FReaper-PC has joined #maemo | 18:11 | |
| *** heroux has joined #maemo | 18:12 | |
| *** FlameReaper-PC has quit IRC | 18:14 | |
| M-bobsummerwill | Luke-jr: It sounds like you've already made up your mind about Ethereum, but for everybody else's benefit, let me reply. | 18:16 |
| M-bobsummerwill | In summary, Bitcoin introduced two new innovations at the same time: | 18:16 |
| M-bobsummerwill | Block-chain. Decentralized open ledger, consensus mechanism. | 18:16 |
| M-bobsummerwill | Crypto-currency built on top of that block-chain. | 18:16 |
| M-bobsummerwill | Great stuff. However, the "VM" for the Bitcoin block-chain was designed only for that single purpose. You can transfer crypto-currency excellently, but using it as a consensus mechanism for other purposes is hard. You see a bunch of other "Bitcoin 2.0" projects coming into existence which are piggy-backing on the Bitcoin block-chain for things like land registry, digital assets, insurance, etc. The problem they | 18:16 |
| M-bobsummerwill | all have is that the Bitcoin block-chain really wasn't designed for that. | 18:16 |
| M-bobsummerwill | Ethereum block-chain is Turing-complete, so you can build anything on it. | 18:16 |
| M-bobsummerwill | Now of course, it's not at all intended as a replacement for local CPUs. That would be insane. It's probably trillions of times slower. Obviously. | 18:17 |
| M-bobsummerwill | It's just intended for consensus | 18:18 |
| M-bobsummerwill | Accounts. Who owns A, B, C. | 18:18 |
| M-bobsummerwill | And then the "new stuff" over Bitcoin is that you can build (simple) behaviours on top. AKA - "smart contracts", which are self-executing. Like our friend "infobot" | 18:19 |
| M-bobsummerwill | ie. If Condition A then pay money to account B. | 18:19 |
| M-bobsummerwill | Escrow | 18:19 |
| M-bobsummerwill | Insurance | 18:19 |
| M-bobsummerwill | Shares | 18:19 |
| M-bobsummerwill | Voting mechanisms | 18:19 |
| M-bobsummerwill | blah blah blah | 18:20 |
| M-bobsummerwill | But all just on the Ethereum block-chain using the basic functionality of the system, rather than wedged into the Bitcoin block-chain with a crow-bar and external systems. | 18:20 |
| M-bobsummerwill | That's about it. | 18:20 |
| M-bobsummerwill | http://devcon.ethereum.org | 18:20 |
| M-bobsummerwill | Not a shitcoin. It' | 18:21 |
| M-bobsummerwill | It's a technology | 18:21 |
| M-bobsummerwill | You have a real absence of the speculators in Ethereum. It's all technologists. | 18:21 |
| *** vahe has quit IRC | 18:28 | |
| *** Vajb has quit IRC | 18:30 | |
| *** Vajb has joined #maemo | 18:38 | |
| *** louisdk has joined #maemo | 18:49 | |
| *** realitygaps has quit IRC | 19:02 | |
| *** realitygaps has joined #maemo | 19:02 | |
| *** realitygaps has quit IRC | 19:02 | |
| *** realitygaps has joined #maemo | 19:02 | |
| *** louisdk has quit IRC | 19:05 | |
| *** realitygaps has quit IRC | 19:07 | |
| Luke-Jr | M-bobsummerwill: lol | 19:16 |
| Luke-Jr | M-bobsummerwill: maybe if any of the people working on Ethereum ever did Bitcoin development, they would have realised Bitcoin already does basically everything useful that Ethereum aims to do | 19:17 |
| *** realitygaps has joined #maemo | 19:25 | |
| *** realitygaps has quit IRC | 19:25 | |
| *** realitygaps has joined #maemo | 19:25 | |
| *** sq-one has joined #maemo | 19:40 | |
| *** Vajb has quit IRC | 19:42 | |
| *** Vajb has joined #maemo | 19:44 | |
| *** eMHa__ has quit IRC | 19:45 | |
| *** eMHa has joined #maemo | 19:45 | |
| *** sparetire_ has joined #maemo | 20:04 | |
| *** LjL^ has joined #maemo | 20:05 | |
| *** LjL has quit IRC | 20:07 | |
| *** LjL^ is now known as LjL | 20:07 | |
