IRC log of #maemo for Thursday, 2016-02-11

*** cccnnjj has joined #maemo00:05
*** xes_ has quit IRC00:06
*** xes_ has joined #maemo00:07
*** arcean has quit IRC00:12
*** eijk has joined #maemo00:19
*** eijk_ has quit IRC00:22
*** TriztAway has quit IRC00:22
*** Trizt has joined #maemo00:22
*** till has quit IRC00:22
*** till has joined #maemo00:23
*** florian has joined #maemo00:24
jonwilIs there anyone around who can help me out by testing something on their N900?00:25
Sicelo009Nwhat is it, and what conditions for the test?00:28
*** eijk has quit IRC00:30
*** lobito has quit IRC00:31
*** lobito has joined #maemo00:32
*** M4rtinK2 has joined #maemo00:33
*** krnlyng has quit IRC00:36
*** pagurus has joined #maemo00:36
*** Pali has quit IRC00:37
*** krnlyng has joined #maemo00:41
jonwilI just want someone to try installing my new updated maemo-security-certman packages and then see what happens when they visit certain https websites00:44
jonwilDoesn't matter if you are running CSSU or not or what, I just want more data points00:44
jonwilright now we have one data point (me) that says "its broken" and another one from the forum that says "it works"00:45
Sicelo009Ni saw the thread00:45
Sicelo009Nokay. will install00:45
bencohI guess you're just not trying the same sites?00:45
Sicelo009Nthey are :)00:46
jonwilwe are definatly trying the same sites00:48
jonwilSicelo009N: Are you running CSSU?00:48
Sicelo009Nyes, cssu testing on one, and thumb on the other.00:49
*** xes__ has joined #maemo00:51
jonwilok, great00:51
*** xes_ has quit IRC00:53
*** M4rtinK2 has quit IRC00:58
Sicelo009Ntaking long ... 2nd N900 acting up for some reason. rebooting it01:00
*** xes__ is now known as xes01:08
Sicelo009Ninstalled. rebooting again just to be sure. on to testing websites01:09
Sicelo009Njonwil: please remind me link for your bank.01:11
*** sid14726 has joined #maemo01:12
jonwiltry www.entrust.com01:12
jonwilthat one doesn't work01:12
jonwilits the main website for the CA that is used by a bunch of broken sites01:12
*** N-Mi has quit IRC01:13
Sicelo009Nmy bank's https site works .. entrust-based. trying entrust itself now01:13
jonwilis this on cssu-thumb or cssu-testing?01:14
*** N-Mi has joined #maemo01:14
*** l_bratch has quit IRC01:17
Sicelo009Nentrust opening very slowly .. let's see what happens01:17
*** l_bratch has joined #maemo01:17
Sicelo009Nseems fine too01:20
Sicelo009N(hate it when microb sits there not loading a website when there's even no load on system)01:22
*** svetlana has joined #maemo01:26
Sicelo009Njonwil: microsoft site fine too. so looks like you fixed the thing for us, and somehow left yourself in the dark. i got no idea how to help01:26
jonwilIts likely that something in CSSU may be a factor here01:27
jonwilOr something in one of my self-built packages01:27
jonwilI am going to see what happens if I use my "restore packages to stock" switcher and see what happens if I install just the new certificates01:27
Sicelo009Nyou're not on cssu?01:28
jonwilno, I am on a set of self-built packages built from CSSU Git01:31
jonwilI just dont want all of CSSU for various reasons01:31
*** krnlyng has quit IRC01:32
Sicelo009Nin my culture, a person must eat food he cooks, just in case it's poisonous :p01:32
jonwilI am running all the packages that I have actually written code for (except those that aren't yet complete)01:33
Sicelo009Nah, at least01:34
jonwilok, so running stock with just the new certman bits doesn't work either. Its entirely possible that there is something in CSSU that is impacting it or its possible something in your local system is making it work somehow01:35
jonwile.g. some certificate has been cached by microb at some point or otherwise added to microb01:35
jonwiland that is causing things to work for you01:35
Sicelo009Nping anytime you need further tests :)01:36
bencohjonwil: what about the certman-related entries in ?01:36
jonwilI have all those patches01:36
jonwilMy code lives in community ssu git after all :)01:37
Sicelo009Nrebooting thumb N900 for the certs update.01:37
*** Sicelo009N has quit IRC01:38
jonwilif GDB wasn't failing to properly debug microb-engine, I could see what is going wrong...01:38
*** Sicelo009N has joined #maemo01:40
*** pigeons_ is now known as pigeons01:42
Sicelo009Nhmm, on my thumb system, all certificates are messed up now. many missing01:43
Sicelo009Nonly invalid ones remaining01:43
Sicelo009Nwill reinstall the packages01:43
*** krnlyng has joined #maemo01:45
Sicelo009Noh gosh01:46
Sicelo009Njonwil: on your device, what do you see in the list of certificates? maybe you have invalids like i do here.01:48
jonwilEvery certificate I see in the certificate manager applet is legit01:50
jonwilThe ones marked "certificate not currently valid" is correct since those are the blacklisted ones01:50
*** Bratch has joined #maemo01:50
Sicelo009Nin my case i have only few certs, all invalid01:50
Sicelo009Nwhat could be cause?01:50
Sicelo009NLeaving `diversion of /usr/lib/microb-engine/ to /usr/lib/microb-engine/libnssckbi.mozilla by libmaemosec-certman0'01:50
Sicelo009Nanything amiss with that line?01:51
jonwilnope, thats lefit01:51
jonwilwhat do you have in /etc/certs?01:51
Sicelo009Nthe 3 categories01:52
Sicelo009Nin common-ca, lots of them01:52
*** l_bratch has quit IRC01:53
Sicelo009N460 according to wc-l01:53
jonwilwhat about /etc/secure?01:53
Sicelo009Ntwo directories, e and s.01:55
jonwiland in the s folder?01:55
Sicelo009Nnothing in e, and 3 files in s01:55
*** Bratch is now known as l_bratch01:57
Sicelo009Ncertman.common-ca does contain what seems to be a valid list01:57
jonwilok, weird that it isn't installing properly on your thumb device when it worked for someone else with cssu-thumb and it worked for you on your other device01:58
Sicelo009Nany idea how to recover? :/02:07
Sicelo009Ntrying to apt get reinstall those packages gives me "reinstallation is not possible, it cannot be downloaded"02:08
Sicelo009Nlet me look for debs02:08
Sicelo009Nsolved reinstallation, but my cert manager still only with invalid certs02:16
*** sid14726 has quit IRC02:18
*** krnlyng has quit IRC02:30
jonwilWhat version of maemosec-certman-applet do you have installed?02:31
Sicelo009Nnow install 0.2.302:36
Sicelo009Nmaybe must reboot after reinstalling?02:36
*** Sicelo009N has quit IRC02:36
jonwilyeah maybe02:37
*** Kabouik has joined #maemo02:37
Sicelodidn't help02:39
*** florian has quit IRC02:40
*** Kabouik_ has quit IRC02:40
*** Sicelo009N has joined #maemo02:40
Sicelo009Ni hope there's a way to fix this without reflash. not keen on doing that02:40
jonwilOk try this. dpkg -P on each of the maemosec-certman packages02:41
jonwilThen remove /etc/certs/* and /etc/secure/*02:41
jonwilthen reinstall02:41
jonwilThats the only thing I can suggest02:41
Sicelo009Nwhat does dpkg -P do?02:41
jonwilRemove the package and all its config files02:42
Sicelo009Nmp-fremantle... tied to it. cannot be removed :)02:42
Sicelo009Ni'll remove the /etc/ stuff as you suggest and do a reinstall. let's see02:43
jonwilyeah try that02:43
jonwilThats the only suggestion I have02:43
Sicelo009Nabsolutely no certs now02:45
jonwilok, try reinstalling libnss3 and libss3-certs02:45
jonwilthat might do something02:45
jonwilalso try reinstalling maemosec-certman-applet and libmaemosec-certman-applet002:45
Sicelo009Npeop.e must not delete /etc/certs/* or /etc/secure/* it seems02:48
jonwilhmmm, I have no idea how to fix then, sorrry02:48
Sicelo009Nwhen installing libmaemosec* now there's 'list' of certs that gets updated.02:48
