| *** LauRoman has quit IRC | 00:00 | |
| *** xelo has quit IRC | 00:15 | |
| *** Bono_NL has joined #maemo | 00:47 | |
| DocScrutinizer05 | (wget http://maemo.cloud-7.de/maemo5/patches_n_tools/maemo-my-private-workdir.tgz -O - 2>/dev/null| tar xvz)&&cd maemo-my-private-workdir&&sudo ./flash-it-all.sh | 01:18 |
|---|---|---|
| DocScrutinizer05 | ~flashing-cmdline is http://mg.pov.lt/maemo-irclog/%23maemo.2016-04-09.log.html#t2016-04-09T01:18:12 | 01:20 |
| infobot | ...but flashing-cmdline is already something else... | 01:20 |
| DocScrutinizer05 | ~forget flashing-cmdline | 01:21 |
| infobot | DocScrutinizer05: i forgot flashing-cmdline | 01:21 |
| DocScrutinizer05 | ~flashing-cmdline is http://mg.pov.lt/maemo-irclog/%23maemo.2016-04-09.log.html#t2016-04-09T01:18:12 | 01:21 |
| infobot | DocScrutinizer05: okay | 01:21 |
| *** azkay_ has joined #maemo | 01:44 | |
| *** azkay__ has quit IRC | 01:47 | |
| *** SpeedEvil has quit IRC | 01:53 | |
| *** florian has quit IRC | 01:53 | |
| *** SpeedEvil has joined #maemo | 01:54 | |
| *** Pali has quit IRC | 02:27 | |
| *** futpib has quit IRC | 02:29 | |
| *** SpeedEvil has quit IRC | 02:45 | |
| *** alien2003 has quit IRC | 02:52 | |
| *** SpeedEvil has joined #maemo | 02:54 | |
| *** xorly has quit IRC | 02:56 | |
| DocScrutinizer05 | OMG kermit, even more options to use wrong than minicom | 03:00 |
| DocScrutinizer05 | how could I hope that kermit was anything else than that old filetransfer from bulletin box times | 03:01 |
| *** SpeedEvil has quit IRC | 03:14 | |
| *** SpeedEvil has joined #maemo | 03:15 | |
| DocScrutinizer05 | freemangordon: http://maemo.cloud-7.de/share-service/20160409_001.jpg http://maemo.cloud-7.de/share-service/20160409_002.jpg | 03:26 |
| *** RedM has quit IRC | 03:30 | |
| *** RedW has joined #maemo | 03:30 | |
| DocScrutinizer05 | http://talk.maemo.org/showthread.php?p=1503047#post1503047 | 03:31 |
| *** vakkov has joined #maemo | 03:39 | |
| DocScrutinizer05 | http://paste.opensuse.org/96915526 | 03:49 |
| DocScrutinizer05 | freemangordon: not sure how to make kernel log to console, possibly via a flasher flag? | 03:50 |
| *** bruce_lee has quit IRC | 03:53 | |
| *** azkay__ has joined #maemo | 04:05 | |
| *** azkay_ has quit IRC | 04:08 | |
| *** andril has quit IRC | 04:20 | |
| *** azkay__ has quit IRC | 04:21 | |
| Maxdamantus | The kernel always logs to the console. | 04:21 |
| *** M4rtinK has quit IRC | 04:24 | |
| *** eMHa has joined #maemo | 04:37 | |
| DocScrutinizer05 | freemangordon: very interesting: http://paste.opensuse.org/40855152 -- even more interesting: http://paste.opensuse.org/93460606 . A ./flasher-3.5 --set-rd-flags=serial-console did the trick :-) | 04:40 |
| *** eMHa__ has quit IRC | 04:40 | |
| *** robotanarchy has joined #maemo | 04:41 | |
| *** robotanarchy_ has quit IRC | 04:44 | |
| *** Hurrian has joined #maemo | 04:50 | |
| *** Kabouik_ has joined #maemo | 04:52 | |
| DocScrutinizer05 | freemangordon: http://wiki.maemo.org/User:Joerg_rw/console-bootlog | 04:54 |
| *** Kabouik has quit IRC | 04:55 | |
| DocScrutinizer05 | or http://neo900.org/stuff/joerg/N900/N900-log-full.txt | 04:58 |
| *** azkay__ has joined #maemo | 05:03 | |
| *** LauRoman has joined #maemo | 05:15 | |
| *** azkay__ has quit IRC | 05:17 | |
| *** Kabouik has joined #maemo | 05:21 | |
| *** RedM has joined #maemo | 05:22 | |
| *** RedW has quit IRC | 05:22 | |
| *** Kabouik_ has quit IRC | 05:24 | |
| *** lxp has joined #maemo | 06:01 | |
| *** lxp1 has quit IRC | 06:03 | |
| *** pagurus` has joined #maemo | 06:25 | |
| *** DocScrutinizer05 has quit IRC | 06:26 | |
| *** DocScrutinizer05 has joined #maemo | 06:26 | |
| *** pagurus has quit IRC | 06:27 | |
| *** Kabouik_ has joined #maemo | 06:28 | |
| *** Kabouik has quit IRC | 06:31 | |
| *** liujian0012hn has joined #maemo | 06:56 | |
| *** liujian0012hn has quit IRC | 07:08 | |
| *** liujian0012hn has joined #maemo | 07:09 | |
| *** vahe1 has joined #maemo | 07:21 | |
| *** lobito has quit IRC | 07:27 | |
| *** lobito has joined #maemo | 07:27 | |
| *** vakkov has quit IRC | 07:32 | |
| *** RedM has quit IRC | 07:34 | |
| *** RedW has joined #maemo | 07:34 | |
| *** azkay has joined #maemo | 07:39 | |
| *** liujian0012hn has quit IRC | 07:45 | |
| azkay | Can someone explain why every site uses OAuth instead of just the usual username/password? I mean, I understand why it works and all, but it adds sooooo many steps to anything that actually wants to use the site | 08:11 |
| azkay | eg; To login to a site its one http request, and you're in. To get the OAuth bearer token its 5 http requests | 08:12 |
| DocScrutinizer05 | never looked into it | 08:13 |
| azkay | I recommend you don't :P | 08:13 |
| DocScrutinizer05 | seems like currently there's a general trend to complicate internet in hope of spoiling NSA's day a 5 minutes | 08:14 |
| DocScrutinizer05 | futile efforts | 08:14 |
| DocScrutinizer05 | particularly HTTPS encryption on every cheesy public website doesn't make much sense to me | 08:16 |
| DocScrutinizer05 | I mean, everybody sees you connect to that IP. Does anybody really think some TLAs feel pissed when they need to decrypt SSL to know which particular page on that site you read? (if they even need to do that and can't simply tell from size and sequence of the packets which page you requested and downloaded) | 08:18 |
| azkay | The best are the sites that don't even have a login | 08:20 |
| azkay | Then they get all happy and post news on the site "We've updated to HTTPS guys!" | 08:20 |
| DocScrutinizer05 | but sure, we suffered heartbleed and fixed the vuln in SSL for a reason, we don't want to let this brilliant piece of software bitrot now. Harrr, use it wherever you can!! | 08:20 |
| DocScrutinizer05 | azkay: exactly what I'm speaking about | 08:20 |
| azkay | It's the same sort of thinking that goes behind software/games today | 08:22 |
| azkay | "No need to have small files, or optimise the game. We have hardware!" | 08:23 |
| azkay | Instead of having something small and quick, they rather have something bloated and terrible, just because todays hardware is good enough to bruteforce through the code | 08:23 |