| M-bobsummerwill | Luke-jr: I don't know quite why you are being so aggressive and religious here. Vitalik Buterin, the creator of Ethereum, co-founded Bitcoin magazine in 2011, and is no crypto-dummy. It must be delightful for you to have such utterly certainly in your own opinions that you can discard the efforts of thousands of people to advance the state of technology. Also, delightful that there is "one true way". | 20:11 |
| Wizzup | -> private messages? | 20:18 |
| M-bobsummerwill | Or "let's agree to disagree", I think. | 20:19 |
| M-bobsummerwill | Anyway ... I'll get going with my N900 development as-and-when. Best wishes, everyone! | 20:20 |
| *** eMHa has quit IRC | 20:20 | |
| *** Vajb has quit IRC | 20:22 | |
| *** Vajb has joined #maemo | 20:24 | |
| *** thuttu77 has quit IRC | 20:26 | |
| xes | what is this? Advertising channel? | 20:39 |
| APic | What does it look like? | 20:40 |
| KotCzarny | looks like proud software dev overdefending his work | 20:41 |
| xes | an advertising monologue? | 20:41 |
| KotCzarny | + backlock reading | 20:41 |
| KotCzarny | *backlog | 20:41 |
| *** eMHa has joined #maemo | 20:49 | |
| *** realitygaps has quit IRC | 20:53 | |
| *** realitygaps has joined #maemo | 20:56 | |
| *** realitygaps has quit IRC | 20:56 | |
| *** realitygaps has joined #maemo | 20:56 | |
| *** trumee has quit IRC | 21:02 | |
| *** trumee has joined #maemo | 21:04 | |
| *** eMHa has quit IRC | 21:22 | |
| useretail | hey everyone, i had power kernel and decided to return back to stock, so i launched Nokia kernel from menu and restored stock kernel (got successful message) after that removed power kernel settings package. but after reboot device went to reboot loop: nokia logo screen with usb icon appears on pale screen. after that black screen lights up and after few seconds reboots. any suggestions? | 21:24 |
| *** thuttu77 has joined #maemo | 21:27 | |
| freemangordon | useretail: it might be that kernel could not find its modules, try to flash kernel-power again, by using the flasher | 21:29 |
| useretail | freemangordon: ok, so what do i need to flash exactly? looks like i had that problem some time ago. i have uImage-2.6.28.10-power52 and zImage-2.6.28.10-power52 images | 21:33 |
| freemangordon | useretail: maybe first try to use zImage, and tell the flasher to only boot that kernel | 21:37 |
| freemangordon | then you can flash wuth uImage | 21:37 |
| freemangordon | *with | 21:37 |
| KotCzarny | or just try to use flasher to BOOT without flashing | 21:46 |
| KotCzarny | right. | 21:46 |
| useretail | KotCzarny: how? i can't get it stop rebooting | 21:46 |
| freemangordon | KotCzarny: please help him, as I don;t have time now | 21:47 |
| *** eMHa has joined #maemo | 21:47 | |
| KotCzarny | useretail, grab the kernel power image package on pc, unpack it | 21:51 |
| useretail | KotCzarny: yeah, i have done that already | 21:52 |
| KotCzarny | flasher-3.5 -k kernelimgfile -l | 21:52 |
| KotCzarny | there is also -b param to set default cmdline for kernel | 21:54 |
| *** florian has joined #maemo | 21:55 | |
| KotCzarny | By using the "-l" option, we do not flash the kernel or initrd image. | 21:55 |
| KotCzarny | It only loads the kernel into RAM. No modification on the NAND or bootloader happens. | 21:56 |
| KotCzarny | 0xFFFF also can load kernel | 21:56 |
| KotCzarny | 0xFFFF -m kernelfile -l | 21:56 |
| KotCzarny | i assume you know how and when to connect n900 | 21:57 |
| KotCzarny | if not, run flasher/0xffff command first, then connect (powered off) n900 via usb cable to computer | 21:57 |
| useretail | ok, flashed the kernel. but it still doesn't boot and more importantly doesnt charge from wall charger | 22:05 |
| KotCzarny | did you use -l ? | 22:08 |
| KotCzarny | -l mean to 'load/boot only' not actual flashing | 22:08 |
| useretail | well i actually flashed: flasher-3.5 -k zImage-2.6.28.10-power52 --flash-only=kernel -f -R | 22:09 |