Sicelo009Ni guess i'll copy it over from 2nd N90002:48
jonwilyeah try that02:49
jonwilsee what happens02:49
Sicelo009Njonwil: could it be that some of the postinst scripts in the debs has problem?02:50
jonwilThose haven'02:50
jonwilHaven't been touched from the Nokia originals02:50
Sicelobefore copying over from 2nd N900, trying to downgrade back to 0.2.3 in case that makes a difference02:52
jonwilyeah try that02:52
Siceloseems to be working .. pem files are coming in :)02:52
Sicelookay.. seems good. let's see what applet seed02:53
Sicelostill blank. hmm02:53
*** N-Mi has quit IRC02:54
*** N-Mi has joined #maemo02:55
Sicelojonwil: seems to me that some sort of "link" is missing/not being created?02:56
*** Sicelo009N has quit IRC02:56
jonwilno idea02:56
*** N-Mi has quit IRC02:57
*** N-Mi has joined #maemo02:57
Sicelocmcli -T common-ca -L gives no output.03:01
*** TTilus has quit IRC03:01
*** TTilus has joined #maemo03:02
jonwilWhats in /etc/secure/s?03:07
Sicelocertman.blacklist and certman.common-ca03:09
Sicelothis is really weird :-/03:09
jonwilwhats the md5sum of those files?03:10
*** Sicelo009N has joined #maemo03:11
Sicelo009N91794a35d379f34c89cf1599009d1f10  /etc/secure/s/certman.blacklist03:12
Sicelo009Nee7333ca72a2fe3d84406e0f9e37cb8b  /etc/secure/s/certman.common-ca03:12
jonwilok, those are what I have03:12
jonwilwhat do you have in /etc/certs03:12
jonwiltrusted, common-ca, blacklist, right?03:12
jonwiland in trusted you have?03:13
Sicelo009Nnothing. hmm03:14
jonwilyeah that's your problem03:15
jonwilyou should have and root.key there03:15
Sicelo009Ncomes from libmaemosec0, let me reinstall that03:15
Sicelo009Nbut this was there before..03:15
jonwilI am totally out of ideas to fix your system...03:16
DocScrutinizer05fwiw: 'default' CSSU system:
Sicelo009Nwtf! reinstalling doesn't restore & root.key03:18
jonwilcopy from your other N900...03:18
*** msava has quit IRC03:21
*** msava has joined #maemo03:24
DocScrutinizer05I can't find any and root.key in
Sicelo009Ngood now :)03:24
Sicelo009Ncertificates showing in applet03:25
Sicelo009Nand looking the same as other N900.03:25
DocScrutinizer05 also sucks03:26
jonwiland do microsoft etc work or fail?03:26
jonwilsince both should now be running the new set of root CA certs I believe03:27
Sicelo009Nfail :(03:27
*** krnlyng has joined #maemo03:28
Sicelo009Nrebooting, although this doesn't seem to really help ...03:29
*** Sicelo009N has quit IRC03:29
DocScrutinizer05jonwil: whats the problem with gdb?03:30
DocScrutinizer05missing source?03:32
jonwilI connect to browserd with gdb --pid then break on the function I want then trigger it and gdb prints "Program terminated with signal SIGTRAP, Trace/breakpoint trap."03:33
jonwilvery weird03:35
DocScrutinizer05>> I partially solved the issue by starting the application with GDB (instead of attaching the process)... Then its working fine.. No idea abt the root cause though..<<03:36
jonwilStarting with gdb wont work because of how browserd is started03:36
*** sid14726 has joined #maemo03:36
DocScrutinizer05ooh /sbin/dsme -p /usr/lib/dsme/libstartup.so03:38
*** Sicelo009N has joined #maemo03:38
DocScrutinizer05hmmmm, I think you could patch the dsmetool command that starts browserd03:39
jonwilyeah probably03:40
jonwilnot sure how though03:40
DocScrutinizer05or simply stop the browserd process via dsmetool and start it plain in gdb instead - after all dsme is only a glorified process monitor03:40
DocScrutinizer05friggin dsmetool has no option to list active processes03:41
DocScrutinizer05-k --stop=<cmd>                 Stop a process started with cmd03:42
jonwilthat doesn't seem to work03:43
DocScrutinizer05stopping doesn't work?03:44
jonwilit says "not found, not root or kill failed"03:44
DocScrutinizer05wrong <cmd>03:44
DocScrutinizer05IroN900:~# dsmetool -k blabla03:45
DocScrutinizer05Process not killed: not found, not root or kill failed03:45
jonwilI dont know what to pass03:45
jonwiltried browserd03:45
jonwiland /usr/sbin/browserd03:45
jonwilno go03:45
DocScrutinizer05try /usr/sbin/browserd -d03:45
jonwilnope, no error but nothing is killed either03:45
DocScrutinizer05killall browserd until dsme gives up? dunno if it reboots system then03:46
jonwilyeah system reboot03:47
DocScrutinizer05find the cmdline "dsmetool.*browserd" in /etc03:48
DocScrutinizer05and /lib etc03:48
DocScrutinizer05or even xsession03:48
DocScrutinizer05 /etc/X11/
DocScrutinizer05simply remove/rename/chmod >>if test -x /usr/sbin/dsmetool; then<< ;-)  --  then reboot03:52
DocScrutinizer05or edit that file03:52
DocScrutinizer05actually it starts browserd classical way when there's no dsmetool available03:53
*** LauRoman has quit IRC03:53
DocScrutinizer05if test -x /usr/sbin/dsmetool; then                                                                                                                                                           /usr/sbin/dsmetool -c 3 -T 180 -m -17 -t "/usr/sbin/browserd -d"                                                                                                                              else03:54
DocScrutinizer05                                                                                                                      /usr/sbin/browserd -d -b                                                                                                                                                    fi03:54
*** robbiethe1st has joined #maemo03:54
DocScrutinizer05anyway I can see how dsmetool might be doing things to browserd process that are not compatible with gdb03:55
DocScrutinizer05iirc there can only be one process monitor03:55
DocScrutinizer05dunno if dsme is a process monitor in that sense03:55
*** LauRoman|Phone has joined #maemo03:56
*** bruce_lee has quit IRC03:58
*** Oksana_ has joined #maemo04:06
*** LauRoman|Phone has quit IRC04:10
*** heroux_ has joined #maemo04:11
*** heroux has quit IRC04:15
*** Oksana has quit IRC04:15
*** stevenm has quit IRC04:15
*** heroux_ is now known as heroux04:15
jonwilNot even sure that is the right browserd instance, my system is running 3 of them04:21
jonwil-d, -s 1512 -n RTComMessagingServer and -s 1539 -n browserui04:21
*** stevenm has joined #maemo04:22
jonwilhildon-application-manager.launch also references browserd04:22
jonwilas does rtcom-messaging-ui04:23
jonwilif I can figure out what to do with a couple maemo-local patches for NSPR I might have another play at throwing in the most recent NSS/NSPR code (whatever is currently in mozilla-central mainline) and see if it builds or not04:26
jonwilbut right now I gotta go out, got an appointment with a hairdresser :)04:27
*** jonwil has quit IRC04:27
*** eMHa__ has joined #maemo04:29
*** eMHa_ has quit IRC04:33
*** Kabouik has quit IRC04:35
*** Oksana_ is now known as Oksana04:36
DocScrutinizer05jonwil: all those browserd instances are childs of one parent process. That's the essential 'trick' with browserd04:36
*** Ex-Opesa has joined #maemo04:38
*** Humpelstilzchen has joined #maemo04:38
*** Defiant has quit IRC04:41
*** krnlyng has quit IRC04:45
*** sid14726 has quit IRC04:47
MaxdamantusThey're basically "threads".05:05