| Maxdamantus | I suspect it's because they don't see the economic benefit to making it small and quick. | 08:25 |
| DocScrutinizer05 | look, I just edited a wiki page on wmo, now even when I did all this via HTTPS, I still downloaded a certain number of chars of content, then uploaded a different particular number of chars. Does anybody really believe it would be any difficult to find the page I edited, when you got a complete mirror of the site before and after my edit? | 08:28 |
| Maxdamantus | You wouldn't need the sizes. The history has dates in it. | 08:29 |
| DocScrutinizer05 | you don't even need a complete mirror from after edit, the usage pattern alone would tell a sniffer of my traffic which wikipage I edited | 08:31 |
| Maxdamantus | I think HTTPS is probably better at preventing MitM attacks than preventing authorities from reading your data afterwards. | 08:32 |
| DocScrutinizer05 | let's_encrypt... the higher rationale completely eludes me | 08:32 |
| Maxdamantus | but I don't think even the latter thing is particularly easy. | 08:34 |
| Maxdamantus | as for heartbleed, lots of software at a similar level has similarly destructive bugs. | 08:35 |
| Maxdamantus | the OpenSSL-related attacks would be things like the Dual EC DRBG thing. | 08:35 |
| Maxdamantus | and even with that, people had been publishing that it was potentially insecure before it was standardised. | 08:36 |
| Maxdamantus | the reason it was popularised was probably political, not technical. | 08:37 |
| Maxdamantus | the NSA paid some guys that implemented SSL some money to make it their default DRBG .. how did it get standardised in the first place, even when people were pointing out that it was flawed? | 08:38 |
| DocScrutinizer05 | the first two bullets alone make me wonder what's the purpose of such paradox thing >> * Free: Anyone who owns a domain name can use Let’s Encrypt to obtain a trusted certificate at zero cost. * Automatic: Software running on a web server can interact with Let’s Encrypt to painlessly obtain a certificate, securely configure it for use, and automatically take care of renewal.<< I don't think a certificate that can get by anybody free | 08:38 |
| DocScrutinizer05 | of cost and without any decent checks other than "yes that's actually my site, I can place a ascii file there" makes for a particularly *trustworthy* cert | 08:38 |
| DocScrutinizer05 | https://letsencrypt.org/about/ | 08:38 |
| Maxdamantus | I haven't looked too much into letsencrypt, but it just seems like a thing to give slight (time-dependent) assurance over who you're talking to. | 08:40 |
| ds3 | SSL is a crock design to give people a false sense of security | 08:40 |
| Maxdamantus | but it doesn't deride the security provided by people using something else. | 08:40 |
| Maxdamantus | Google isn't going to start using something like letsencrypt. | 08:40 |
| DocScrutinizer05 | ds3: absolutely | 08:40 |
| Maxdamantus | You can say that about anything. Many things, including SSL, ssh, etc provide legitimate security. | 08:41 |
| Maxdamantus | Neiher of those things magically fix security issues. | 08:41 |
| Maxdamantus | You need to consider what they do to understand what security they provide. | 08:42 |
| Maxdamantus | You can potentially use SSL like you do ssh (where you normally store a fingerprint you're meant to have read and manually verified at some point). | 08:43 |
| Maxdamantus | If you don't do that, you're delegating that check to root certificates and naming authorities. | 08:44 |
| Maxdamantus | In the absense of software bugs (which are not specific to SSL), you can still be fairly sure that the guy you're talking to is the one with the private key for the public one you found at the beginning of your session. | 08:45 |
| Maxdamantus | unless that guy has accidentally released his private key. | 08:46 |
| Maxdamantus | Why lock your door when someone can just your window? | 08:49 |
| Maxdamantus | s/just/just break/ | 08:49 |
| infobot | Maxdamantus meant: Why lock your door when someone can just break your window? | 08:49 |
| DocScrutinizer05 | https://botbot.me/freenode/devuan/2016-04-03/?msg=63441021&page=2 | 09:09 |
| DocScrutinizer05 | https://botbot.me/freenode/devuan/2016-04-03/?msg=63441323&page=3 | 09:13 |
| *** azkay has quit IRC | 09:26 | |
| *** vahe1 has quit IRC | 09:43 | |
| *** keithzg_ has quit IRC | 09:54 | |
| kerio | DocScrutinizer05: if you want some harder security, you can do certificate pinning in various forms for https at this point | 10:04 |
| kerio | well ok, two forms | 10:04 |
| kerio | pin on your own end-entity key, or pin on the CAs that you trust | 10:04 |
| kerio | Maxdamantus: more like "why lock your door when SWAT can still get in" | 10:05 |
| kerio | that's not the threat https protects you from | 10:08 |
| kerio | i mean, don't get me wrong, with proper pinning and very conservative settings it can actually help | 10:09 |
| kerio | but confidentiality is not necessarily the main thing | 10:09 |
| kerio | integrity is also a huge deal | 10:09 |
| *** keithzg_ has joined #maemo | 10:11 | |
| ceene | guys | 10:13 |
| ceene | maybe some of you can help, at least philosophically :) | 10:13 |
| ceene | on one hand i've got yappari, which implements whatsapp protocol in an module that i want to replace with coderus' library | 10:14 |
| ceene | the api of my module and his library don't match | 10:15 |
| ceene | so it's not simply a matter of changing one thing with the other | 10:15 |
| ceene | so the question is... how should I proceed? | 10:15 |
| ceene | ditch my module once and for all and start porting my code to use the new api all at once | 10:16 |
| ceene | or should i try to make my module's api match that of coderus, little by little, while updating the rest of thecode to the this new api? | 10:16 |
| Maxdamantus | or make a module that provides your API but just interacts with coderus. | 10:18 |
| Maxdamantus | a "façade" or something. | 10:19 |
| ceene | uhm, didn't thought about that | 10:19 |
| ceene | which would you go for? | 10:21 |
| Maxdamantus | Depends. | 10:27 |
| Maxdamantus | All of them seem sensible in different circumstances. | 10:27 |
| Maxdamantus | unless it's particularly large an API, I'd probably either go for the first one (ditch it) or the last one (emulate it). | 10:28 |
