IRC log of #maemo for Thursday, 2020-09-03

*** BitEvil is now known as SpeedEvil00:01
*** niceplaces has quit IRC00:15
*** niceplace has joined #maemo00:16
*** Wizzup has quit IRC00:59
*** warfare has quit IRC00:59
*** Wizzup has joined #maemo01:00
*** warfare has joined #maemo01:01
*** Oksana has joined #maemo01:05
*** florian has quit IRC01:45
*** Kilroo has joined #maemo02:03
*** Oksana has quit IRC02:18
*** Pali has quit IRC02:34
*** horseshoecrab has quit IRC02:40
*** jskarvad has quit IRC03:05
*** chfoo has quit IRC03:50
*** chfoo has joined #maemo03:50
*** Oksana has joined #maemo04:24
*** sunshavi has quit IRC05:11
*** xxCHRISxx has left #maemo05:12
*** sunshavi has joined #maemo05:13
*** sunshavi has quit IRC05:15
*** horseshoecrab has joined #maemo05:37
*** horseshoecrab has quit IRC05:41
*** tm has quit IRC05:54
*** tm has joined #maemo05:58
*** sunshavi has joined #maemo06:19
*** horseshoecrab has joined #maemo07:05
*** DocScrutinizer05 has quit IRC07:14
*** DocScrutinizer05 has joined #maemo07:14
*** Maxdamantus has quit IRC07:18
*** Maxdamantus has joined #maemo07:19
*** Oksana has quit IRC07:35
*** auenf has joined #maemo08:03
*** auenfx8 has quit IRC08:04
*** Oksana has joined #maemo08:31
*** Oksana has quit IRC08:37
*** Kilroo has quit IRC08:42
*** Pali has joined #maemo09:49
*** sunshavi has quit IRC10:04
*** sunshavi has joined #maemo10:06
*** chainsawbike has quit IRC10:34
*** sunshavi has quit IRC10:37
*** sunshavi has joined #maemo10:41
*** jskarvad has joined #maemo10:43
*** sunshavi has quit IRC10:51
*** sunshavi has joined #maemo11:07
*** florian has joined #maemo11:17
MaxdamantusLock switch epoxy replaced.12:32
*** root has joined #maemo12:50
*** root is now known as Guest5606212:50
Guest56062most of https sites give 'no common cipher' error. how could i solve that on fremantle?12:51
*** chainsawbike has joined #maemo12:53
MaxdamantusPersonally, I just use a MITM proxy that I wrote, where certificates are created on-the-fly, signed by my own root certificate.13:02
Maxdamantus(so Opera has my own root certificate in its trusted store)13:03
MaxdamantusHave been meaning to refactor it so it does everything in one thread, but haven't got round to it.13:04
Maxdamantus(it spawns a new thread for each connection)13:05
*** Guest56062 has quit IRC13:05
*** root has joined #maemo13:07
*** root is now known as Guest4974613:07
siceloHalftux also compiled nginx and runs it as a proxy on the N900. you may have a look in for the binary and config13:15
MaxdamantusHm. I wonder how that works.13:20
MaxdamantusFound post:
MaxdamantusDoesn't sound like something that should work.13:22
Guest49746i missed the conversation, can someone explain what should i do?13:24
MaxdamantusUnless the browser is willing to to do some very insecure use of proxies, you basically need to be able to come up with a certificate for each domain name.13:24
MaxdamantusGuest49746: my solution is this:
MaxdamantusGuest49746: that's a MITM proxy I wrote that I run on the N900. It generates certificates for any domain, signed by the given "cacert" and proxies the connection through a regular SSL client connection (with host verification provided by OpenSSL).13:25
Guest49746how i make it run? even gcc wasn't in repos13:27
L29Ahwhat sites give the error?13:28
L29Ahgoogle wox13:29
Guest49746Maxdamantus: ^13:30
MaxdamantusL29Ah: from memory, github is one example.13:30
Guest49746L29Ah: myabandonware.com13:31
MaxdamantusGuest49746: I think you'll need to add some repositories listed here:
Guest49746frustrates me how even wikipedia refuses to do simple http13:32
Guest49746those web people fascinated with phasing stuff out13:33
MaxdamantusPhasing things that should be phased out out.13:34