*** sid14726 has joined #maemo05:15
*** RedM has quit IRC05:20
*** RedW has joined #maemo05:21
*** krnlyng has joined #maemo05:29
*** Venusaur has quit IRC05:40
*** Venusaur has joined #maemo05:58
*** lxp has joined #maemo06:02
*** lxp1 has quit IRC06:03
*** sparetire has quit IRC06:08
*** DocScrutinizer05 has quit IRC06:17
*** DocScrutinizer05 has joined #maemo06:17
*** robbiethe1st has quit IRC06:18
*** sid14726 has quit IRC06:27
*** Sicelo009N has quit IRC07:03
*** sid14726 has joined #maemo07:04
*** pagurus has quit IRC07:13
*** RedM has joined #maemo07:31
*** RedW has quit IRC07:31
*** sid14726 has quit IRC07:39
*** ashneo76 has quit IRC07:47
*** sid14726 has joined #maemo07:49
*** githogori has quit IRC07:59
*** githogori has joined #maemo08:01
*** disco_stu_droid has joined #maemo08:09
*** disco_stu has quit IRC08:09
*** disco_stu_droid is now known as disco_stu08:10
brolin_empeyKotCzarny: Other than more connectors, is there any disadvantage to using an mSATA card on an mSATA ↔ 2.5-inch SATA adapter board instead of using a 2.5-inch SATA SSD?08:18
*** shamus has quit IRC08:19
*** shamus has joined #maemo08:19
*** sid14726 has quit IRC08:21
brolin_empeyTheoretically, an mSATA SSD installed on an mSATA ↔ 2.5-inch SATA adapter board is functionally equal to a 2.5-inch SATA SSD.  However, I know from my personal experience that a CompactFlash (not CompactMagnetic) card installed on a CompactFlash card ↔ PATA adapter board is often not a drop-in replacement for a PATA HDD while a PATA SSD (not CompactFlash) is a drop-in replacement for a PATA HDD.08:26
*** sid14726 has joined #maemo08:30
KotCzarnybrolin_empey: if you see at the benchmarks of the same model of ssd, they are the same for ssd and msata (because connectors are just sata pins)08:59
KotCzarnyone thing to note, if you install in pata--(m)sata adapter there is always controller chip issue09:01
KotCzarnybut as i said, msata allows you to choose almost any drive model, and ssd with pata interface is almost always old and/or overpriced (2-3x)09:02
Sicelofreemangordon: please help jonwil with certificates :)09:02
Sicelomy daily N900 can no longer open https sites.09:02
Siceloi remember you did some certificate magic for nokia supl server. maybe you would know what's going on here. by the way, the maemosec packages he produced work just fine for a user with cssu-thumb, work fine on my cssu-testing n900, but not on my thumb device, nor on jonwil's device.09:04
*** sid14726 has quit IRC09:05
freemangordonSicelo: it was more than 2 years i played with that. However, what I remember is that certificate order is very important09:06
freemangordonalso, I don't understand what he does and why so many problems, iirc what one needs is essentially - use cmcli to import or remove the certificates, then copy the result in the source tree and rebuild09:08
KotCzarnywell, he learns on-the-go09:10
freemangordonok, here is what a certificate change commit looks like
freemangordonI see nothing specia09:12
freemangordonsee too09:13
Sicelohe updated certificates, and all is good. but microb won't "see" them09:13
freemangordondoes openssl see them?09:14
freemangordonopenssl s_client that is09:14
Sicelolet me check. what's the command-u for that?09:14
freemangordonsearch google fro openssl s_client connect09:14
*** sid14726 has joined #maemo09:15
freemangordonalso, make sure to give CApath to openssl09:15
Sicelowhat should that be?09:16
freemangordonthe certificates location09:17
Wizzup perhaps this is somehow useful?09:18
WizzupI am not sure if the took the certificates from there?09:18
Sicelohmm,testing says "unable to get issuer certificate" .. so i guess that means not working?09:22
KotCzarnysicelo, i get that message also on stock n90009:22
KotCzarnyand also on my laptop i think09:22
Sicelohmm, well 2nd N900 does not return such message.09:25
Sicelofreemangordon: so looks like openssl not happy with them either :/09:26
KotCzarnyit might be that my cert store on laptop is broken too09:26
KotCzarnyis your 2nd n900 stock?09:26
freemangordonSicelo: could you tell openssl to be verbose and pastebin the output?09:27
*** jonwil has joined #maemo09:27
freemangordonjonwil: hi!09:27
freemangordonjonwil: which gdb do you use for debugging microb?09:28
freemangordonjonwil: also, read the backscroll09:28
freemangordonSicelo: also tell openssl to dump the certificate chain09:29
Sicelogot to go see man page. no idea about those things haha09:29
jonwilgdb -v sayhs "09:30
jonwilgdb -v says ""09:30
freemangordontry 7.1 from extras-devel09:30
freemangordonI put it there on a reason :(09:30
freemangordonjonwil: also, see my comment on certman commit09:31
jonwilFYI, cmcli -T verifies the chain of trust properly09:33
freemangordonjonwil: and what about openssl?09:33
jonwilI mean cmcli -T common-ca -v
jonwiland yes openssl s_client does work09:33
jonwilso that means the certificates themselves are correct09:33
freemangordonhmm, "( 9,26,03) Sicelo: freemangordon: so looks like openssl not happy with them either :/"09:33
freemangordonthough he might be using incorrect cmd09:34
jonwilyeah probably09:34
freemangordonjonwil: do you use openssl from cssu?09:34
Sicelojonwil: what's the correct openssl cmd?09:35
jonwilIf I run openssl s_client -CApath /etc/certs/common-ca -connect it works for the sites that fail in microb09:35
Sicelothat's same command i ran. doesn't work for my 'bad' N900, but works on 2nd one09:36
jonwilwhat does it say when you run it on your failing N900?09:36
*** sid14726 has quit IRC09:36
Sicelounable to get local issuer certificate09:36
Sicelolet me try with cmcli09:37
jonwilyeah try cmcli -T common-ca -v
Sicelo35ce3296a4a08fe1aa8d09650a9b3acb2cc1da64 Verification failed: unable to get local issuer certificate09:37
jonwilso you are doing cmcli -T common-ca -v and its giving that error?09:38
jonwilOk can you grab the entire contents of /etc/certs and /etc/secure on your N900 and get them to me?09:39
jonwilI can see if they match my device (where that command I just typed works)09:39
jonwilOr I can help you undo all your changes and go back to what you had before you fiddled with maemo-security-certman earlier09:40
Sicelo  .. this is output of09:40
jonwilThen you have a 100% working N900 again09:40
Siceloopenssl s_client -connect -CApath /etc/certs/common-ca/ -showcerts > MyDocs/openssl.txt09:40
Siceloi can help a bit more :) will let you know when i can't take it anymore, haha. just this is my daily device where certs refused to work. Murphy's law09:41
jonwilOk so get me the contents of /etc/certs and /etc/secure and I will see how that differs from what it should be09:42
jonwilOnce we get cmcli working correctly then at least we know that that bit is working again09:42
jonwilWizzup: the certificates came from the Mozilla certdata.txt file (the mozilla root CA store) and were updated following instructions and other bits given to me by Juhani Mäkelä (original Nokia author of maemo-security-certman package)09:43
Sicelotar'red them up. where can i upload?09:44
jonwilYou could post in and attach to the post?09:45
*** sid14726 has joined #maemo09:45
jonwilThat would work09:45
Sicelojonwil: in case you, or i, disappear for some reason ... please document the 'recovery' method for whenever i may need it09:45
jonwilIts not something that can be easily documented since at various points in the process it would require you to do certain things then me to make decisions on what to do next based on certain information you give me :)09:46
Wizzupjonwil: ah, ok09:46
jonwildont worry I wont be leaving IRC for houors (even if I go afk for a bit to e.g. have food)09:47
Wizzupjonwil: I was just wondering because it seems many linux distros take the certs from that package (including gentoo)09:47
Wizzupbut they may just take it from mozilla as well09:47
jonwilYep they do09:49
jonwilLots of places get it from Mozilla because they trust the vetting process Mozilla uses09:50
Sicelojonwil: posted to tmo09:50