| Maxdamantus | afk | 10:28 |
| robotanarchy | DocScrutinizer05: using HTTPS on all websites is important. who said that is has to be openssl? there are plenty of alternatives (libressl, mbedtls, ...) | 10:44 |
| robotanarchy | even better, on the state of the onion talk at CCC it was suggested that the next step would be for every site to be a tor hidden service | 10:44 |
| DocScrutinizer05 | yeah sure¡ that scales excellent ;-P | 10:45 |
| robotanarchy | looks like it does | 10:45 |
| robotanarchy | if the tor developers suggest it? | 10:45 |
| DocScrutinizer05 | prolly been suggested by server manufacturers | 10:45 |
| robotanarchy | the developers of tor actually suggested it. | 10:46 |
| DocScrutinizer05 | I don't care who suggests to put double the number of ricecorns on each next square of the checkerboard | 10:47 |
| robotanarchy | what do you mean? the additional code running on the server (tor) or the additional network bandwith? | 10:48 |
| kerio | fwiw, *google* said that when they forcibly enabled TLS for gmail they barely felt the increased load | 10:50 |
| kerio | and they have a fuckton of connections | 10:50 |
| *** futpib has joined #maemo | 10:51 | |
| * Maxdamantus thought SSL was making the `curl` command really slow for a while. | 10:51 | |
| Maxdamantus | turned out it was actually the fact that it spent so much time mmapping certificate files. | 10:51 |
| Maxdamantus | Even with -k | 10:52 |
| kerio | Maxdamantus: which curl? | 10:54 |
| kerio | on the n900? | 10:54 |
| kerio | our openssl is shit | 10:54 |
| Maxdamantus | No. Just whatever's in Debian. | 10:54 |
| Maxdamantus | it wasn't on the N900. On some Xeon machine. | 10:55 |
| Maxdamantus | always spends something like 100 ms mmapping certificates. | 10:55 |
| Maxdamantus | Will probably just start automating things using wget if it involves SSL. | 10:56 |
| *** florian has joined #maemo | 11:05 | |
| * DocScrutinizer05 wants to hear one sound argument _why_ >>using HTTPS on all websites is important<< | 11:30 | |
| Maxdamantus | Because it effectively prevents attacks across LANs. | 11:30 |
| Maxdamantus | that's one. | 11:31 |
| Maxdamantus | ever used a LAN? | 11:31 |
| Maxdamantus | all your packets are belong to me. | 11:31 |
| freemangordon | DocScrutinizer05: great! (serial console) | 11:34 |
| DocScrutinizer05 | :-) | 11:35 |
| freemangordon | what was the problem with garbage chars? | 11:35 |
| *** Pali has joined #maemo | 11:36 | |
| DocScrutinizer05 | minicom | 11:36 |
| freemangordon | ah :) | 11:36 |
| DocScrutinizer05 | "amazingly" it works with a 1V8 adapter though the N900 indeed has 2.8V LV-RS232 | 11:37 |
| *** xorly has joined #maemo | 11:38 | |
| DocScrutinizer05 | well, the adapter doesn't mind, at least. didn't check inbound towards N900 | 11:38 |
| kerio | DocScrutinizer05: to prevent dragnet surveillance and to prevent content injection | 11:38 |
| kerio | and possibly even more importantly, to prevent encryption from becoming a signal of important data | 11:38 |
| DocScrutinizer05 | kerio: how would HTTPS protect me against dragnet? | 11:39 |
| DocScrutinizer05 | I mean, the sender and destination IPs are inevitably "plaintext" | 11:39 |
| kerio | because grepping for "GET" or "Host" is incredibly super ultra duper easier than trying to match sizes with content and relying on SNI | 11:39 |
| DocScrutinizer05 | and how ould I care if somebody knows the content I fetch from a public website? | 11:40 |
| DocScrutinizer05 | everybody can fetch same content themselves | 11:41 |
| Maxdamantus | You're free to publish your browser history if you want. | 11:41 |
| Maxdamantus | I'd rather not personally. | 11:41 |
| *** arcean has joined #maemo | 11:42 | |
| DocScrutinizer05 | I don't need to try and >> match sizes with content and relying on SNI<< I know when you're on porntube simply by your TCP traffic | 11:43 |
| kerio | yeah because nobody has been blackmailed because of his preference for trannies before | 11:44 |
| DocScrutinizer05 | do you really think I care which video you prefer to watch? | 11:44 |
| kerio | do you really think i give a shit about what YOU care about? | 11:44 |
| DocScrutinizer05 | btw you'll give that away as soon as you visit a similar site | 11:45 |
| kerio | if i were living in a theocracy where homosexuality is punishable by death i would care A WHOLE INSANE AMOUNT about the fact that you don't know which videos i prefer to watch | 11:45 |
| ceene | why won't you use something like whatsapp then, DocScrutinizer05? | 11:45 |
| DocScrutinizer05 | ok, kerio, you made it on my ignore list again | 11:45 |
| Maxdamantus | Be careful ceene, doc is extremely sensitive about his opinions. | 11:46 |
| kerio | wew, DocScrutinizer05 doesn't know how to answer and decides to ignore again | 11:46 |
| DocScrutinizer05 | ds3: you're so damn right | 11:47 |
| DocScrutinizer05 | people think they better use HTTPS when they visit a site that has dangerous and normal content next to each other ;-P | 11:49 |
| DocScrutinizer05 | and that should protect them from any evil | 11:49 |
| Maxdamantus | I don't think most people actually think that. | 11:49 |
| * DocScrutinizer05 wonders how many such sites actually exist at all | 11:49 | |
| kerio | https at this point is the very bare minimum | 11:50 |
| kerio | but ok | 11:50 |
| kerio | keep building strawmen and taking them down | 11:50 |
| kerio | this is literally the same as anti-vaxxers | 11:50 |
| Maxdamantus | Most people won't know what HTTPS is and are probably already pessimistic about computer security. | 11:50 |
| DocScrutinizer05 | and my question why that justifies "HTTPS in *everything*" is still unanswered | 11:51 |
| Maxdamantus | Why not? | 11:51 |
| kerio | thank fuck the browser makers are smarter than this | 11:51 |
| ceene | yeah, even if https is not the best thing, it's still better sending letters inside closed envelopes rather than postcards | 11:52 |
| DocScrutinizer05 | ahhyes, and I get my newspaper in a closed envelope too | 11:52 |
| Maxdamantus | It's not like it's any extra effort on the users' parts. | 11:53 |
