IRC log of #maemo-ssu for Sunday, 2011-09-18

*** Estel_ has joined #maemo-ssu00:00
*** M4rtinK has joined #maemo-ssu01:05
*** tomreyn_ has joined #maemo-ssu01:22
*** tomreyn has quit IRC01:26
*** tomreyn_ is now known as tomreyn01:29
freemangordonMohammadAG ping01:43
freemangordonJaffa, merlin1991, Stskeeps, X-Fade, Sc0rpius (sorry if mising someone) ping. Someone can help on TMO botnet attack?02:19
*** wmarone has joined #maemo-ssu02:19
tomreynfreemangordon: if you also need some hints on narrowing the attack surface, i'll be happy to help02:24
freemangordonThanks, but I am noone on TMO, just an ordinary user.02:25
tomreynso how do you know there's a botnet attack going on?02:26
freemangordonWhat? http://talk.maemo.org02:26
tomreynoh you're referring to spambots02:27
freemangordonok, sorry, my fault, incorrect term.02:27
tomreynthat's fine :-)02:28
freemangordon:) i think I am already famous with my great English02:29
tomreynthat's a WONTFIX for me, too02:33
arceanyeah, fixed in harmattan ;)02:33
*** M4rtinK has quit IRC02:36
freemangordonarcean hi02:37
arceanfreemangordon: hi02:37
arceanit's a nightmare what's going on tmo02:37
freemangordonyep. TBH I just don't get it, there must be someone who is administering this site. Someone who is paid to do it.02:41
freemangordonOr maybe not.02:41
arceanmaybe bergie or X-Fade02:43
freemangordonbergie?02:47
Estel_Reggie AFAIK02:47
Estel_as I've said on TMO; joys for forum hosted and maintained byh someone (even when respected) out of community/council control02:47
Estel_I dont know why we even use vBulletin (closed source, sic!)02:48
*** MNZ has joined #maemo-ssu02:48
Estel_I wonder how hard it would be to migrate to SFM or even goddamnit phpbb02:48
Estel_anyway, please voted for freemangordon's bug here:  https://bugs.maemo.org/show_bug.cgi?id=1242502:49
povbotBug 12425: talk.maemo.org is vulnerable to botnet attack02:49
arceanNokia support is only for "kepping things running"02:49
freemangordonIt is not nokia AFAIK02:49
arceanso migrating is probably a no-go02:50
Estel_it is non-nokia hosted02:50
freemangordonit is a third party02:50
arceanyep, but Nokia is paying for it02:50
Estel_Reggie swapped ITT to TMO02:50
Estel_You know what? IMO forum is such low cost, that we can start paying for it the day after tommorow02:50
Estel_it's really sad that such a key part of infrastructure is hosted by someone out of Community (via Council) control, just payed by Nokia02:51
Estel_I don't want to say "I've predicted it", but few weeks/months ago I expressed my feelings about that02:52
Estel_anyway, why we talk about tmo in CSSU channel? should we swap to #maemo ?02:52
freemangordonyep02:52
freemangordonseems reasonable02:53
*** Estel_ has quit IRC02:59
*** Estel_ has joined #maemo-ssu03:03
arceantime to get some sleep03:09
arceannight guys!03:09
*** arcean is now known as arcean_03:09
*** wmarone has quit IRC04:07
*** Estel_ has quit IRC04:35
*** MNZ has quit IRC04:46
*** Milhouse has quit IRC05:05
*** Milhouse has joined #maemo-ssu05:08
*** Atarii has quit IRC05:25
*** ZogG has quit IRC05:32
*** ZogG has joined #maemo-ssu05:32
*** amiconn has quit IRC05:48
*** amiconn_ has joined #maemo-ssu05:48
*** amiconn_ is now known as amiconn05:49
*** DocScrutinizer has quit IRC06:08
*** DocScrutinizer has joined #maemo-ssu06:08
*** nox- has quit IRC07:12
Stskeepsfreemangordon: can't do anything about tmo07:57
*** psycho_oreos has quit IRC08:39
*** psycho_oreos has joined #maemo-ssu08:41
*** Sc0rpius has quit IRC10:59
*** Atarii has joined #maemo-ssu11:33
*** Atarii has joined #maemo-ssu11:33
merlin1991probably the prefix11:42