jonwilNot sure where Chrome gets its root certificates from09:50
*** eijk has joined #maemo09:51
*** bruce_lee has joined #maemo09:55
*** bruce_lee has joined #maemo09:55
jonwilok so do you want me to help you get your system back to a functional state or do you want me to help you get the certificates to the same "working with cmcli etc but failing with microb" state I am in?09:55
Wizzupjonwil: one question, are all, or only some certificates failing with microb09:56
jonwilonly some09:56
WizzupAnd might that be related to perhaps using stronger crypto/hashes that are not supported by nss at that time09:56
Wizzuplike some old browser having trouble with sha209:56
jonwilYes thats why I am looking into updating NSPR and NSS09:57
Wizzupthat is, perhaps it will only be fixed by upgrading nss09:57
WizzupJust wanted to point that possibility out :)09:57
jonwilJust need to deal with some microb-local patches to NSPR somehow09:57
WizzupI see09:57
jonwilSicello: Which option do you want?09:57
kerioWizzup: no way, microb supports sha-256 signatures09:58
Wizzupkerio: okay, well, I'm guessing something out there may be missing09:58
jonwilBack to fully working or up to "works with cmcli but not with microb"?09:58
jonwilUpdating NSS cant hurt anyway09:58
WizzupI guess my sha2 example was a bad one :)09:58
Wizzupjonwil: indeed!09:58
jonwiland we need to do it if we want TLS1.2 etc09:58
keriois there a more specific error message?09:58
keriojonwil: +109:58
Wizzupjonwil: +109:58
kerioand yes, we DEFINETELY want tls 1.209:59
kerio"This seems like a good moment to reiterate that everything less than TLS 1.2 with an AEAD cipher suite is cryptographically broken." -- agl09:59
jonwilIn terms of what we enable and disable there, we should trust Mozilla on that one09:59
Sicelojonwil: out of which options? :)10:00
jonwilwell we know Mozilla turns off SSL310:00
jonwiland doesn't support it anymore10:00
jonwilso we should do the same when we update NSS10:00
jonwilBut for example we should trust Mozilla when it comes to which versions of TLS to turn on and which to turn off10:00
kerioyeah just go with what firefox does10:01
jonwilI suspect trusting Firefox on issues related to SSL/TLS/HTTPS/CAs/etc is probably a fairly safe and sane thing to do10:01
kerioi mean, there's something to be said about disabling aes-256 ciphersuites10:01
jonwilEspecially if we are using all their codebase for this stuff :)10:02
keriobecause we're kinda lacking in... everything10:02
Sicelookay. hmm, can't make up my mind. part of me wants to go on with the testing, but this is my daily device, so maybe let's just get it back to working state10:02
jonwilOk so you are running what version of CSSU on this device?10:02
Sicelocssu thumb10:04
jonwillatest version of cssu-thumb?10:09
jonwilwhat version of mp-fremantle-community-pr does the system say you have?10:09
*** sid14726 has quit IRC10:13
jonwilLooks like Sicelo went AFK :P10:18
Siceloat work10:22
jonwiloh ok10:22
jonwilbut yeah what version of mp-fremantle-community-pr do you have?10:22
Sicelo*** 21.2011.38-1Tmaemo11+thumb010:23
jonwilOk so that's the most recent10:24
jonwilWhat you want to do is to open a root terminal10:24
*** tanty_off is now known as tanty10:24
jonwilYou want to do dpkg -r mp-fremantle-community-pr10:25
jonwilthen dpkg -P libmaemosec-certman010:25
jonwilthen dpkg -P libmaemosec010:25
jonwilthen dpkg -P maemosec-certman-common-ca10:25
jonwilthen dpkg -P maemosec-certman-tools10:25
jonwilThen tell me what, if anything, is left in /etc/certs or /etc/secure10:25
jonwilYou will be reinstalling all those packages including mp-fremantle-community-pr in a sec, don't worry10:26
Sicelodependency problems with that .. wants to remove almost everything, due to mp-fremantle*10:26
jonwilhmmm ok10:27
Sicelodpkg: error processing libmaemosec-certman0 (--purge): dependency problems - not removing10:27
*** geaaru has joined #maemo10:27
ceeneyou can always do find /etc/certs -exec dpkg -S {} \;10:27
ceeneand then compare it with the output of find /etc/certs10:27
jonwilOk so remove /etc/certs completly10:27
jonwiland also /etc/secure10:27
jonwilThen download the .deb files in this paste10:28
jonwiland install them with dpkg -i in the order listed10:28
jonwilit may complain about certain packages being a downgrade but it should install them anyway10:28
*** sid14726 has joined #maemo10:28
*** florian has joined #maemo10:30
Sicelook. doing it now10:32
*** hashcore has joined #maemo10:36
keriohold on why are those in community-thumb10:36
kerioinstead of community-devel10:36
bencohI think he wants to rollback to a working state10:38
bencoh(on a thumb device)10:38
*** LauRoman has joined #maemo10:38
jonwilThey are in community-thumb because there is no thumb specific version of those10:39
keriooooh i see10:39
jonwiland yes he wants to back to what he had before he started10:39
jonwilhence the need to go back to those packages10:39
ceenetalking about certs, i think yappari registration is failing due to non compatible ciphering between WA servers and n900 supported protocols10:39
Sicelowhy 0.2.2 though? why not 0.2.310:39
kerioceene: compile it with a static, more-recent openssl?10:40
jonwil0.2.2 is what cssu-thumb shipped10:41
jonwiland what mp-fremantle-community-pr for thumb points to10:41
jonwilwhy 0.3.2 isn't in cssu-thumb you will have to ask the maintainer of that10:41
jonwilI mean 0.2.310:42
ceenekerio: i'm on it... i've already created an openssl deb package for n900, backported from debian10:43
ceeneqt is smart enough to use latest installed openssl10:43
keriohm, that would mess up with things tho10:43
ceeneit won't10:43
ceenei've got both openssl packages installed on my n900 right now10:43
keriohave you removed the symlink between and
ceenewithout any problem in a couple months or so10:43
ceenethe thing is, most apps will search for the exact version of the library they were compiled against10:44
ceenebut QT searches for all* versions and dlopen()s it10:44
bencohkerio: qt dlopens10:44
keriothat sounds like a horrible way to do things10:45
bencohqt inside.10:45
ceenehorrible or not, it's just what we need :)10:47
ceenei've still got to do a couple things10:47
ceeneto disable ssl310:47
ceeneso i may have to patch qt itself10:47
*** TriztAway has joined #maemo10:48
jonwilSicelo: Does your system work again now?10:51
*** geaaru has quit IRC10:52
*** shamus has quit IRC10:52
*** Trizt has quit IRC10:52
*** shamus has joined #maemo10:53
kerioceene: how does qt know how to use all the versions of openssl, though?10:54
Sicelojonwil: mp-fremantle-community-pr depends on maemosec-certman-tools (>= 0.2.3); however: Version of maemosec-certman-tools on system is
ceenekerio: by finding /lib/libssl* and parsing the filename10:57
ceenei mean10:57
ceeneyou have to add support to the functions it will use10:57
ceeneif there's some api change, then it has to implement it10:57
Sicelocrazy stuff going on here, lol. you found that we should be having 0.2.2?10:57
*** geaaru has joined #maemo10:57
jonwilok, try
jonwilThat should work10:59
Sicelocan i just use apt-get install :) specifying version?10:59
jonwilno since you already have a more recent version10:59
jonwilI dont know if apt-get can downgrade a package10:59
jonwilif it can, feel free to try it10:59
Siceloit can11:00
*** hashcore has quit IRC11:00
*** sid14726 has quit IRC11:04
Sicelofew certs in /etc/certs/common-ca/11:05
Siceloless than 1011:05
Sicelonothing in /etc/certs/trusted11:05
ceenecan you find /etc/certs/common-ca/ -exec dpkg -S {} \; ?11:08