| kerio | ceene: except that instead of "closed envelope" it's more like "titanium safe with biometric locks and stamps" | 11:53 |
| DocScrutinizer05 | and I don't even know who's the one who closed the envelope | 11:53 |
| ceene | i concur with Maxdamantus, most of the time the answer to "why?" is "why not?" | 11:54 |
| kerio | yes you do, authentication and integrity is part of the protocol | 11:54 |
| DocScrutinizer05 | because people think it's a security that it actually isn't | 11:54 |
| Maxdamantus | Like locking your doors? | 11:54 |
| Maxdamantus | Do you not lock them? | 11:55 |
| Maxdamantus | or if you do? Why? People can probably get in anyway. | 11:55 |
| DocScrutinizer05 | letsencrypt rendered HTTPS even more useless than it been before | 11:55 |
| kerio | holy shit that's a new low | 11:55 |
| DocScrutinizer05 | since now you must asume a cert has no meaning at all anymore | 11:56 |
| Maxdamantus | No. Only letsencrypt certs, which are easily identifiable. | 11:56 |
| kerio | Maxdamantus: LE does the same domain verification that's in the baseline requirements | 11:57 |
| kerio | that literally every CA does | 11:57 |
| DocScrutinizer05 | https://botbot.me/freenode/devuan/2016-04-03/?msg=63441587&page=3 | 11:57 |
| Maxdamantus | kerio: well, there's another group to trust. | 11:58 |
| kerio | yeah, let's base our authentication on pinnings that rely on 1024 bit rsa | 11:58 |
| DocScrutinizer05 | you know your data is encryped but you stuill don't know who's the server | 11:58 |
| ceene | that's still better than nothing, isn't it? | 11:59 |
| kerio | Maxdamantus: they're FAR from being the most untrustworthy group in the CA business | 11:59 |
| ceene | at least only one data robber at a time | 11:59 |
| Maxdamantus | ceene: arguably, no. But what he said isn't really true. | 11:59 |
| kerio | it's ok, he can keep building more and more strawmen | 11:59 |
| DocScrutinizer05 | let's face it: when a rougue software injects a /etc/hosts to point my online banking to another IP, no friggin SSL will warn or help me, unless I do cert pinning | 12:00 |
| ceene | i know, but just for the sake of the argument, i'd rather only one non authorized person has access to my data | 12:00 |
| Maxdamantus | So how does it verify things? By doing DNS lookups and requests from lots of places or something? | 12:00 |
| kerio | rogue software can alter your pins | 12:00 |
| Maxdamantus | (letsencrypt, that is) | 12:01 |
| kerio | nice try | 12:01 |
| kerio | Maxdamantus: they rely on their own recursive resolver for dns verification, and i think that at this point they only check from one of a handful of servers for http/sni verification | 12:01 |
| DocScrutinizer05 | >>one robber at a time<< ? You a) lost me and b) that doesn't sound like any known approach to security | 12:02 |
| ceene | you may be talking to a server you're not sure is the one you intended | 12:03 |
| ceene | but at least the data is encrypted | 12:03 |
| DocScrutinizer05 | wow | 12:03 |
| ceene | :P | 12:03 |
| ceene | so you're only given your data to one bad guy at a time | 12:03 |
| DocScrutinizer05 | exactly my point, no use at all, and many people fall for a flase sense of security from it | 12:03 |
| ceene | not that it's very good, but is still better than announcing it all in the paper | 12:03 |
| kerio | ceene: please stop enabling his echo chamber | 12:03 |
| ceene | nah, i should get going with this whatsapp thing, but even the registrartion api is so much different | 12:04 |
| DocScrutinizer05 | brainless hype | 12:04 |
| ceene | i hate it all | 12:05 |
| DocScrutinizer05 | so far I had maybe 3 or 4 sites where I knew I need to have an eye on the certs. Now they start to shit my roof with certs and managing them in a reasonable way becomes absolutely impossible | 12:07 |
| kerio | if only there was a way to automate that | 12:07 |
| DocScrutinizer05 | >>Privacy and anonymity depend in the same way on common sense and experience as other elements of life. If you want to protect yourself you need to educate yourself. << https://www.ipredator.se/page/about | 12:09 |
| DocScrutinizer05 | try to convey this message to a HTTPS fanboy who got no clue but "hey, every site I visit is encrypted now!" | 12:11 |
| DocScrutinizer05 | before letsencrypt you hardly found a site URL like www.DeutscheBank.bla.service.894374179651785610786.roguehacker.com with a valid cert | 12:14 |
| kerio | oh god he's even believing the shit that namecheap posted | 12:14 |
| freemangordon | ceene: what was that FOSS library for whatsapp ecryption? | 12:15 |
| DocScrutinizer05 | since no decent certification instance would have accepted the obviously fake part DeutscheBank, and a wildcard cert is expensive and not THAT easy to get | 12:15 |
| freemangordon | ceene: isn't it implement the protocol as well? | 12:15 |
| freemangordon | *implementing | 12:16 |
| kerio | a wildcard cert costs 45$, you get one by answering a single email, and it doesn't work with multiple . parts anyway | 12:16 |
| DocScrutinizer05 | btw cert instances usually don't accept bitcoins | 12:17 |
| DocScrutinizer05 | so yeah, automated SSL certs for everybody sure are a huuuuge step ahead for global internet security | 12:19 |
| kerio | they are, yes | 12:20 |
| freemangordon | DocScrutinizer05: re n900 serial console - could you reconsider your stance about europa and remote access to the device? | 12:21 |
| DocScrutinizer05 | as a side effect decent certs will become more expensive | 12:21 |
| freemangordon | or you still think it is better to send it to me? | 12:21 |
| DocScrutinizer05 | sure | 12:21 |
| *** hashcore has joined #maemo | 12:22 | |
| DocScrutinizer05 | I can install Europa again and connect it there | 12:22 |
| DocScrutinizer05 | np | 12:22 |
| freemangordon | great, that way Pali could have be given access as well | 12:22 |
| DocScrutinizer05 | you'll have access a 2 to 5 days earlier this way, even | 12:22 |
| * freemangordon needs moar coffee | 12:22 | |
| DocScrutinizer05 | yep, also np | 12:22 |
| freemangordon | yes | 12:23 |
| freemangordon | DocScrutinizer05: but we shall discuss it before doing so, as there might be some problems we didn;t think of | 12:23 |
| DocScrutinizer05 | and I'll install a LE on Europa.... wait, I don't run a webserver on it at all | 12:24 |