freemangordonStskeeps, anyway thanks, for now the attack seems to have ceased11:45
merlin1991ffs, somehow my search term ended up in the text line :D11:46
merlin1991never hit enter before checking twice11:46
*** phoenix__| has joined #maemo-ssu12:03
*** scoobertron has joined #maemo-ssu12:05
amiconnEspecially when entering passwords...12:10
*** Atarii has quit IRC12:33
*** Atarii has joined #maemo-ssu13:02
*** arcean has joined #maemo-ssu13:23
*** Atarii has quit IRC13:24
*** mase76 has joined #maemo-ssu13:37
*** ruskie has joined #maemo-ssu14:42
tomreynare there any efforts to keep the software for N900 patched against known security issues?15:12
tomreyni guess the situation in this respect is currently probably still a tid little better than it is for android devices which do not run the latest version, but really just slightly, but it's not going to be any better in the longer run...15:19
merlin1991tomreyn: cssu is meant to patch the system15:24
merlin1991so obviously we'll try to patch known secruity issues15:24
merlin1991*security*15:24
tomreynmerlin1991: so do you have a process in place to track security announcements? or is this more on a cse by case basis currently?15:28
tomreyn*case15:28
tomreyni mean security announcements/advisories15:29
merlin1991it's more of a someone points out something and either provides the patch himself or someone picks it up15:29
merlin1991and if it doesn't break things but fix things it gets included15:29
merlin1991but we do not have the "manpower" to actively track security announcements for all components15:29
tomreynyes, that's what i assumed. how many active maintainers are there, who respond to bugs etc, can you make a guess?15:30
merlin1991tbh it's a luck game with most packages15:30
merlin1991everything system related that was initally provided by nokia has the chance to be picked up by cssu15:31
merlin1991the packages in maemo extras are another story15:31
psycho_oreosI'm guessing less than a handful of developers are part of the CSSU team15:31
merlin1991there you have to find the maintainer and get him todo somehting15:31
merlin1991tomreyn: if you happen to know any security issues in the components here: https://gitorious.org/community-ssu (they are already in cssu) it's just a matter of poniting out the patch to get a fix included15:33
*** arcean_ has joined #maemo-ssu15:36
*** arcean has quit IRC15:36
tomreynmerlin1991: thanks. do you think it would make sense to setup something like a security tracker which maps advisories to packages, and informs package maintainers (and the world) that their current version has known vulnerabilities?15:37
tomreynor would this rather be annoying at this point. it could be with opt-out or something...15:38
*** obsv has joined #maemo-ssu15:40
tomreyni know this can't be a fully automatic process but it can be mostly, you need to map the osvdb.org data to the packages, then either have a security team or the package maintainer decide whether they think this applies to this package (and whether they think it's worth fixing it).15:40
merlin1991in theory it makes sense, but we're just a hand full of people doing this mostly for fun, so I fear it's a lil overkill15:41
tomreynokay, thanks for your assessment.15:42
tomreynwhen i run apt-get dist-upgrade, it wants to upgrade libsdl-mixer1.2, and install a few new packages, but would remove 369 other packages. i guess that's not what i want. ;-) any idea why this would be? I have these repositories: extras, extras-testing, community testing, fremantle tools.16:12