ceeneI'm curious as to what is kept ther11:08
jonwilThey only come from maemosec-certman-common-ca11:18
jonwilwhat do you see if you dpkg -L maemosec-certman-common-ca?11:19
jonwilAlso you may want to try manually downloading the deb files and installing them with dpkg, that will probably restore the missing files11:19
Siceloi did11:20
jonwilapt-get may not install the files when downgrading for some reason11:20
Sicelodpkg -L lists all of the certs, but they are definitely not there11:20
Sicelonow that's crazy11:20
jonwilVery weird11:20
jonwilI am out of ideas11:21
Siceloeven the install process doesn't show the rest being installed11:21
Sicelore-doing it make no difference11:21
Sicelolemme reboot11:22
*** sid14726 has joined #maemo11:24
*** Vajb has quit IRC11:27
*** hashcore has joined #maemo11:28
jonwilfreemangordon: ping11:29
Sicelodpkg -L is likely just spitting out contents of /var/lib/dpkg/info/maemosec-certman-common-ca.list even though the files themselves aren't there. let me extract the deb11:38
Siceloso i dpkg -x the package, and manually ran its postinst. cmcli is happy now.11:43
Sicelolet me check microb11:43
Siceloseems okay. loading entrust website successfully.11:47
Siceloyhansuthanks for the help :)11:48
Sicelobad typing :(11:48
Siceloi'll play with your 0.2.4 stuff in the evening :)11:48
*** Vajb has joined #maemo11:49
*** bruce__lee has joined #maemo11:52
*** bruce_lee has quit IRC11:53
jonwilok, great :)11:53
jonwilMight help if I download the armel version of gdb 7.3.1 and not the i386 version :)11:54
jonwilLets try that agaon11:54
Sicelothis is going to be 'fun' one to debug i guess, as there is no consistency of behaviour11:54
jonwilNot really, once I actually get GDB working I should be able to see whats up11:55
jonwilright now if I visit I get a SEC_ERROR_UNKNOWN_ISSUER error from microb11:56
jonwilso I intend to break on the function that spits out the error (PORT_SetError in nss) and from there work backwards11:57
jonwiland eventually I will be at some function I can single step or trace and see just what is going on11:57
jonwilhmmm. newer version of GDB doesn't help11:59
*** sid14726 has quit IRC12:13
Siceloinstalled 0.2.4 again .. now i'm at least in same situation as you. no worse12:15
Siceloopenssl and cmcli both happy12:16
keriojonwil: does work12:22
jonwilThat works for me12:23
*** sid14726 has joined #maemo12:24
*** LauRoman has quit IRC12:25
jonwilhmmm, I wonder if there is some sort of way to run microb-engine but not browserd12:26
jonwilLet me see what these other packages I get when building microb-engin edo12:27
*** LauRoman|Alt has joined #maemo12:28
jonwilmicrob-engine builds a bunch of packages that aren't installed in the phone12:28
*** bruce__lee has quit IRC12:29
*** bruce__lee has joined #maemo12:29
*** bruce__lee is now known as bruce_lee12:29
bencohhow would you run microb-engine without browserd?12:29
jonwilI dont mean using the browser UI12:30
jonwilbrowserd links to several libraries12:30
jonwilwhich contain the actual rendering engine and stuff12:30
*** LauRoman has joined #maemo12:30
jonwilThere are things built from the microb-engine source package that might provide a way to load that actual gecko code and pull web pages and stuff without going through browserd, browser-neteal or the normal browser UI12:31
MaxdamantusThere's microb-xulrunner already in the repository fwiw12:33
MaxdamantusIt's able to run things like an old version of Conkeror.12:33
Maxdamantusor maybe a newer one having manually added some promises library, iirc12:34
jonwilYeah thats what I mean, getting microb-xulrunner and things from my microb-engine tree12:35
*** capitanocrunch has joined #maemo12:35
MaxdamantusIt's reasonably usable tbh12:42
MaxdamantusThe issue I had with Conkeror on my desktop is that the UI is convenient enough to have hundreds of tabs open.12:42
Maxdamantuswhich was kind of okay while I only had 3 GiB of RAM, since once it got to 120 or so tabs I'd just close a bunch of them to avoid unnecessary swapping.12:43
Maxdamantusnow with 32 GiB of RAM it bottlenecks on the CPU at around 500 tabs, and cbf cleaning up 500 tabs.12:44
MaxdamantusDon't really want to have that issue on my phone.12:44
*** clopez has quit IRC12:50
*** capitanocrunch has left #maemo12:50
*** clopez has joined #maemo12:54
*** sid14726 has quit IRC12:57
KotCzarnyi usually have ~10-20 tabs at most12:58
KotCzarnyif i want to read the site but dont want the tab i just bookmark it into 'to read' folder12:59
*** eMHa__ has quit IRC13:00
jonwilok, the plot thickens...13:00
KotCzarnynobody expected spanish inquisition13:03
jonwilIf I access in microb, it gives an error. If I access the same domain via microb-refui (built alongside the microb-engine bits I am using) the URL loads just fine13:05
jonwilby "in microb", I mean in the standard Maemo web UI13:05
*** sid14726 has joined #maemo13:08
*** zGrr has joined #maemo13:08
*** ssvb has quit IRC13:09
*** eMHa__ has joined #maemo13:33
Sicelostill doesn't answer why microb in other devices doesn't mind the new certs :/13:38
*** sid14726 has quit IRC13:41
*** sid14726 has joined #maemo13:45
jonwilHOLY CRAP I found the problem13:56
jonwilmaking a forum post now13:57
*** heroux has quit IRC14:02
keriojonwil: i strongly doubt anyone actually uses personal certificates in microb14:02
kerioso you can probably just delete it14:02
bencohsome people add exceptions, I guess (?)14:04
keriohow did they end up being stale, though?14:04
jonwilNo idea14:06
keriohold on gimme the debs14:06
jonwilI suspect they are intermediate certificates chaining off a specific root that is not in the new root CA store14:06
keriomakes sense14:07
jonwilbut when the intermediates aren't in cert8.db, microb uses some newer intermediates chaining off a newer root that is in the new root CA store14:07
jonwilas for the debs of the new root CA stuff, has what you need14:07
kerioyeah but gimme some links i can wget14:08
jonwilI dont have the files uploaded anywhere you can wget14:09
jonwilunless you can wget forum attachements14:09
Siceloi do use personal cert in microb14:09
KotCzarnyi think you can14:09
jonwilAt least I have the cause now14:10
jonwilAlthough that doesn't mean I wont keep trying to update NSS, we do want TLS1.2 support after all :)14:11
Sicelojonwil: quick fix available?14:12
jonwilquick fix for what?14:12
jonwilthe cert8.db problem?14:12
jonwilno, I dont have a fix yet14:12
jonwilother than deleting the file and risking problems14:12
jonwilWe need to find a proper way to clean out the crap without deleting anything important14:13
keriohow do i verify that jonwil's package isn't backdoored14:14
jonwilYou cant really, but you have to trust the people who wrote CSSU for example didn't backdoor things14:15
jonwilor for that matter that original Nokia packages dont have backdoors14:16
jonwilNot that I would intentionally backdoor something14:16
jonwilI think backdoors are bad14:16
keriosuuuuuuure ;)14:16
bencohkerio: does his package contain machine code?14:16
bencohisn't it just certificates?14:16
kerioyes, it's "just" certificates14:16
bencoh"""just""" ;]14:16
keriowhat if now my n900 is trusting "jonwil's super legit root CA"14:17
Siceloi use personal certto access Outlook Web Access for work emails. can't use exchange activesync due to provisioning, and no imap/pop enabled14:17
keriooh god i have to update like 8 billion things14:17
bencohit isn't worse than, say, states CA :)14:17
kerioSicelo: you should most definetely not delete cert8.db14:17
KotCzarnywhy not?14:18