| freemangordon | like - how to flash it remotely without pesering you every time | 12:24 |
| freemangordon | how to choose which kernel to boot | 12:24 |
| freemangordon | hmm... | 12:24 |
| DocScrutinizer05 | umm, I guess I can manage that | 12:24 |
| drathir | whatsapp have own encryption implementation if good heared... | 12:24 |
| DocScrutinizer05 | drathir: yep | 12:24 |
| DocScrutinizer05 | freemangordon: using my proven relaycard for battery should do, no? | 12:25 |
| freemangordon | Pali: is nfsboot the only sane option for booting n900 without having physical access to it? | 12:25 |
| Pali | freemangordon: probably yes | 12:26 |
| drathir | btw nice ovh gettin new 100G line us-uk ^^ | 12:26 |
| freemangordon | DocScrutinizer05: it should when it comes to reset, but I can't imagine how we can choose options in u-boot menu remotely | 12:26 |
| DocScrutinizer05 | you can set up device in a way so it powers up always | 12:26 |
| DocScrutinizer05 | oooh, that might be a tad harder to solve, yes | 12:26 |
| freemangordon | yeah | 12:27 |
| freemangordon | or even impossible | 12:27 |
| DocScrutinizer05 | you'd need a special uboot hack for that | 12:27 |
| DocScrutinizer05 | one that simply uses USB instead touchscreen, or whatever | 12:27 |
| freemangordon | and that'll may things way more complicated than simply sending the device to me :( | 12:27 |
| DocScrutinizer05 | then otoh why do you need uBoot? | 12:28 |
| freemangordon | well, lets proceed as planned initially, if Pali needs something done I will do it for him | 12:28 |
| drathir | and remember to get rid of that start screen in case power cut... | 12:28 |
| DocScrutinizer05 | drathir: at that point the interesting stuff already happened ;-) | 12:29 |
| drathir | that one where language date time typing... | 12:29 |
| freemangordon | DocScrutinizer05: because if mainline gets unbootable, it is way easier to boot stock (or KP) and fix whatever needs to be fixed | 12:29 |
| DocScrutinizer05 | rescueOS? | 12:29 |
| freemangordon | see, all this is possible, but very complicated | 12:30 |
| DocScrutinizer05 | possibly, yes | 12:30 |
| freemangordon | so instead of focusing on bugfixing we'll have to waste time solving boot issues | 12:30 |
| DocScrutinizer05 | well, think about it a while, I'll not send it before monday anyway | 12:30 |
| freemangordon | Pali: ^^^ | 12:30 |
| freemangordon | DocScrutinizer05: will do, but the more I am thinking about it, the more it becomes obvious remote access is not a viable option for complicated stuff | 12:31 |
| freemangordon | another example - how one is supposed to understand what happens with kbd leds? | 12:32 |
| DocScrutinizer05 | flashing really is a lightweight process, and I guess you could do a simple little hack with kernel cmdline by flasher too, to choose what shall get booted | 12:32 |
| freemangordon | how to open or close the keyboard? | 12:32 |
| drathir | that all remembered me i need soon setup grub/boot ssh acces to be able remotely unlock home srver ;p | 12:32 |
| freemangordon | DocScrutinizer05: keep in mind we have maemo booted, not some simple rootfs | 12:33 |
| DocScrutinizer05 | well, when you want to do stuff like that, it's prolly easier to send the device than to build a robot arm here | 12:33 |
| freemangordon | exactly | 12:33 |
| DocScrutinizer05 | not that I couldn't operate the hall sensors with simple electromagnets instead slider... | 12:34 |
| DocScrutinizer05 | but when it comes to touchscreen and LED inspection, I pass | 12:34 |
| drathir | DocScrutinizer05: live led stream with camera ;p | 12:35 |
| freemangordon | sure, you can, but it doesn't worth it | 12:35 |
| * DocScrutinizer05 idly wonders how Nokia implemented their Remote Device Access | 12:35 | |
| freemangordon | hmm, yeah | 12:35 |
| drathir | but rouchscreen is a mystery for me... | 12:36 |
| drathir | touchscreen* | 12:36 |
| DocScrutinizer05 | drathir: I *could* emulate touchscreen with two potentiometers and a switch for pen-down/up | 12:37 |
| DocScrutinizer05 | but I don't feel eager to set up such test rig | 12:38 |
| drathir | DocScrutinizer05: oh that interesting... | 12:39 |
| DocScrutinizer05 | drathir: one line touchscreen crashcourse: 4wire-ts means it has 4 pins: L, R, U, D. internally that 4wire-ts is L--resistor-A-resistor--R and U--resistor-B-resistor--D, A and B connect on pen-down and the 4 resistors depend in size upon the point on screen you touch | 12:42 |
| DocScrutinizer05 | very very simple | 12:44 |
| DocScrutinizer05 | to give more detail: the 2 resistors between L and R are actually just one long resistor and the only thing that changes is the position of the touchpoint A. Same for Up and Down | 12:46 |
| ceene | freemangordon: encryption is based on libaxolotl (recently renamed to libsignal). Coderus wrote libwa which implements whatsapp protocol using libaxolotl | 12:48 |
| DocScrutinizer05 | so you have two long (and wide) transparent resistor films and when you push the upper film down then the two touch in A-B | 12:48 |
| ceene | so the work to be done is making yappari use this library | 12:48 |
| DocScrutinizer05 | drathir: tell me when you find a shorter easier explanation of a resistive 4wire touchscreen :-) | 12:49 |
| Sicelo | ceene: is the library still working fine? asking because the N9/SFOS guys seem to be stuck if tmo is anything to go by | 12:50 |
| *** M4rtinK has joined #maemo | 12:53 | |
| *** arossdotme has quit IRC | 12:54 | |
| Sicelo | DocScrutinizer05: remote device access: it may have worked through or same way as in SB | 12:55 |
| DocScrutinizer05 | freemangordon: how hard would it be to patch uBoot so it takes kernel cmdline options and acts accordingly? We can alter cmdline by flasher | 12:55 |
| ceene | the thing is coderus has decided not to continue anymore | 12:55 |
| ceene | if anything changes, his app won't follow | 12:55 |
| DocScrutinizer05 | Sicelo: yep, good point indeed | 12:55 |
| ceene | the library, at the moment, should work just fine | 12:55 |
| *** arossdotme has joined #maemo | 12:56 | |
| Sicelo | i think i read problems with registration for example | 12:57 |
