*** Estel_ has joined #maemo-ssu | 00:00 | |
*** M4rtinK has joined #maemo-ssu | 01:05 | |
*** tomreyn_ has joined #maemo-ssu | 01:22 | |
*** tomreyn has quit IRC | 01:26 | |
*** tomreyn_ is now known as tomreyn | 01:29 | |
freemangordon | MohammadAG ping | 01:43 |
---|---|---|
freemangordon | Jaffa, merlin1991, Stskeeps, X-Fade, Sc0rpius (sorry if mising someone) ping. Someone can help on TMO botnet attack? | 02:19 |
*** wmarone has joined #maemo-ssu | 02:19 | |
tomreyn | freemangordon: if you also need some hints on narrowing the attack surface, i'll be happy to help | 02:24 |
freemangordon | Thanks, but I am noone on TMO, just an ordinary user. | 02:25 |
tomreyn | so how do you know there's a botnet attack going on? | 02:26 |
freemangordon | What? http://talk.maemo.org | 02:26 |
tomreyn | oh you're referring to spambots | 02:27 |
freemangordon | ok, sorry, my fault, incorrect term. | 02:27 |
tomreyn | that's fine :-) | 02:28 |
freemangordon | :) i think I am already famous with my great English | 02:29 |
tomreyn | that's a WONTFIX for me, too | 02:33 |
arcean | yeah, fixed in harmattan ;) | 02:33 |
*** M4rtinK has quit IRC | 02:36 | |
freemangordon | arcean hi | 02:37 |
arcean | freemangordon: hi | 02:37 |
arcean | it's a nightmare what's going on tmo | 02:37 |
freemangordon | yep. TBH I just don't get it, there must be someone who is administering this site. Someone who is paid to do it. | 02:41 |
freemangordon | Or maybe not. | 02:41 |
arcean | maybe bergie or X-Fade | 02:43 |
freemangordon | bergie? | 02:47 |
Estel_ | Reggie AFAIK | 02:47 |
Estel_ | as I've said on TMO; joys for forum hosted and maintained byh someone (even when respected) out of community/council control | 02:47 |
Estel_ | I dont know why we even use vBulletin (closed source, sic!) | 02:48 |
*** MNZ has joined #maemo-ssu | 02:48 | |
Estel_ | I wonder how hard it would be to migrate to SFM or even goddamnit phpbb | 02:48 |
Estel_ | anyway, please voted for freemangordon's bug here: https://bugs.maemo.org/show_bug.cgi?id=12425 | 02:49 |
povbot | Bug 12425: talk.maemo.org is vulnerable to botnet attack | 02:49 |
arcean | Nokia support is only for "kepping things running" | 02:49 |
freemangordon | It is not nokia AFAIK | 02:49 |
arcean | so migrating is probably a no-go | 02:50 |
Estel_ | it is non-nokia hosted | 02:50 |
freemangordon | it is a third party | 02:50 |
arcean | yep, but Nokia is paying for it | 02:50 |
Estel_ | Reggie swapped ITT to TMO | 02:50 |
Estel_ | You know what? IMO forum is such low cost, that we can start paying for it the day after tommorow | 02:50 |
Estel_ | it's really sad that such a key part of infrastructure is hosted by someone out of Community (via Council) control, just payed by Nokia | 02:51 |
Estel_ | I don't want to say "I've predicted it", but few weeks/months ago I expressed my feelings about that | 02:52 |
Estel_ | anyway, why we talk about tmo in CSSU channel? should we swap to #maemo ? | 02:52 |
freemangordon | yep | 02:52 |
freemangordon | seems reasonable | 02:53 |
*** Estel_ has quit IRC | 02:59 | |
*** Estel_ has joined #maemo-ssu | 03:03 | |
arcean | time to get some sleep | 03:09 |
arcean | night guys! | 03:09 |
*** arcean is now known as arcean_ | 03:09 | |
*** wmarone has quit IRC | 04:07 | |
*** Estel_ has quit IRC | 04:35 | |
*** MNZ has quit IRC | 04:46 | |
*** Milhouse has quit IRC | 05:05 | |
*** Milhouse has joined #maemo-ssu | 05:08 | |
*** Atarii has quit IRC | 05:25 | |
*** ZogG has quit IRC | 05:32 | |
*** ZogG has joined #maemo-ssu | 05:32 | |
*** amiconn has quit IRC | 05:48 | |
*** amiconn_ has joined #maemo-ssu | 05:48 | |
*** amiconn_ is now known as amiconn | 05:49 | |
*** DocScrutinizer has quit IRC | 06:08 | |
*** DocScrutinizer has joined #maemo-ssu | 06:08 | |
*** nox- has quit IRC | 07:12 | |
Stskeeps | freemangordon: can't do anything about tmo | 07:57 |