keriobecause it's likely that he has a client certificate stored there14:19
keriodo we have certutil?14:19
kerioyep, cert8.db has the certificates, key3.db has the keys14:20
jonwilThe set of root certificates in my updated maemo-security-certman is an unchanged set from mozilla certdata.txt as of
keriodid you do a conversion to it, or do the package scripts do that?14:21
jonwilOr rather its that set of certificates minus whichever ones cmcli decided not to import (would need to dig deep into openssl source code to find out exactly the criteria for rejecting a certificate for import)14:21
*** sid14726 has quit IRC14:21
jonwilThis commit contains a backport of a fix from Harmattan14:21
jonwilplus a new set of root CA certificates14:21
jonwilplus the tool and instructions for importing mozilla certdata.txt file14:22
Sicelokerio: i still have the original pfx files ;)14:23
jonwilYou can thank Juhani Mäkelä (original author of maemo-security-certman) for their help in getting all this working14:23
jonwilThey provided the parse-certdata-txt.c file and some very useful info on how to get things going (including the right cmcli commands to run and the right stuff to backport from Harmattan)14:24
jonwilI dont know enough about finnish names to tell if that is a man or a woman :P14:25 worksforme14:27
kerioor rather14:27
kerioi think it works for me14:27
keriothe page is very slow to load14:27
jonwilyou must not have whatever bogus certificates are in my cert8.db file then14:27
jonwildoes work for you?14:27
keriodo we have a package with the nss certutil in14:27
jonwilI haven't figured out how to build the nss command line tools although I would really like to do that14:28
*** erlehmann_ has joined #maemo14:29
jonwilanyhow, my phone is running out of juice after all this testing, better go plug it in to charge up :)14:30
*** krnlyng has quit IRC14:30
keriojonwil: libnss3-tools in debina?14:33
keriocertutil: function failed: SEC_ERROR_LEGACY_DATABASE: The certificate/key database is in an old, unsupported format.14:33
jonwilWe need to build the tools from the same nss source tree we have in microb-engine14:34
keriothis makes things a bit harder14:34
jonwilI am sure there is a way to modify the microb-engine build tree to build libnss3-tools or something similar14:34
jonwilDo that and we are golden14:34
*** erlehmann_ has quit IRC14:35
*** krnlyng has joined #maemo14:35
*** msava has quit IRC14:41
*** msava has joined #maemo14:43
*** ecloud has quit IRC14:43
*** ecloud has joined #maemo14:44
*** sid14726 has joined #maemo14:45
* Maxdamantus wonders why he wasn't able to copy his bootloader from one N900 to another by just reading/writing from/to /dev/mtd314:47
KotCzarnymaybe it was something else broken too14:50
MaxdamantusWhat sort of thing?14:51
KotCzarnyfs corruption? kernel corrupted? config partition corrupted?14:51
MaxdamantusEverything worked the first time once it was able to load by u-boot build.14:51
KotCzarnydont know what were you doing14:51
MaxdamantusCopying my existing setup to another N900 I acquired.14:52
KotCzarnyhmm, different revisions?14:52
MaxdamantusI just zeroed out the eMMC and emptied ubifs, repartition the eMMC and copied a backup of the main filesystem in.14:52
Maxdamantusand copied my boot directory and ubifs as it currently was on my existing one.14:53
MaxdamantusWho needs flasher?14:53
KotCzarnywhy do we care about ubifs anyway?14:54
KotCzarnyit eats cycles and memory14:54
KotCzarnyi remember using overlay fs long time ago on ancient 586 200mhz box, and it was noticably slower in disk operations14:54
MaxdamantusI'm still using kernel-power, which doesn't have built-in support for omap-hsmmc or ext4.14:54
MaxdamantusDon't really want to bother with an initramfs.14:55
Maxdamantusubifs is basically my initramfs.14:55
KotCzarnywho needs initramfs14:55
Hurriannah, don't dd from one device to another - it doesn't handle the bad blocks quite right14:55
MaxdamantusHm. That'd probably explain it.14:55
Hurrianyou should prolly use "flasher --local"14:56
* Maxdamantus also noticed a bunch of messages about ECC when doing `rm -rf *` in the ubifs.14:56
* Maxdamantus should probably have just recreated the filesystem, though he's not really familiar with ubifs/mtd.14:57
DocScrutinizer05((<ceene> but QT searches for all* versions and dlopen()s it)) now that explains some nasty effects. e.g. why Silego GreenPack3 software mostly works on my OpenSuse system but simply blows chunks on "Save as..."14:58
Hurriannow, off to go and find myself another N900.14:59
* Maxdamantus is meant to be getting a third one soon too.14:59
Maxdamantusthen I'll have five N9* devices.14:59
KotCzarnyi have 3.514:59
jonwilI have just the one although I wish I had a second one for if/when this one stops working15:00
Hurrianmine croaked aaaaaaageeees ago, but it was way, way more useful than pretty much any other mobile device I have now15:00
jonwilbut right now I dont have the funds for anything even vaguely related to tech stuff15:00
Hurrianif only I could find one on eBay that wasn't a refurb for $200...15:00
MaxdamantusI haven't confirmed that the $2 N97 works yet though .. I think the guy mailed the battery in a separate package.15:00
Maxdamantusand it seems like it's in fairly bad condition.15:01
Maxdamantuscame with a 16 GB microSD card though.15:01
* Maxdamantus sleeps.15:02
*** heroux has joined #maemo15:06
Sicelodidn't someone offer you N900 jonwil? :)15:20
jonwilbut I never followed it up15:20
*** sid14726 has quit IRC15:21
Siceloaround the time you had bad USB port15:23
jonwilyeah that15:24
jonwilMy phone works at the moment so I have no urgency to worry about replacing it or dealing with it15:24
KotCzarnyif one would setup usb-fixing shop, there would be a lot of good n900s15:25
kerioKotCzarny: why shouldn't we care about ubifs?15:26
keriothe mtd is the fastest storage unit in the n90015:26
KotCzarnykerio, use nand only for booting part and move everything else to emmc/sd15:27
keriowhich makes things waaaaaay slower15:27
KotCzarnydoes it?15:28
KotCzarnythe slowest part is swapping15:29
KotCzarnynot fs15:29
KotCzarnyalso, i run bpi/opi from sd card, and its fast enough (stride/stripe helps)15:31
* jonwil wishes it wasn't so hard to find people who actually understand the inner workings of the Gecko rendering engine... :(15:32
DocScrutinizer05kerio: indeed I always wondered how much sense it would make to have a - say - 200MB swap on mtd and move the whole rootfs (modulo a stub pivotroot aka "initrd" of sorts) to mmc15:34
kerioit would probably make a lot of sense for the purpose of convenience15:34
keriobut it *is* a performance hit15:34
KotCzarnykerio, did you measure it?15:35
DocScrutinizer05nah, fast swap (particularly on write) way better for system performance on a system starving on RAM than a faster rootfs15:35
kerionot personally but i don't remember who did15:35
keriosomeone did, tho15:35
KotCzarny10%? 50%?15:36
*** jonwil has quit IRC15:37
* DocScrutinizer05 suspects a nasty global-action TBIC button on jonwil's devices15:38
DocScrutinizer05how else comes he never says bye15:38
infobotHowdy Bub15:39
KotCzarny~internet time15:39
*** sid14726 has joined #maemo15:44
DocScrutinizer05for some of you geeks this is possibly a nice read:
infobotmethinks ugt is Universal Greeting Time. Created in #mipslinux, it is a rule that states that whenever somebody enters an IRC channel it is always morning, and it is always late when the person leaves. The local time of any other people in the channel, including the greeter, is irrelevant.