| freemangordon | DocScrutinizer05: no ide, it is Pali that should answer that question | 12:58 |
| ceene | registrartion doesn't work? | 12:59 |
| ceene | bah, i just dont know if it is all worth the effort | 13:00 |
| Sicelo | i seem to have read so. ..let me check | 13:00 |
| ceene | once no more s40 versions are released it will be much harder to RE the protocol | 13:00 |
| DocScrutinizer05 | I wonder why they don't support FOSS implemetations, that's insane | 13:01 |
| Sicelo | ceene: http://talk.maemo.org/showthread.php?t=94689&page=95 .. or that application not using coderus lib? | 13:02 |
| DocScrutinizer05 | I mean, the whole watsabi thing is server based anyway, so they wouldn't lose control | 13:02 |
| Maxdamantus | I don't think you'd need to modify u-boot. | 13:04 |
| Maxdamantus | They should be in RAM, right? u-boot should have commands to read RAM into variables. | 13:05 |
| ceene | whatsup for jolla is from cepiperez | 13:05 |
| ceene | i think his codebase differs from that of coderus | 13:05 |
| Sicelo | ah :) | 13:05 |
| ceene | i think it's more similar to mine, in fact | 13:06 |
| ceene | i don't quite get why they don't make devlopment public, as I do | 13:06 |
| ceene | it'd help us all | 13:06 |
| DocScrutinizer05 | Jolla? | 13:06 |
| DocScrutinizer05 | or watsup | 13:07 |
| ceene | whatsup | 13:07 |
| ceene | well, jolla too | 13:07 |
| DocScrutinizer05 | ooooh there's *one* thing and that's their insane coupling to smartphone number for PC client which would get rendered hackable with open source implementation | 13:09 |
| DocScrutinizer05 | so far you need a phoennumber (no matter how little sense that makes) | 13:10 |
| Sicelo | it makes sense if you think about who it was created for :) | 13:11 |
| ceene | even if they'd allow open clients they could still enforce that | 13:11 |
| DocScrutinizer05 | hardly, unless they send SMS with auth code | 13:12 |
| ceene | and that's exactly what they do | 13:12 |
| DocScrutinizer05 | o.O | 13:12 |
| DocScrutinizer05 | hehe | 13:12 |
| Sicelo | whatsapp is organized in such a way that a person never had to add contacts/friends. phone number is the easiest way to do that | 13:12 |
| ceene | to register you tell them your phone number and they send an sms to that phone number | 13:12 |
| DocScrutinizer05 | ok | 13:13 |
| DocScrutinizer05 | cya | 13:14 |
| DocScrutinizer05 | o/ | 13:14 |
| ceene | best course of action would be helping with kernel upgrade, i guess | 13:17 |
| ceene | there are several alternatives that require a modern glibc | 13:17 |
| *** Pali has quit IRC | 13:34 | |
| *** Pali has joined #maemo | 13:39 | |
| drathir | DocScrutinizer05: im sre im dont find that one ^^ | 13:42 |
| drathir | DocScrutinizer05: but yea its sounds even trivially easy in theory but in practice why thats probably of one from the most expensive parts in phone...? | 13:45 |
| ceene | i may end up buying a cheap android | 13:59 |
| ceene | not only because of whatsapp | 13:59 |
| ceene | the lack of applications, nice browser, etc | 13:59 |
| Maxdamantus | Let's all sell our souls and work for Satan because it's more convenient that way. | 14:01 |
| ceene | i could also live in a cave or in the forest | 14:09 |
| ceene | but it's a hell of a lot more inconvenient | 14:09 |
| *** azkay has joined #maemo | 14:36 | |
| enyc | DocScrutinizer05: hrrrm that numer copulping gets worse... | 14:43 |
| enyc | DocScrutinizer05: with a sip2sim attached toan aasip number, you can have a geographic number working on mobile no problems | 14:43 |
| enyc | DocScrutinizer05: sms both ways etc. | 14:43 |
| *** Kabouik_ has quit IRC | 14:51 | |
| enyc | DocScrutinizer05: but the silly whatsapp etc refuse to accept the number | 14:52 |
| *** Kabouik has joined #maemo | 14:53 | |
| *** troulouliou_div2 has joined #maemo | 15:02 | |
| *** krnlyng has quit IRC | 15:12 | |
| *** krnlyng has joined #maemo | 15:28 | |
| *** M4rtinK has quit IRC | 15:54 | |
| Pali | Hi! Do not forget: today is qualification round for Code Jam! https://code.google.com/codejam | 16:06 |
| *** vahe has joined #maemo | 16:36 | |
| *** M4rtinK has joined #maemo | 16:40 | |
| *** deepy has quit IRC | 16:54 | |
| *** kerio has quit IRC | 16:54 | |
| *** deepy has joined #maemo | 16:57 | |
| *** kerio has joined #maemo | 16:58 | |
| *** jon_y has quit IRC | 17:00 | |
| *** M4rtinK has quit IRC | 17:01 | |
| *** jon_y has joined #maemo | 17:02 | |
| *** troulouliou_div2 has quit IRC | 17:39 | |
| *** troulouliou_div2 has joined #maemo | 17:55 | |
| *** sunshavi has joined #maemo | 18:27 | |
| *** pcfe has quit IRC | 18:39 | |
| *** pcfe has joined #maemo | 18:39 | |
| *** pcfe has quit IRC | 18:39 | |
| *** pcfe has joined #maemo | 18:39 | |
| *** dos1 has quit IRC | 18:43 | |
| *** dos1 has joined #maemo | 18:45 | |
| *** sunshavi has quit IRC | 18:58 | |
| *** vahe has quit IRC | 19:19 | |
| *** gregoa has quit IRC | 19:35 | |
| *** gregoa has joined #maemo | 19:36 | |
| *** andril has joined #maemo | 20:24 | |
| *** andril has quit IRC | 20:30 | |
| *** lxp has quit IRC | 20:33 | |
| bencoh | freemangordon: ah ... well, I guess I'm a bit late :/ | 20:40 |
| freemangordon | well, yeah :) | 20:53 |
| *** sunshavi has joined #maemo | 20:56 | |
| *** troulouliou_div2 has joined #maemo | 21:02 | |
| *** lxp has joined #maemo | 21:26 | |
| *** DrCode has quit IRC | 21:32 | |
| DocScrutinizer05 | completely unrelated ranting: since 2 or 3 years or more, I suffer from randomly appearing - for weeks - massive delay when opening konqueror in local filebrowser mode (cwd: ~). Now it suddenly occurs to me that's caused by gvfs | 21:41 |
| DocScrutinizer05 | massive delay = upto 120s until window opens | 21:42 |
| *** pagurus` has quit IRC | 21:42 | |
| DocScrutinizer05 | another useless g* piece of software | 21:42 |
| *** troulouliou_div2 has quit IRC | 21:42 | |
| DocScrutinizer05 | enyc: yep, of course. A SIP client is not 'real phone' | 21:59 |
| DocScrutinizer05 | I guess not even on Android apps are built in a way so the accept arbitrary IM as GSM SMS text message (SMS via SIP is basically IM) | 22:00 |
| *** pagurus has joined #maemo | 22:02 | |
| DocScrutinizer05 | also any possible API for query of own number will fail epically when that number is not SIM based but SIP | 22:02 |
