| *** BitEvil is now known as SpeedEvil | 00:01 | |
| *** niceplaces has quit IRC | 00:15 | |
| *** niceplace has joined #maemo | 00:16 | |
| *** Wizzup has quit IRC | 00:59 | |
| *** warfare has quit IRC | 00:59 | |
| *** Wizzup has joined #maemo | 01:00 | |
| *** warfare has joined #maemo | 01:01 | |
| *** Oksana has joined #maemo | 01:05 | |
| *** florian has quit IRC | 01:45 | |
| *** Kilroo has joined #maemo | 02:03 | |
| *** Oksana has quit IRC | 02:18 | |
| *** Pali has quit IRC | 02:34 | |
| *** horseshoecrab has quit IRC | 02:40 | |
| *** jskarvad has quit IRC | 03:05 | |
| *** chfoo has quit IRC | 03:50 | |
| *** chfoo has joined #maemo | 03:50 | |
| *** Oksana has joined #maemo | 04:24 | |
| *** sunshavi has quit IRC | 05:11 | |
| *** xxCHRISxx has left #maemo | 05:12 | |
| *** sunshavi has joined #maemo | 05:13 | |
| *** sunshavi has quit IRC | 05:15 | |
| *** horseshoecrab has joined #maemo | 05:37 | |
| *** horseshoecrab has quit IRC | 05:41 | |
| *** tm has quit IRC | 05:54 | |
| *** tm has joined #maemo | 05:58 | |
| *** sunshavi has joined #maemo | 06:19 | |
| *** horseshoecrab has joined #maemo | 07:05 | |
| *** DocScrutinizer05 has quit IRC | 07:14 | |
| *** DocScrutinizer05 has joined #maemo | 07:14 | |
| *** Maxdamantus has quit IRC | 07:18 | |
| *** Maxdamantus has joined #maemo | 07:19 | |
| *** Oksana has quit IRC | 07:35 | |
| *** auenf has joined #maemo | 08:03 | |
| *** auenfx8 has quit IRC | 08:04 | |
| *** Oksana has joined #maemo | 08:31 | |
| *** Oksana has quit IRC | 08:37 | |
| *** Kilroo has quit IRC | 08:42 | |
| *** Pali has joined #maemo | 09:49 | |
| *** sunshavi has quit IRC | 10:04 | |
| *** sunshavi has joined #maemo | 10:06 | |
| *** chainsawbike has quit IRC | 10:34 | |
| *** sunshavi has quit IRC | 10:37 | |
| *** sunshavi has joined #maemo | 10:41 | |
| *** jskarvad has joined #maemo | 10:43 | |
| *** sunshavi has quit IRC | 10:51 | |
| *** sunshavi has joined #maemo | 11:07 | |
| *** florian has joined #maemo | 11:17 | |
| Maxdamantus | Lock switch epoxy replaced. | 12:32 |
|---|---|---|
| *** root has joined #maemo | 12:50 | |
| *** root is now known as Guest56062 | 12:50 | |
| Guest56062 | most of https sites give 'no common cipher' error. how could i solve that on fremantle? | 12:51 |
| *** chainsawbike has joined #maemo | 12:53 | |
| Maxdamantus | Personally, I just use a MITM proxy that I wrote, where certificates are created on-the-fly, signed by my own root certificate. | 13:02 |
| Maxdamantus | (so Opera has my own root certificate in its trusted store) | 13:03 |
| Maxdamantus | https://gist.github.com/Maxdamantus/e32ab94dbc5d9d43298428400020620e | 13:04 |
| Maxdamantus | Have been meaning to refactor it so it does everything in one thread, but haven't got round to it. | 13:04 |
| Maxdamantus | (it spawns a new thread for each connection) | 13:05 |
| *** Guest56062 has quit IRC | 13:05 | |
| *** root has joined #maemo | 13:07 | |
| *** root is now known as Guest49746 | 13:07 | |
| sicelo | Halftux also compiled nginx and runs it as a proxy on the N900. you may have a look in talk.maemo.org for the binary and config | 13:15 |
| Maxdamantus | Hm. I wonder how that works. | 13:20 |
| Maxdamantus | Found post: http://talk.maemo.org/showthread.php?p=1563641 | 13:21 |
| Maxdamantus | Doesn't sound like something that should work. | 13:22 |
| Guest49746 | i missed the conversation, can someone explain what should i do? | 13:24 |