DocScrutinizer05and the links like
DocScrutinizer05this guy actually knows what he's talking about15:46
*** troulouliou_div2 has joined #maemo16:01
*** heroux has quit IRC16:09
*** sparetire has joined #maemo16:20
*** heroux has joined #maemo16:27
*** Vajb has quit IRC16:29
*** krnlyng has quit IRC16:31
*** sid14726 has quit IRC16:50
*** eijk has quit IRC16:51
*** krnlyng has joined #maemo16:52
*** Avasz has joined #maemo16:57
Avaszhi, I was happily browsing site in the afternoon ( and reviving my old n900. I haven't posted or done anything at all, just browsing the forum. And, now it says my ip is blocked. Can anyone help please?16:58
Avaszalso, would like to know the reason why it was blocked.16:58
KotCzarnyas for reviving:16:59
infobotwell, maemo-flashing is, or - on linux PC - download&extract, cd into it, do sudo ./flash-it-all.sh16:59
AvaszI mean, I need to unblock my ip, such that I can visit the forums. :)16:59
Avaszreviving = using it as server :D17:00
infobotunbanip is probably please contact techstaff <at> maemo <dot> org with your request, or see ~techstaff17:00
Avaszsure, thanks.17:01
Avaszit said to contact staff in #maemo too, don't know who is the staff here though.17:01
KotCzarnyand most likely your ip is in some spam db17:01
AvaszSorry, it seems that you are using an IP address or a proxy that is listed in the forum anti spam blacklist.17:02
AvaszFeel free to contact our staff on irc freenode #maemo channel.17:02
KotCzarnychange <at> into @ and <dot> into .17:02
Avaszsure, understood that.17:02
Avaszwas browsing around 30 mins earlier, and next time trying to check a post about python 2.75 and it gets blocked. :(17:03
KotCzarnyand if you are on dynamic ip try reconnecting modem17:03
*** heroux has quit IRC17:06
*** heroux has joined #maemo17:06
*** hashcore has quit IRC17:44
DocScrutinizer05Avasz: please ping chem|st, your IP is on some anti-sorum-spam blacklist17:46
DocScrutinizer05forum even17:46
DocScrutinizer05chem|st: staff (for all that matters to talk.maemo.org17:47
DocScrutinizer05it's a pretty weird concept to have forum block users from *reading* stuff, but it seems nobody is willing to implement a better approach to only block login17:48
*** yosafbridge has quit IRC17:49
*** fk_lx_ has quit IRC17:51
*** parazyd has quit IRC17:51
DocScrutinizer05Avasz: anyway not your fault17:51
*** NIN101 has quit IRC17:52
*** inz has quit IRC17:54
*** Gizmokid2005 has quit IRC17:54
*** alexey has quit IRC17:55
*** heroux has quit IRC17:55
*** parazyd has joined #maemo17:56
*** heroux has joined #maemo17:57
*** xkr47 has quit IRC17:57
chem|stDocScrutinizer05: it is not only login, we got ddos'ed, and registration spammed, you cannot prevent a crowd attack from asia as those are real people17:59
chem|stI did not set it and do not remember17:59
infobotmethinks unbanip is please contact techstaff <at> maemo <dot> org with your request, or see ~techstaff17:59
infobotit has been said that techstaff is techstaff(AT) - the folks that keep your maemo infra running. Devotion to Duty
*** NIN101 has joined #maemo18:00
chem|stand that is what the block page should read too18:01
chem|stxes: maybe you can setup a nicer notification to the blocking, incl mentioning that most bigger TOR nodes are blocked for obvious reasons18:02
*** capitanocrunch has joined #maemo18:03
*** Gizmokid2005 has joined #maemo18:03
chem|stcapitanocrunch: hi18:03
*** fk_lx has joined #maemo18:03
DocScrutinizer05on unrelated OT sidenote: deadbeef is an awesome music player18:03
capitanocrunchi noticed issue for navit packages in maemo repos when apt-upgrade18:04
capitanocrunchiled to fetch  Size mismatch18:04
capitanocrunchFailed to fetch  Size mismatch18:04
bencohsize mismatch?18:04
DocScrutinizer05that's what they saud18:05
bencohdo you need to update your catalogue?18:05
DocScrutinizer05apt upgrade is *strongly* deprecated18:05
*** yosafbridge has joined #maemo18:05
DocScrutinizer05PARTICULARLY from maemo-devel18:06
DocScrutinizer05almost sure bet to bork your system18:06
capitanocrunchim using apt-get update and then apt-get upgrade18:06
DocScrutinizer05see ^^^^18:06
capitanocrunchwhy deprecated?18:07
*** fk_lx has quit IRC18:08
*** fk_lx has joined #maemo18:08
*** alexey has joined #maemo18:08
*** inz has joined #maemo18:08
capitanocrunchso we have to use fapman?18:08
DocScrutinizer05top ten things to know about maemo: #1 maemo is almost a plain debian  #2 maemo is NOT a plain debain  #3 NEVER do apt-get upgarde or apt-get dist-upgrade when you got any but the basic repos enabled  #4 never do apt-get upgrade at all  #5... $yourcall18:09
infobothmm... fapman is Faster Application Manager, a frontend for apt which uses own repositories catalog, and shouldn't be used to do system upgrades (like CSSU), or actually for anything since ~speedyHAM. It also does "apt-get autoremove" after every operation, by default. In short, it's been identified as source of system corruption and thus deprecated, or see ~hamvsfam18:09
infobothmm... speedyham is 30 times faster than HAM
DocScrutinizer05infobot: speedyham is also SpeedyHAM is included in CSSU now18:10
infobotDocScrutinizer05: okay18:10
bencohnope, not in -stable18:11
DocScrutinizer05~literal speedyham18:11
infobot"speedyham" is "30 times faster than HAM  SpeedyHAM is included in CSSU now"18:11
*** xkr47 has joined #maemo18:11
DocScrutinizer05infobot: no, speedyham is <reply>SpeedyHAM is 30 times faster than HAM  SpeedyHAM is included in CSSU-testing now18:12
infobotokay, DocScrutinizer0518:12
*** florian has quit IRC18:15
*** arcean has joined #maemo18:16
capitanocrunchnever knew of speedyham18:17
*** Pali has joined #maemo18:18
capitanocrunchsince im on cssu-stable, should i dpkg install the deb and give it a try?18:19
DocScrutinizer05sure, go ahead18:19
freemangordonI guess you can't, it has dependency to a newer glib18:20
bencohiirc I had to rebuild18:20
bencohI might have it around18:20
freemangordonmaybe bencoh could hand you the .deb18:20
DocScrutinizer05but wait, you say testing has new glib, stable doesn't?18:20
DocScrutinizer05capitanocrunch: move to testing ;-)18:21
bencohnew revision18:21
DocScrutinizer05it's the new stable :-P18:21
freemangordonor pester merlin1991 to issue a new -stable18:21
DocScrutinizer05"testing is the new stable" being a common meme in all $FOSS18:21
freemangordonit is about time already18:22
*** geaaru has quit IRC18:22
bencohindeed :)18:22
*** heroux has quit IRC18:22
bencohhmm, I wonder where it comes from, I cant find it on my server or my sb18:22