merlin19912 things16:15
merlin1991extras-testing is a superset of extras so you can disable extras16:16
merlin1991 and apt is broken somehow on the n90016:16
merlin1991autoremove and dist-upgrade go mental16:16
MohammadAGlibsdl package has to be removed16:17
*** Pali has joined #maemo-ssu16:18
tomreynokay, i disabled extras, removed the ovi (frmantle 1.2) repository, but i still get the warning about missing GPG key ADB4438160A655EF for https://downloads.maemo.nokia.com16:25
merlin1991got that warning too16:25
tomreynoh so you just live with this? and the application installer makes apt ignore the warning?16:26
merlin1991yea16:26
tomreynouch16:26
MohammadAGumm16:26
MohammadAGit's a warning16:26
tomreynwell, no, its an error16:26
MohammadAGapt doesn't even bother with it16:27
MohammadAGno, it's a warning16:27
MohammadAGW: stands for warning, E: for error16:27
merlin1991MohammadAG: warning can mean anything from minor issue to worlds gonna end problem :D16:27
tomreynhmm right, it's ultimatively a warning16:27
tomreynbut yes, you shouldn't normally ignore this error16:27
MohammadAGgiven that it affects all devices, contact Nokia about it16:27
tomreynsince it cn mean you'R ebing man.in.the.middle'd16:27
tomreynsince it can mean you're being man-in-the-middle'd16:28
tomreynsorry... my spelling16:28
tomreyni got the point16:28
merlin1991my personal fav regarding apt:16:29
merlin1991W: Conflicting distribution: http://repository.maemo.org fremantle-1.3 Release (expected fremantle-1.3 but got )16:29
merlin1991W: You may want to run apt-get update to correct these problems16:29
tomreynright, getting nothing sucks ;)16:29
freemangordonMohammadAG ping17:04
MohammadAGfreemangordon, pong17:06
freemangordonhi17:06
MohammadAGheya17:06
freemangordonSeems like a critical mass of commits and MRs on gitorious, time for a new update?17:06
MohammadAGwhich ones?17:07
freemangordonlots of, two camera-ui bugs fixed, Qt diginotar fixed, Qt segfault for vlc-remote fixed.17:07
freemangordonMODEST17:07
freemangordonfixed17:08
freemangordonseems like modes to longer crashes17:08
*** psycho_oreos has quit IRC17:12
freemangordonhttps://www.gitorious.org/community-ssu/qt-x11-maemo/merge_requests/3 https://www.gitorious.org/community-ssu/modest/merge_requests/1217:13
freemangordonhttps://www.gitorious.org/community-ssu/tinymail/commit/a1c18ef15f5e7abc5bedae93e77a1605fbf3c52e17:13
freemangordonhttps://www.gitorious.org/community-ssu/camera-ui/commit/dc96ee0d5e7bfcf1922099b1872317838a35a04017:14
*** scoobertron has quit IRC17:36
*** tomreyn has quit IRC18:21
*** Pali has quit IRC19:25
*** onen|openBmap has joined #maemo-ssu19:53
*** mase76 has quit IRC20:05
*** lbt has joined #maemo-ssu20:12
*** obsv has left #maemo-ssu20:13
*** eichi has joined #maemo-ssu20:14
*** mase76 has joined #maemo-ssu20:18
*** eichi has left #maemo-ssu20:24
*** lbt has left #maemo-ssu20:31
*** Sc0rpius has joined #maemo-ssu20:38
*** mase76 has quit IRC20:44
*** mase76 has joined #maemo-ssu20:47
*** mase76 has quit IRC22:00
*** m0use has quit IRC22:14
*** m0use has joined #maemo-ssu22:36
*** wmarone has joined #maemo-ssu22:48
*** scoobertron has joined #maemo-ssu23:05
*** Atarii has joined #maemo-ssu23:17
*** Atarii has joined #maemo-ssu23:17
*** Atarii has quit IRC23:26
*** mase76 has joined #maemo-ssu23:44
*** nox- has joined #maemo-ssu23:59
*** nox- has quit IRC23:59
*** nox- has joined #maemo-ssu23:59

Generated by irclog2html.py 2.15.1 by Marius Gedminas - find it at mg.pov.lt!