| Maxdamantus | Unless the browser is willing to to do some very insecure use of proxies, you basically need to be able to come up with a certificate for each domain name. | 13:24 |
| Maxdamantus | Guest49746: my solution is this: https://gist.github.com/Maxdamantus/e32ab94dbc5d9d43298428400020620e | 13:24 |
| Maxdamantus | Guest49746: that's a MITM proxy I wrote that I run on the N900. It generates certificates for any domain, signed by the given "cacert" and proxies the connection through a regular SSL client connection (with host verification provided by OpenSSL). | 13:25 |
| Guest49746 | how i make it run? even gcc wasn't in repos | 13:27 |
| L29Ah | what sites give the error? | 13:28 |
| L29Ah | google wox | 13:29 |
| Guest49746 | Maxdamantus: ^ | 13:30 |
| Maxdamantus | L29Ah: from memory, github is one example. | 13:30 |
| Guest49746 | L29Ah: myabandonware.com | 13:31 |
| Maxdamantus | Guest49746: I think you'll need to add some repositories listed here: http://repository.maemo.org/ | 13:32 |
| Guest49746 | frustrates me how even wikipedia refuses to do simple http | 13:32 |
| Guest49746 | those web people fascinated with phasing stuff out | 13:33 |
| Maxdamantus | Phasing things that should be phased out out. | 13:34 |
| Guest49746 | Maxdamnatus: i have the maemo.org repos, it is not an installation candidate there | 13:34 |
| Guest49746 | Maxdamantus: the worst thing you could do with wikipedia over http is to feed misinformation | 13:35 |
| Guest49746 | i don't mean old ssl | 13:35 |
| Maxdamantus | Would you want your ISP knowing what you're looking at on Wikipedia? If common unsecured HTTP were still a thing nowadays, the ISPs would be selling all your requests to ad companies. | 13:38 |
| Guest49746 | they still have your dns requests unless you have DoH or tunnel it through tor. | 13:39 |
| Maxdamantus | Right, but DNS requests are not as useful. Browsers very likely cache DNS requests so you can't even tell how frequently someone uses a website. | 13:40 |
| Maxdamantus | Overall not very useful to advertisers. | 13:40 |
| Guest49746 | also everything should be secure by default, but security should not be compulsory. it would start intefering with everything everywhere | 13:40 |
| Guest49746 | if that was case, android is more secure than OpenBSD | 13:41 |
| L29Ah | i'm okay with selling all my requests to ad companies | 13:42 |
| L29Ah | now gimme my wikipedia | 13:42 |
| Guest49746 | i am 'trying' to make http connection to the open-source website that loves taking screenshots of itself using all the weird browsers of the last 25 years, and it even doesn't support old ssl | 13:43 |
| Maxdamantus | I guess the ISP can already see how much you're using each site anyway, since they can track traffic use to domain names (either using DNS or SNI or just figuring things out based on IP address) | 13:43 |
| L29Ah | i recall taking a train in .il and the onboard isp just blocks https, that wasn't fun when half of sites just redirect you to https on their http | 13:43 |
| Maxdamantus | but regardless, all of that is a lot less useful than the actual requests. | 13:43 |
| Maxdamantus | I find advertising morally undesirable. | 13:44 |
| Guest49746 | i just want it to work, they could just make a big red warning on top of the pages. | 13:44 |
| Maxdamantus | So I'm generally in favour of technical decisions which limit its effectiveness. | 13:44 |
| KotCzarny | advertising was a lot easier to cut/filter out with http | 13:45 |
| KotCzarny | with https you have to use in-browser methods | 13:45 |