*** psycho_oreos has quit IRC | 08:39 | |
*** psycho_oreos has joined #maemo-ssu | 08:41 | |
*** Sc0rpius has quit IRC | 10:59 | |
*** Atarii has joined #maemo-ssu | 11:33 | |
*** Atarii has joined #maemo-ssu | 11:33 | |
merlin1991 | probably the prefix | 11:42 |
freemangordon | Stskeeps, anyway thanks, for now the attack seems to have ceased | 11:45 |
merlin1991 | ffs, somehow my search term ended up in the text line :D | 11:46 |
merlin1991 | never hit enter before checking twice | 11:46 |
*** phoenix__| has joined #maemo-ssu | 12:03 | |
*** scoobertron has joined #maemo-ssu | 12:05 | |
amiconn | Especially when entering passwords... | 12:10 |
*** Atarii has quit IRC | 12:33 | |
*** Atarii has joined #maemo-ssu | 13:02 | |
*** arcean has joined #maemo-ssu | 13:23 | |
*** Atarii has quit IRC | 13:24 | |
*** mase76 has joined #maemo-ssu | 13:37 | |
*** ruskie has joined #maemo-ssu | 14:42 | |
tomreyn | are there any efforts to keep the software for N900 patched against known security issues? | 15:12 |
tomreyn | i guess the situation in this respect is currently probably still a tid little better than it is for android devices which do not run the latest version, but really just slightly, but it's not going to be any better in the longer run... | 15:19 |
merlin1991 | tomreyn: cssu is meant to patch the system | 15:24 |
merlin1991 | so obviously we'll try to patch known secruity issues | 15:24 |
merlin1991 | *security* | 15:24 |
tomreyn | merlin1991: so do you have a process in place to track security announcements? or is this more on a cse by case basis currently? | 15:28 |
tomreyn | *case | 15:28 |
tomreyn | i mean security announcements/advisories | 15:29 |
merlin1991 | it's more of a someone points out something and either provides the patch himself or someone picks it up | 15:29 |
merlin1991 | and if it doesn't break things but fix things it gets included | 15:29 |
merlin1991 | but we do not have the "manpower" to actively track security announcements for all components | 15:29 |
tomreyn | yes, that's what i assumed. how many active maintainers are there, who respond to bugs etc, can you make a guess? | 15:30 |
merlin1991 | tbh it's a luck game with most packages | 15:30 |
merlin1991 | everything system related that was initally provided by nokia has the chance to be picked up by cssu | 15:31 |
merlin1991 | the packages in maemo extras are another story | 15:31 |
psycho_oreos | I'm guessing less than a handful of developers are part of the CSSU team | 15:31 |
merlin1991 | there you have to find the maintainer and get him todo somehting | 15:31 |
merlin1991 | tomreyn: if you happen to know any security issues in the components here: https://gitorious.org/community-ssu (they are already in cssu) it's just a matter of poniting out the patch to get a fix included | 15:33 |
*** arcean_ has joined #maemo-ssu | 15:36 | |
*** arcean has quit IRC | 15:36 | |
tomreyn | merlin1991: thanks. do you think it would make sense to setup something like a security tracker which maps advisories to packages, and informs package maintainers (and the world) that their current version has known vulnerabilities? | 15:37 |
tomreyn | or would this rather be annoying at this point. it could be with opt-out or something... | 15:38 |
*** obsv has joined #maemo-ssu | 15:40 | |
tomreyn | i know this can't be a fully automatic process but it can be mostly, you need to map the osvdb.org data to the packages, then either have a security team or the package maintainer decide whether they think this applies to this package (and whether they think it's worth fixing it). | 15:40 |
merlin1991 | in theory it makes sense, but we're just a hand full of people doing this mostly for fun, so I fear it's a lil overkill | 15:41 |
tomreyn | okay, thanks for your assessment. | 15:42 |
tomreyn | when i run apt-get dist-upgrade, it wants to upgrade libsdl-mixer1.2, and install a few new packages, but would remove 369 other packages. i guess that's not what i want. ;-) any idea why this would be? I have these repositories: extras, extras-testing, community testing, fremantle tools. | 16:12 |