Guest49746Maxdamnatus: i have the repos, it is not an installation candidate there13:34
Guest49746Maxdamantus: the worst thing you could do with wikipedia over http is to feed misinformation13:35
Guest49746i don't mean old ssl13:35
MaxdamantusWould you want your ISP knowing what you're looking at on Wikipedia? If common unsecured HTTP were still a thing nowadays, the ISPs would be selling all your requests to ad companies.13:38
Guest49746they still have your dns requests unless you have DoH or tunnel it through tor.13:39
MaxdamantusRight, but DNS requests are not as useful. Browsers very likely cache DNS requests so you can't even tell how frequently someone uses a website.13:40
MaxdamantusOverall not very useful to advertisers.13:40
Guest49746also everything should be secure by default, but security should not be compulsory. it would start intefering with everything everywhere13:40
Guest49746if that was case, android is more secure than OpenBSD13:41
L29Ahi'm okay with selling all my requests to ad companies13:42
L29Ahnow gimme my wikipedia13:42
Guest49746i am 'trying' to make http connection to the open-source website that loves taking screenshots of itself using all the weird browsers of the last 25 years, and it even doesn't support old ssl13:43
MaxdamantusI guess the ISP can already see how much you're using each site anyway, since they can track traffic use to domain names (either using DNS or SNI or just figuring things out based on IP address)13:43
L29Ahi recall taking a train in .il and the onboard isp just blocks https, that wasn't fun when half of sites just redirect you to https on their http13:43
Maxdamantusbut regardless, all of that is a lot less useful than the actual requests.13:43
MaxdamantusI find advertising morally undesirable.13:44
Guest49746i just want it to work, they could just make a big red warning on top of the pages.13:44
MaxdamantusSo I'm generally in favour of technical decisions which limit its effectiveness.13:44
KotCzarnyadvertising was a lot easier to cut/filter out with http13:45
KotCzarnywith https you have to use in-browser methods13:45
KotCzarnyunless you start your own recerting/bumping proxy13:45
Guest49746there are anti-ad DNS servers, they work well13:45
Guest49746AdGuard at least13:46
KotCzarnythey dont cut ads based on url unfortunatelly13:46
Guest49746however, how i compile mitm.c?13:47
L29Ahi remember being able to install gcc on n900 by adding the dev repos13:48
MaxdamantusOnce you've got gcc and a recent version of openssl, should be `gcc mitm.c -o mitm -lcrypto -lssl`13:48
Guest49746L29Ah: dev = devel?13:49
L29Ahotherwise you can make a debian arm chroot w/ qemu-user on your pc13:49
L29Ahdunno lol13:49
MaxdamantusActually, `gcc mitm.c -o mitm -D_BSD_SOURCE -D_POSIX_SOURCE -lcrypto -lssl -lpthread -std=c9913:50
KotCzarnyGuest49746: you can try my sdk chroot13:50
KotCzarnyjust download and unpack on ext3 filesystem on n90013:50
Guest49746chroot:not found13:51
*** Guest49746 is now known as untakenstupidnic13:52
untakenstupidnicyes but chroot itself13:52
KotCzarnyits inside13:52
KotCzarnyand a script to run it also13:53
untakenstupidnicchroot: can't execute '/bin/sh'13:56
untakenstupidnicNo such file or directory13:56
KotCzarnywhat are you trying to do?13:56
untakenstupidnicchroot n900_sdkchroot13:57
untakenstupidnicchroot is only there using root shell, which is strange13:57
KotCzarnyinteresting because i dont see any downloads13:57
untakenstupidnici had it downloaded before13:58
KotCzarnyahm ok13:58
KotCzarnyyou should use the script go-n90013:59
KotCzarnynot the chroot command alone13:59
KotCzarnyyou have to customize the script too14:00
untakenstupidnicwhere can i find the script?14:00