| KotCzarny | unless you start your own recerting/bumping proxy | 13:45 |
| Guest49746 | there are anti-ad DNS servers, they work well | 13:45 |
| Guest49746 | AdGuard at least | 13:46 |
| KotCzarny | they dont cut ads based on url unfortunatelly | 13:46 |
| Guest49746 | however, how i compile mitm.c? | 13:47 |
| L29Ah | i remember being able to install gcc on n900 by adding the dev repos | 13:48 |
| Maxdamantus | Once you've got gcc and a recent version of openssl, should be `gcc mitm.c -o mitm -lcrypto -lssl` | 13:48 |
| Guest49746 | L29Ah: dev = devel? | 13:49 |
| L29Ah | otherwise you can make a debian arm chroot w/ qemu-user on your pc | 13:49 |
| L29Ah | dunno lol | 13:49 |
| Maxdamantus | Actually, `gcc mitm.c -o mitm -D_BSD_SOURCE -D_POSIX_SOURCE -lcrypto -lssl -lpthread -std=c99 | 13:50 |
| Maxdamantus | ` | 13:50 |
| KotCzarny | Guest49746: you can try my sdk chroot | 13:50 |
| KotCzarny | just download and unpack on ext3 filesystem on n900 | 13:50 |
| Guest49746 | chroot:not found | 13:51 |
| KotCzarny | http://talk.maemo.org/showthread.php?p=1522157 | 13:52 |
| *** Guest49746 is now known as untakenstupidnic | 13:52 | |
| untakenstupidnic | yes but chroot itself | 13:52 |
| KotCzarny | its inside | 13:52 |
| KotCzarny | and a script to run it also | 13:53 |
| untakenstupidnic | chroot: can't execute '/bin/sh' | 13:56 |
| untakenstupidnic | No such file or directory | 13:56 |
| KotCzarny | what are you trying to do? | 13:56 |
| untakenstupidnic | chroot n900_sdkchroot | 13:57 |
| untakenstupidnic | chroot is only there using root shell, which is strange | 13:57 |
| KotCzarny | interesting because i dont see any downloads | 13:57 |
| untakenstupidnic | i had it downloaded before | 13:58 |
| KotCzarny | ahm ok | 13:58 |
| KotCzarny | you should use the script go-n900 | 13:59 |
| KotCzarny | not the chroot command alone | 13:59 |
| KotCzarny | you have to customize the script too | 14:00 |
| untakenstupidnic | where can i find the script? | 14:00 |
| KotCzarny | inside? | 14:00 |
| KotCzarny | n900_sdkchroot/go-n900 | 14:00 |
| untakenstupidnic | only home and opt there | 14:01 |
| KotCzarny | bad download/unpack then | 14:01 |
| KotCzarny | and keep in mind you shouldnt unpack it on vfat, it wont work | 14:02 |
| untakenstupidnic | vfat is the emmc's default? | 14:02 |
| KotCzarny | i think in /opt you should have ~500MB of free space | 14:02 |
| KotCzarny | try df -T | 14:02 |
| untakenstupidnic | i see no mention of vfat | 14:03 |
| KotCzarny | most likely /home/user/MyDocs is using vfat | 14:05 |
| untakenstupidnic | it is in /home/user | 14:05 |
| KotCzarny | check if you didnt run out of free space | 14:06 |
| *** jon_y has quit IRC | 14:10 | |
| *** zama has quit IRC | 14:12 | |
| *** jon_y has joined #maemo | 14:13 | |
| *** zama has joined #maemo | 14:13 | |
| KotCzarny | gotta run, bbl | 14:13 |
| untakenstupidnic | is normal gcc really supposed to be in devel? | 14:15 |
| *** norayr is now known as inky | 14:50 | |
| KotCzarny | hah. | 15:02 |
| KotCzarny | yes | 15:02 |
| KotCzarny | because of lack of space on device | 15:02 |
| KotCzarny | and devel != sdk | 15:02 |
| KotCzarny | devel == untested, work in progress packages repo | 15:02 |
| KotCzarny | sdk == software devel/packaging env | 15:03 |
| untakenstupidnic | KotCzarny: does sdk repo work on n900? gotta test it | 15:16 |
| KotCzarny | no | 15:16 |
| KotCzarny | you will break your rootfs | 15:16 |
| KotCzarny | that's why i've created the chroot | 15:16 |