merlin1991 | 2 things | 16:15 |
merlin1991 | extras-testing is a superset of extras so you can disable extras | 16:16 |
merlin1991 | and apt is broken somehow on the n900 | 16:16 |
merlin1991 | autoremove and dist-upgrade go mental | 16:16 |
MohammadAG | libsdl package has to be removed | 16:17 |
*** Pali has joined #maemo-ssu | 16:18 | |
tomreyn | okay, i disabled extras, removed the ovi (frmantle 1.2) repository, but i still get the warning about missing GPG key ADB4438160A655EF for https://downloads.maemo.nokia.com | 16:25 |
merlin1991 | got that warning too | 16:25 |
tomreyn | oh so you just live with this? and the application installer makes apt ignore the warning? | 16:26 |
merlin1991 | yea | 16:26 |
tomreyn | ouch | 16:26 |
MohammadAG | umm | 16:26 |
MohammadAG | it's a warning | 16:26 |
tomreyn | well, no, its an error | 16:26 |
MohammadAG | apt doesn't even bother with it | 16:27 |
MohammadAG | no, it's a warning | 16:27 |
MohammadAG | W: stands for warning, E: for error | 16:27 |
merlin1991 | MohammadAG: warning can mean anything from minor issue to worlds gonna end problem :D | 16:27 |
tomreyn | hmm right, it's ultimatively a warning | 16:27 |
tomreyn | but yes, you shouldn't normally ignore this error | 16:27 |
MohammadAG | given that it affects all devices, contact Nokia about it | 16:27 |
tomreyn | since it cn mean you'R ebing man.in.the.middle'd | 16:27 |
tomreyn | since it can mean you're being man-in-the-middle'd | 16:28 |
tomreyn | sorry... my spelling | 16:28 |
tomreyn | i got the point | 16:28 |
merlin1991 | my personal fav regarding apt: | 16:29 |
merlin1991 | W: Conflicting distribution: http://repository.maemo.org fremantle-1.3 Release (expected fremantle-1.3 but got ) | 16:29 |
merlin1991 | W: You may want to run apt-get update to correct these problems | 16:29 |
tomreyn | right, getting nothing sucks ;) | 16:29 |
freemangordon | MohammadAG ping | 17:04 |
MohammadAG | freemangordon, pong | 17:06 |
freemangordon | hi | 17:06 |
MohammadAG | heya | 17:06 |
freemangordon | Seems like a critical mass of commits and MRs on gitorious, time for a new update? | 17:06 |
MohammadAG | which ones? | 17:07 |
freemangordon | lots of, two camera-ui bugs fixed, Qt diginotar fixed, Qt segfault for vlc-remote fixed. | 17:07 |
freemangordon | MODEST | 17:07 |
freemangordon | fixed | 17:08 |
freemangordon | seems like modes to longer crashes | 17:08 |
*** psycho_oreos has quit IRC | 17:12 | |
freemangordon | https://www.gitorious.org/community-ssu/qt-x11-maemo/merge_requests/3 https://www.gitorious.org/community-ssu/modest/merge_requests/12 | 17:13 |
freemangordon | https://www.gitorious.org/community-ssu/tinymail/commit/a1c18ef15f5e7abc5bedae93e77a1605fbf3c52e | 17:13 |
freemangordon | https://www.gitorious.org/community-ssu/camera-ui/commit/dc96ee0d5e7bfcf1922099b1872317838a35a040 | 17:14 |
*** scoobertron has quit IRC | 17:36 | |
*** tomreyn has quit IRC | 18:21 | |
*** Pali has quit IRC | 19:25 | |
*** onen|openBmap has joined #maemo-ssu | 19:53 | |
*** mase76 has quit IRC | 20:05 | |
*** lbt has joined #maemo-ssu | 20:12 | |
*** obsv has left #maemo-ssu | 20:13 | |
*** eichi has joined #maemo-ssu | 20:14 | |
*** mase76 has joined #maemo-ssu | 20:18 | |
*** eichi has left #maemo-ssu | 20:24 | |
*** lbt has left #maemo-ssu | 20:31 | |
*** Sc0rpius has joined #maemo-ssu | 20:38 | |
*** mase76 has quit IRC | 20:44 | |
*** mase76 has joined #maemo-ssu | 20:47 | |
*** mase76 has quit IRC | 22:00 | |
*** m0use has quit IRC | 22:14 | |
*** m0use has joined #maemo-ssu | 22:36 | |
*** wmarone has joined #maemo-ssu | 22:48 | |
*** scoobertron has joined #maemo-ssu | 23:05 | |
*** Atarii has joined #maemo-ssu | 23:17 | |
*** Atarii has joined #maemo-ssu | 23:17 | |
*** Atarii has quit IRC | 23:26 | |
*** mase76 has joined #maemo-ssu | 23:44 | |
*** nox- has joined #maemo-ssu | 23:59 | |
*** nox- has quit IRC | 23:59 | |
*** nox- has joined #maemo-ssu | 23:59 |
Generated by irclog2html.py 2.15.1 by Marius Gedminas - find it at mg.pov.lt!