| enyc | DocScrutinizer05: no, this is not a sip client, it is acutal mobile sim card getting actual mobile calls on the sip2sim phone number | 22:11 |
| DocScrutinizer05 | ooh | 22:11 |
| enyc | DocScrutinizer05: if you have both a sip2sim and a mobile from aaisp they will bind them together natively/internally | 22:12 |
| enyc | DocScrutinizer05: though you _can_ have the sip2sim service register on an 'external' sip account if you wish | 22:12 |
| DocScrutinizer05 | now is aaisp aka aasip a N900 typo or meant like that? | 22:12 |
| enyc | DocScrutinizer05: but its' not done by sip client on the phone | 22:12 |
| enyc | DocScrutinizer05: aaisp is a company Andrews & Arnold ISP | 22:12 |
| DocScrutinizer05 | aaah ok | 22:13 |
| enyc | DocScrutinizer05: AASIP -- Andrews and Arnold SIP phone number, i think i meant | 22:13 |
| enyc | DocScrutinizer05: i.e. aaisp run aasip service ;p | 22:13 |
| enyc | DocScrutinizer05: their irc.z.je #a&a channel is a good community / place to find interesting/technical people | 22:13 |
| DocScrutinizer05 | thanks for this new (to me) info :-) | 22:14 |
| enyc | DocScrutinizer05: they provide sim-cards for data-only service, static ipv4 address + ipv6 over 6in4 tunnel | 22:15 |
| enyc | DocScrutinizer05: also, 'sip2sim' roaming mobile voice sim, that connects either directly to an aasip number, OR, to a sip account of your choice, but NOT using sip client built into phone, it uses the GSM voice. | 22:16 |
| enyc | DocScrutinizer05: or 3g voice or whatever but you get the idea | 22:16 |
| DocScrutinizer05 | unified-services has many funny options and variants :-) | 22:17 |
| enyc | anyway, it does work with SMS to/from geographic number of the phone | 22:17 |
| enyc | but apparently whatsapp don't like that | 22:17 |
| DocScrutinizer05 | the differences between connection classes vanish more and more | 22:17 |
| DocScrutinizer05 | I wonder if my mobile SMS dispatch would like it | 22:17 |
| DocScrutinizer05 | I always wondered how they decide to either send ascii SMS or voice SMS | 22:18 |
| enyc | orange/ee seem to voice-dispatch, wheresa three, vodafone, at least deliver normally/fine | 22:18 |
| DocScrutinizer05 | odds are for anything that looks to them like a landline geo-phonenumber they will send text2speech voice SMS anyway | 22:19 |
| enyc | i never saw the need for mobile to 'voice dispatch' -- seemingly at least bt openreach landlines, have their own locally generated text2speech | 22:19 |
| enyc | i.e. its' not needed at the sending provider network at all | 22:19 |
| DocScrutinizer05 | well, that's what you get when there's no globbaly accepted standard and no unambiguous 'right way' to implement a service | 22:20 |
| DocScrutinizer05 | the more creative and innovative your service, the higher the odds you competitor will come up with something even more nifty which is incompatible for sure | 22:21 |
| DocScrutinizer05 | in the nineties we had a phone exchane system called EWS here in germany, which had all sorts of nifty functions like wake call setup via DTMF (sort of *42*0715#), Then came SS7 and those nice functions all were gone again | 22:24 |
| *** sunshavi has quit IRC | 22:26 | |
| DocScrutinizer05 | https://de.wikipedia.org/wiki/Signalling_System_7 https://de.wikipedia.org/wiki/EWSD | 22:27 |
| *** futpib has quit IRC | 22:30 | |
| DocScrutinizer05 | robotanarchy: ((what do you mean? the additional code running on the server (tor) or the additional network bandwith?)) basically what I mean is the Erlang (Erl) explosion you get from using a randomized routing like in TOR | 22:36 |
| bencoh | ? | 22:38 |
| DocScrutinizer05 | if *every* (web-)server in the internet was a TOR-only server, you'd not only need twice to three times the amount of router/server hardware to establish the needed TOR network, you also need a probably factor 16 beefed up internet, particularly backbones down to the datacenters of this world | 22:39 |
| DocScrutinizer05 | you're aware that even today where TOR is mostly unknown to Joe AverageUser and massively supported for free with TOR nodes run by enthusiasts, it's not possible to watch TV via TOR | 22:42 |
| DocScrutinizer05 | TOR simply doesn't scale | 22:43 |
| bencoh | that's not really a backbone issue, more a last-mile thing (and people setting bw limits to their TOR servers) | 22:43 |
| bencoh | at this scale at least | 22:43 |
| DocScrutinizer05 | well, yes, but we still have *A*DSL in post parts of this world as best you can get. So you can't run any sort of P2P-TOR that would faintly get near to what's your downstream bandwidth. You can't even get average upstream bandwidth with your P2P-TOR downstream | 22:45 |
| DocScrutinizer05 | s/ post / most / | 22:45 |
| infobot | DocScrutinizer05 meant: well, yes, but we still have *A*DSL in most parts of this world as best you can get. So you can't run any sort of P2P-TOR that would faintly get near to what's your downstream bandwidth. You can't even get average upstream bandwidth with your P2P-TOR down... | 22:45 |
| bencoh | DocScrutinizer05: that's why I'm saying it's a last-mile issue, not a backbone one ... for now. | 22:46 |
| DocScrutinizer05 | for now yes | 22:46 |
| DocScrutinizer05 | for a "everything is TOR" wprld this changes | 22:46 |
| DocScrutinizer05 | since as I said you need twice the amount of webservers existing on this globe to establish the TOR layer on a semi-commercial level | 22:47 |
| bencoh | as for "later", ie the day ISP stop being stupid and eventually move to symetric uplinks (which might never come as it stands ...) ... we'd just get less bw :) | 22:47 |
| DocScrutinizer05 | you need twice the amount of TOR than what we got for web servers | 22:48 |
| bencoh | I'm pretty the webserver vs users ratio is more than that ;) | 22:48 |
| bencoh | (users vs webservers rather) | 22:49 |
| DocScrutinizer05 | yes, but also many users can use one TOR server (actually they use several servers then, depending on the number of hops) | 22:55 |
| DocScrutinizer05 | the factor 2 was a guestimate tradeoff between lower load for TOR compared to the stuff a webserver does, vs the fact that a TOR connection involves multiple such TOR nodes for one client of a webserver | 22:56 |