*** heroux has joined #maemo18:23
bencohmaybe it didn't depend on newer glib in the end18:23
DocScrutinizer05well, I'd strongly hope new glib wouldn't breal $all-old-packages18:23
*** eijk has joined #maemo18:24
DocScrutinizer05break even18:24
bencohdpkg-deb -I shows "libglib2.0-0 >= 2.20.0"18:24
freemangordonDocScrutinizer05: it is in -testing for umm... 2 years?18:24
DocScrutinizer05wouldn't make much sense to give a new lib to cssu-testing that renders all closed stuff borked and needs recomile for all open stuff18:24
capitanocrunchbtw the top 10 things to know about maemo seem to be five not ten :0 and what $yourcall stands for?18:25
bencohcapitanocrunch: I suggest you give  the .deb link a try18:25
DocScrutinizer05it's a vebose elipsis18:25
bencohyou know how to use dpkg/apt-get in case of trouble anyway ;p18:25
*** Vajb has joined #maemo18:26
DocScrutinizer05just rename the ham binary and copy the new one into place18:26
DocScrutinizer05quick&dirty, easy to revert18:27
freemangordoniirc it is not that easy18:27
DocScrutinizer05well, maybe not THAT easy, HAM might be under maemo-launcher18:27
freemangordonthere are more binaries18:28
DocScrutinizer05plus a few other unexpected little fancies18:28
freemangordonlike apt-worker18:28
DocScrutinizer05the correct method would prolly be to temporarily add cssu-testing repo and then do an apt-get install18:29
bencohyou'd need to do some apt-pinning for that to work18:30
bencohotherwise, you're doomed18:30
DocScrutinizer05or move to cssu-testing right away. it's really stable enough, as long as you can live with stock camera and a few other getting replaced by FOSS versions without real need for such update18:30
DocScrutinizer05bencoh: hiuh? why? isn't that supposed to only install 'new' version of HAM?18:31
DocScrutinizer05NB I didn't suggest apt-get upgrade but apt-get install $HAM18:31
DocScrutinizer05of course it *might* pull in dependencies you don't want, but then... what are your options, other than moving to cssu-t anyway18:32
freemangordonI wouldn;t recommend that, it will pull newer glib and there are some packages which are known to be broken (fixed in -testing)18:32
DocScrutinizer05so MEH, upgrade to testing, by simply installing cssu-testing over the cssu-stable version on your device18:33
*** xkr47 has quit IRC18:34
DocScrutinizer05the instructions on ~cssu apply18:34
capitanocrunchok, im going for testing18:35
infoboti guess cssu is, or (Community Seamless Software Update)18:35
DocScrutinizer05one click and you're basically done ;-)18:35
infobotsomebody said hamvsfam was, or
*** zGrr has quit IRC18:38
*** ecc3g has quit IRC18:38
*** heroux has quit IRC18:38
*** ecc3g has joined #maemo18:39
*** capitanocrunch has quit IRC18:39
*** heroux has joined #maemo18:50
*** heroux has quit IRC19:01
*** arcean has quit IRC19:04
*** xkr47 has joined #maemo19:05
*** ashneo76 has joined #maemo19:10
*** futpib has joined #maemo19:11
*** troulouliou_div2 has quit IRC19:29
*** msava has quit IRC19:33
*** msava has joined #maemo19:36
*** heroux has joined #maemo19:37
*** sid14726 has joined #maemo19:39
*** N-Mi has quit IRC20:04
*** heroux has quit IRC20:05
*** vakkov has quit IRC20:06
*** sid14726 has quit IRC20:07
*** eMHa__ has quit IRC20:18
*** heroux has joined #maemo20:21
*** vakkov has joined #maemo20:22
*** heroux has quit IRC20:27
*** ecloud has quit IRC20:28
*** ecloud has joined #maemo20:29
*** heroux has joined #maemo20:31
*** eMHa__ has joined #maemo20:31
*** ecloud has quit IRC20:35
*** ecloud has joined #maemo20:36
*** xelo has joined #maemo20:40
*** ecloud has quit IRC20:44
*** ecloud has joined #maemo20:45
Maxdamantus02:44:25 < DocScrutinizer05> for some of you geeks this is possibly a nice read:
MaxdamantusYou should be able to easily pass around arbitrary strings from shells to programs without it interpreting them in special ways.21:08
Maxdamantusanyway, gtg21:08
* Maxdamantus has been thinking of writing a more sensible shell recently.21:08
*** KotCzarny has quit IRC21:09
*** heroux has quit IRC21:16
*** xelo has quit IRC21:16
*** vakkov has quit IRC21:21
*** HRH_H_Cr1b is now known as HRH_H_Crab21:21
*** heroux has joined #maemo21:29
*** vakkov has joined #maemo21:33
ecc3g<sarcasm>I want to name my files with carriage returns and beeps so they stand out in ls -l ... </sarcasm>21:35
*** florian has joined #maemo21:36
*** ArGGu^^ has quit IRC21:36
*** heroux has quit IRC21:39
*** vectis3 has quit IRC21:40
*** heroux has joined #maemo21:42
DocScrutinizer05ecc3g: not far from reality, with path names like >>file:///home/jr/Musik/King Crimson/King Crimson - 40th Anniversary Series/1974 - King Crimson - Red (2009, 40th Anniversary Series, CD+DVD-A, Discipline Global Mobile, UK, KCSP7)/DVD-A/KC_RED/KC_RED.iso<<21:48
DocScrutinizer05I got stuff with +;,{}()*?!$% in it21:48
DocScrutinizer05yes, *generally* you get away just with proper quoting21:50
DocScrutinizer05but proper quoting easily gets annoyingly complicated21:51
DocScrutinizer05particularly when you want to parse filenames, e.g. for a scripted renaming21:51
DocScrutinizer05at times even regex in sed turn into gibberish21:52
*** heroux has quit IRC21:53
*** ArGGu^^ has joined #maemo21:55
*** heroux has joined #maemo22:08
bencohNot and editorcommand22:13
bencoh(huhu, looks like I cant type)22:13
*** odin_ has quit IRC22:17
*** pagurus has joined #maemo22:17
*** pagurus has quit IRC22:23
*** heroux has quit IRC22:24
*** pagurus has joined #maemo22:24
*** M4rtinK2 has joined #maemo22:36
*** vectis3 has joined #maemo22:38
*** vectis has joined #maemo22:38
*** jonwil has joined #maemo22:39
*** vectis3 has quit IRC22:40
*** futpib has quit IRC22:48
*** heroux has joined #maemo22:51
*** sid14726 has joined #maemo22:57
*** heroux has quit IRC22:59
Sicelohi jonwil :)22:59
*** heroux has joined #maemo23:01
*** arcean has joined #maemo23:08
*** at1as has joined #maemo23:10
*** pagurus has quit IRC23:11
*** krnlyng has quit IRC23:14
*** krnlyng has joined #maemo23:15
*** SmilybOrg has joined #maemo23:15
*** KotCzarny has joined #maemo23:15
*** SmilyOrg has quit IRC23:18
*** SmilybOrg has quit IRC23:28
*** heroux has quit IRC23:35
*** M4rtinK2 has quit IRC23:40
*** sid14726 has quit IRC23:42
*** heroux has joined #maemo23:44
*** andril has joined #maemo23:48
*** bruce_lee has quit IRC23:49
*** SmilybOrg has joined #maemo23:52
*** heroux has quit IRC23:54
*** phlixi has quit IRC23:58

Generated by 2.15.1 by Marius Gedminas - find it at!