| KotCzarny | eh | 22:09 |
| KotCzarny | anyway, you can still try to boot | 22:09 |
| KotCzarny | as n900 is unkillable by flasher-3.5 | 22:09 |
| useretail | ok, how to extract and flash default stock nokia kernel only? | 22:10 |
| KotCzarny | but are you sure power52 was your kernel? | 22:10 |
| KotCzarny | i think most recent is 54 | 22:10 |
| useretail | yeah, absolutely | 22:10 |
| freemangordon | useretail: use rootfs image and tell the flasher to flash kernel only | 22:11 |
| KotCzarny | fmg, but if he is missing modules as you suspected it wont help at all | 22:11 |
| KotCzarny | useretail, you can also boot rescueos | 22:12 |
| KotCzarny | and check which modules dirs you have under /lib/modules/ | 22:12 |
| freemangordon | KotCzarny: but there should be at least *some* modules | 22:12 |
| KotCzarny | also, it can charge the battery | 22:12 |
| freemangordon | yeah, rescueos might help | 22:12 |
| KotCzarny | but beware, if you discharge battery too much, you wont be able to boot anything | 22:13 |
| KotCzarny | (unless you have second device in which you can recharge it) | 22:13 |
| useretail | ok, booted rescueos. how to run charger script? | 22:17 |
| freemangordon | ~rescueos | 22:18 |
| infobot | somebody said rescueos was http://n900.quitesimple.org/rescueOS/ | 22:18 |
| freemangordon | useretail: https://n900.quitesimple.org/rescueOS/rescueOS-1.2/documentation.txt | 22:18 |
| freemangordon | "/rescueOS/charge21.bash" | 22:18 |
| freemangordon | useretail: mount maemo rootfs and check what is in /lib/modules | 22:21 |
| freemangordon | then either flash the correct kernel (if there is anything in /lib/modules) or copy the needed debs to the device, chroot to maemo and install them | 22:22 |
| *** eijk has joined #maemo | 22:23 | |
| *** FlameReaper-PC has joined #maemo | 22:31 | |
| *** FReaper-PC has quit IRC | 22:33 | |
| useretail | there are: 2.6.28-omap1 2.6.28.10-bfs10 2.6.28.10-power53 current | 22:34 |
| useretail | how to detect which ones are in current? | 22:34 |
| useretail | ok figured out | 22:35 |
| *** trumee has quit IRC | 22:39 | |
| freemangordon | useretail: are there any files in 2.6.28-omap1? | 22:40 |
| *** darkschneider has quit IRC | 22:40 | |
| *** eijk has quit IRC | 22:40 | |
| useretail | freemangordon: one moment. i rebooted to see if flashing power53 will boot device | 22:42 |
| freemangordon | ok | 22:43 |
| useretail | yeah, it worked. | 22:47 |
| KotCzarny | yeah. 52 for sure? | 22:47 |
| useretail | no, 53 | 22:47 |
| KotCzarny | > but are you sure power52 was your kernel? | 22:47 |
| KotCzarny | <useretail> yeah, absolutely | 22:47 |
| useretail | lol | 22:47 |
| useretail | i was wrong | 22:47 |
| useretail | i guess | 22:48 |
| KotCzarny | now update to 54 and be happy | 22:48 |
| KotCzarny | or go cssu | 22:48 |
| freemangordon | :) | 22:51 |
| useretail | while upgrading i ran out of free space on rootfs, so i cancelled kernel upgrade. after that was struggling to remove some stuff to freeup some space, than decided to remove power kernel and go back to stock, than that | 22:51 |
| KotCzarny | :) | 22:51 |
| useretail | geez | 22:51 |
| KotCzarny | if you are cautious you can move some things from / to /opt and symlinking back | 22:51 |
| useretail | enough experiments for today | 22:52 |
| useretail | i need to work tomorrow | 22:52 |
| useretail | thanks for the help guys | 22:53 |
| useretail | cya around | 22:53 |
| * useretail off to bed | 22:53 | |
| DocScrutinizer05 | hhhh, ubi0:rootfs 228M 184M 40M 83% / | 23:05 |
| DocScrutinizer05 | hmmm even | 23:05 |
| *** Fulltux has quit IRC | 23:22 | |
| *** darkschneider has joined #maemo | 23:40 | |
Generated by irclog2html.py 2.15.1 by Marius Gedminas - find it at mg.pov.lt!