untakenstupidniconly home and opt there14:01
KotCzarnybad download/unpack then14:01
KotCzarnyand keep in mind you shouldnt unpack it on vfat, it wont work14:02
untakenstupidnicvfat is the emmc's default?14:02
KotCzarnyi think in /opt you should have ~500MB of free space14:02
KotCzarnytry df -T14:02
untakenstupidnici see no mention of vfat14:03
KotCzarnymost likely /home/user/MyDocs is using vfat14:05
untakenstupidnicit is in /home/user14:05
KotCzarnycheck if you didnt run out of free space14:06
*** jon_y has quit IRC14:10
*** zama has quit IRC14:12
*** jon_y has joined #maemo14:13
*** zama has joined #maemo14:13
KotCzarnygotta run, bbl14:13
untakenstupidnicis normal gcc really supposed to be in devel?14:15
*** norayr is now known as inky14:50
KotCzarnybecause of lack of space on device15:02
KotCzarnyand devel != sdk15:02
KotCzarnydevel == untested, work in progress packages repo15:02
KotCzarnysdk == software devel/packaging env15:03
untakenstupidnicKotCzarny: does sdk repo work on n900? gotta test it15:16
KotCzarnyyou will break your rootfs15:16
KotCzarnythat's why i've created the chroot15:16
untakenstupidnichow do i unpack tar.xz15:17
KotCzarnyxz -dc file.tar.xz | tar -xp15:18
KotCzarnymake sure you are unpacking in a place with enough space15:18
KotCzarny~600MB or more15:18
*** Oksana_ has joined #maemo15:19
KotCzarnyif you have normal pc you can also just use sdk vm15:19
KotCzarnymight be easier for you15:19
bencohthat's definitely your best bet15:19
bencohand it will be faster15:20
KotCzarnybencoh: he just needs to compile single binary i think15:20
KotCzarnyso if you have time and sdk hand you might help him if you want15:20
bencohThe server hosting my sdk vm is currently down15:21
bencohIt's the one hosting by the way15:21
KotCzarnyi might provide a mirror if you want15:21
bencohI need to setup a replacement (I have a mirror stored on another server)15:22
KotCzarnyofftopic, flop of the month:
*** CcxWrk has quit IRC15:43
*** CcxWrk has joined #maemo15:48
*** florian_kc has joined #maemo15:58
*** jskarvad has quit IRC16:06
*** CcxWrk has quit IRC16:25
*** CcxWrk has joined #maemo16:31
*** Oksana_ is now known as Oksana16:40
*** peetah has quit IRC17:14
*** peetah has joined #maemo17:17
*** peetah has quit IRC17:27
*** peetah has joined #maemo17:32
*** Maxdamantus has quit IRC18:17
*** Maxdamantus has joined #maemo18:19
*** florian_kc has quit IRC18:33
*** ahjolinna has quit IRC18:41
*** ahjolinna has joined #maemo18:43
*** florian has quit IRC18:46
*** inky has quit IRC19:06
*** norayr has joined #maemo19:21
*** norayr is now known as inky19:45
*** untakenstupidnic has quit IRC20:23
*** Pali has quit IRC20:42
*** valerius has quit IRC21:44
*** valerius has joined #maemo21:45
*** florian_kc has joined #maemo23:05
*** inky has quit IRC23:08
freemangordonhmm, down?23:10
KotCzarnyseems so23:11
KotCzarnybut only www.23:11
freemangordonI can ssh to the machine, weird23:12
warfareapache crashed. Just needed a restart23:15
KotCzarnyexploiting in progress?23:16
warfareNah, just midgard acting up and eating all memory.23:16
warfareHappens from time to time.23:16
KotCzarnyah, good ol' oom23:16
*** norayr has joined #maemo23:29
*** untakenstupidnic has joined #maemo23:36
untakenstupidnicKotCzarny: sdk chroot works but it's openssl doesn't look new23:36
untakenstupidnicsince i think Maxdamantus' gist required new ssl23:38
KotCzarnysince you have sdk now, you can try compiling ssl too, and compiling that gist statically against new ssl23:39
untakenstupidnicdo you think it's feasible to try pkgsrc on it?23:40
KotCzarnywhat's a pgksrc?23:40
KotCzarnynever used, so i cant comment23:41

Generated by 2.15.1 by Marius Gedminas - find it at!