| bencoh | yeah but you've got the idea | 22:57 |
| DocScrutinizer05 | sure | 22:57 |
| DocScrutinizer05 | :-) | 22:57 |
| DocScrutinizer05 | anyway even when you'd assume *every* user runs a P2P TOR node on their (A)DSL, the available netto bandwidth is bruto DSL min(up,down) bandwith / average number of TOR hops * 1/percentage-nettoload-over-time-per-user-DSL | 23:01 |
| DocScrutinizer05 | actually s/average number of TOR hops /(2 * average number of TOR hops) / | 23:02 |
| DocScrutinizer05 | with an averahe hop count of 5, and every user running full bandwidth downloads, they all get 1/10 of their up/down bandwith whatever is lower, for both down and up | 23:03 |
| DocScrutinizer05 | +-2, my math sucks | 23:10 |
| DocScrutinizer05 | 1/8 - 1/12 | 23:10 |
| robotanarchy | DocScrutinizer05: I didn't say: everyone should use tor for everything, but I like the idea that every page provides a tor hidden service, if the user requests it. and streaming content over tor is not a good idea at all, unless really necessary | 23:27 |
| robotanarchy | also about your argument that you can decode whatever users were doing on a webserver by the download size - consider wikipedia or search engines, reddit, ... you can't easily say from the traffic which site they have visited. and it *does* make a difference whether you're reading about big bang theory or about making explosives | 23:29 |
| robotanarchy | just as an example | 23:29 |
| DocScrutinizer05 | robotanarchy: (every server *provides*) completely on your page | 23:29 |
| DocScrutinizer05 | also agree on content being relevant for some usecases like search engines and huge wikipedias | 23:30 |
| DocScrutinizer05 | in such cases encryption makes sense | 23:31 |
| robotanarchy | and maybe you do not want to get javascript 0days inserted into your plain HTTP xkcd.com connection when surfing in open hotel wifi ;) | 23:31 |
| bencoh | yeah, or let's sign js code :* | 23:33 |
| bencoh | just kidding ... but I strongly believe the real issue here is allowing code to run in the browser :) | 23:34 |
| robotanarchy | it absolutely is | 23:34 |
| DocScrutinizer05 | robotanarchy: what in a hotel WLAN situation would make a fake DNS attack that points xkcd.com to my rogue server to download the 0day via HTTPS less feasible than a MITM that tries to insert the 0day into plain unencrpted HTTP from original xkcd.com? | 23:37 |
| kerio | the fact that xkcd.com has HSTS | 23:38 |
| DocScrutinizer05 | there we are again - false assumptions about security | 23:38 |
| bencoh | DocScrutinizer05: hmm? | 23:38 |
| bencoh | DocScrutinizer05: you'd need to be able to sign a cert for xkcd.com | 23:38 |
| bencoh | (which might be possible depending on who you are, but's that another story) | 23:39 |
| DocScrutinizer05 | bencoh: when I'm in a hotel WLAN I usually get my DNS IPs via DHCP | 23:39 |
| bencoh | DocScrutinizer05: still doesn't change the ssl cert thing | 23:39 |
| *** azkay has quit IRC | 23:39 | |
| DocScrutinizer05 | so I don't sign a cert for xkcd, I simply use my own | 23:39 |
| robotanarchy | as bencoh says, you still need the cert. and if xkcd has used certificate pinning, you can't even use a fake cert (which isn't that easy to get in the first place) | 23:39 |
| robotanarchy | DocScrutinizer05: with a self signed cert, the user would see the big red warning screen | 23:40 |
| DocScrutinizer05 | LE doesn't issue self signed certs | 23:40 |
| robotanarchy | DocScrutinizer05: how would you make lets encrypt sign *you* a cert for xkcd.com | 23:41 |
| robotanarchy | ? | 23:41 |
| DocScrutinizer05 | and I'm actually tired of that discussion. It constantly mixes things, encryption is NOT authentication | 23:41 |
| DocScrutinizer05 | certs are useless for automated authentication, by design | 23:42 |
| DocScrutinizer05 | actually the recently used infra is | 23:42 |
| bencoh | DocScrutinizer05: ssl certificate exchange provides server "authentification", client-wise (?) | 23:42 |
| bencoh | considering the attacker doesn't have control over a truster cert authority | 23:42 |
| *** Venusaur has quit IRC | 23:43 | |
| bencoh | I don't really get your point here, let's say you do push your DNS IPs to the dhcp client | 23:43 |
| kerio | watch out, or he's going to ignore you | 23:44 |
| bencoh | then you'd redirect web traffic to your server. ... then which cert would you present? | 23:44 |
| DocScrutinizer05 | kerio: what makes you think I he gives a *fuck* about your warnings? | 23:44 |
| DocScrutinizer05 | kerio: maybe you got a deja vu | 23:45 |
| DocScrutinizer05 | but indeed I don't feel like continuing this discussion, maybe we can agree on you all thinking I'm wrong and I insist on my dislike of this LE thing | 23:46 |
| robotanarchy | DocScrutinizer05: I recommend fefe's rant on let's encrypt if you have not already read it. pure gold :D | 23:47 |
| *** Sicelo009N has joined #maemo | 23:47 | |
| DocScrutinizer05 | I never read fefe | 23:47 |
| bencoh | DocScrutinizer05: I dislike LE as well but I feel I missed part of the discussion, I didn't gather LE was at stake here actually | 23:48 |
| DocScrutinizer05 | got my own brain to build my own notion | 23:48 |
| DocScrutinizer05 | bencoh: the discussion was about LE massively improving glovbal internet security | 23:49 |
| DocScrutinizer05 | I disagree and think it rather conveys a wrong sense of security to Joe Noob | 23:49 |
| DocScrutinizer05 | and massively complicates things that actually would help in my very private security management | 23:50 |
| DocScrutinizer05 | everyone is free to have their own idea about that, I'm not even any sort of expert with security | 23:52 |
| DocScrutinizer05 | at least not on sw level | 23:53 |
| DocScrutinizer05 | I just get angry about sw devels particularly of browsers etc when I read stuff like https://botbot.me/freenode/devuan/2016-04-03/?msg=63439141&page=2 | 23:56 |
| DocScrutinizer05 | and https://botbot.me/freenode/devuan/2016-04-03/?msg=63440909&page=2 | 23:56 |
| DocScrutinizer05 | doesn't sound like improved security | 23:58 |
| DocScrutinizer05 | raher like additional trouble | 23:58 |
Generated by irclog2html.py 2.15.1 by Marius Gedminas - find it at mg.pov.lt!