| untakenstupidnic | how do i unpack tar.xz | 15:17 |
| KotCzarny | xz -dc file.tar.xz | tar -xp | 15:18 |
| KotCzarny | make sure you are unpacking in a place with enough space | 15:18 |
| KotCzarny | ~600MB or more | 15:18 |
| *** Oksana_ has joined #maemo | 15:19 | |
| KotCzarny | if you have normal pc you can also just use sdk vm | 15:19 |
| KotCzarny | might be easier for you | 15:19 |
| bencoh | that's definitely your best bet | 15:19 |
| bencoh | and it will be faster | 15:20 |
| KotCzarny | bencoh: he just needs to compile single binary i think | 15:20 |
| bencoh | ah | 15:20 |
| KotCzarny | so if you have time and sdk hand you might help him if you want | 15:20 |
| KotCzarny | :) | 15:20 |
| KotCzarny | s/hand/handy/ | 15:20 |
| bencoh | The server hosting my sdk vm is currently down | 15:21 |
| KotCzarny | hmm | 15:21 |
| bencoh | It's the one hosting maemo.muarf.org by the way | 15:21 |
| KotCzarny | i might provide a mirror if you want | 15:21 |
| bencoh | I need to setup a replacement (I have a mirror stored on another server) | 15:22 |
| KotCzarny | offtopic, flop of the month: https://mobile.twitter.com/mohammadaskar2/status/1301263551638761477 | 15:32 |
| *** CcxWrk has quit IRC | 15:43 | |
| *** CcxWrk has joined #maemo | 15:48 | |
| *** florian_kc has joined #maemo | 15:58 | |
| *** jskarvad has quit IRC | 16:06 | |
| *** CcxWrk has quit IRC | 16:25 | |
| *** CcxWrk has joined #maemo | 16:31 | |
| *** Oksana_ is now known as Oksana | 16:40 | |
| *** peetah has quit IRC | 17:14 | |
| *** peetah has joined #maemo | 17:17 | |
| *** peetah has quit IRC | 17:27 | |
| *** peetah has joined #maemo | 17:32 | |
| *** Maxdamantus has quit IRC | 18:17 | |
| *** Maxdamantus has joined #maemo | 18:19 | |
| *** florian_kc has quit IRC | 18:33 | |
| *** ahjolinna has quit IRC | 18:41 | |
| *** ahjolinna has joined #maemo | 18:43 | |
| *** florian has quit IRC | 18:46 | |
| *** inky has quit IRC | 19:06 | |
| *** norayr has joined #maemo | 19:21 | |
| *** norayr is now known as inky | 19:45 | |
| *** untakenstupidnic has quit IRC | 20:23 | |
| *** Pali has quit IRC | 20:42 | |
| *** valerius has quit IRC | 21:44 | |
| *** valerius has joined #maemo | 21:45 | |
| *** florian_kc has joined #maemo | 23:05 | |
| *** inky has quit IRC | 23:08 | |
| freemangordon | hmm, maemo.org down? | 23:10 |
| KotCzarny | seems so | 23:11 |
| KotCzarny | but only www. | 23:11 |
| freemangordon | yeah | 23:11 |
| freemangordon | I can ssh to the machine, weird | 23:12 |
| warfare | apache crashed. Just needed a restart | 23:15 |
| freemangordon | thanks! | 23:16 |
| KotCzarny | exploiting in progress? | 23:16 |
| warfare | Nah, just midgard acting up and eating all memory. | 23:16 |
| warfare | Happens from time to time. | 23:16 |
| KotCzarny | ah, good ol' oom | 23:16 |
| *** norayr has joined #maemo | 23:29 | |
| *** untakenstupidnic has joined #maemo | 23:36 | |
| untakenstupidnic | KotCzarny: sdk chroot works but it's openssl doesn't look new | 23:36 |
| untakenstupidnic | since i think Maxdamantus' gist required new ssl | 23:38 |
| KotCzarny | since you have sdk now, you can try compiling ssl too, and compiling that gist statically against new ssl | 23:39 |
| untakenstupidnic | do you think it's feasible to try pkgsrc on it? | 23:40 |
| KotCzarny | what's a pgksrc? | 23:40 |
| untakenstupidnic | pkgsrc.org | 23:40 |
| KotCzarny | never used, so i cant comment | 23:41 |
Generated by irclog2html.py 2.15.1 by Marius Gedminas - find it at mg.pov.lt!