IRC log of #maemo-ssu for Tuesday, 2015-01-06

*** arcean has quit IRC00:10
*** kolp has quit IRC00:53
*** _rd has quit IRC00:56
Palimerlin1991: on gitorious cssu are small fixes for upstart and ke-recv packages01:34
Paliboth fixes are for mouting FAT partitions (e.g. MyDocs)01:35
Paliproblem about mount-opts file (part of upstart source package) is described in cssu-t TMO thread01:36
Paliand fix for ke-recv package is just shell script fix (one line)01:36
Palineeds some testing and after that packages should be put into CSSU-T01:37
Palias some users have problem with read-only MyDocs01:37
*** nox- has joined #maemo-ssu01:51
*** nox- has quit IRC04:34
*** DrCode has quit IRC04:41
*** DrCode has joined #maemo-ssu04:43
*** LauRoman has quit IRC05:12
*** futpib has quit IRC05:39
*** sparetire_ has quit IRC07:31
*** kolp has joined #maemo-ssu09:14
*** _rd has joined #maemo-ssu09:28
*** anYc has quit IRC10:10
*** radekp has joined #maemo-ssu11:20
*** sunny_s has quit IRC11:22
*** arcean has joined #maemo-ssu11:23
*** xes has joined #maemo-ssu12:31
*** lizardo has joined #maemo-ssu13:02
*** lizardo is now known as lizardo_away13:17
*** lizardo_away is now known as lizardo13:33
*** futpib has joined #maemo-ssu15:43
*** NishanthMenon has joined #maemo-ssu15:44
*** anYc has joined #maemo-ssu16:38
*** LauRoman has joined #maemo-ssu16:43
*** lizardo is now known as lizardo_away16:49
*** anYc has quit IRC16:54
*** futpib has quit IRC17:08
*** sparetire_ has joined #maemo-ssu17:13
*** lizardo_away is now known as lizardo17:14
*** anYc has joined #maemo-ssu17:34
*** _rd has quit IRC17:48
*** anYc has quit IRC17:50
*** sec has joined #maemo-ssu18:17
*** radekp has quit IRC18:33
*** dhbiker has joined #maemo-ssu18:59
freemangordonkerio: bb-power is in the repo19:27
kerioyay19:30
*** _rd has joined #maemo-ssu19:37
*** dhbiker has quit IRC19:41
*** anYc has joined #maemo-ssu19:47
kerioah shieeeeet20:39
keriothere's so many upgrades20:39
kerioupstart and system-services20:39
keriofrom community-devel20:39
kerioPali: do i yolo upgrade20:41
Paliit could fix problem reported on tmo20:41
Paliproblem: etc default mount-opts was not updated with new version of package20:42
kerioi have my own fstab20:42
keriowhatever, YOLO20:45
keriowhat's new in upstart?20:45
secThumb or normal as well?20:53
kerioholy shit my PowerOff ledd pattern is so fancy20:54
kerio*led20:55
seckerio: Is this on thumb or normal as well?20:55
keriothumb20:55
kerioi'm missing like two packages from -devel20:55
secAw, alright20:55
keriowhy?20:56
secI am not on thumb20:57
sec:/20:57
keriosucks to be you20:57
secThe last time I installed thumb, it seemed slower than normal20:58
kerioalright, i'm at community-devel minus calendar-backend,libhildon1,telepathy-gabble21:00
Palikerio: in upstart nothing, only in system-services... but system-services package is part of upstart source21:01
*** futpib has joined #maemo-ssu21:02
*** DrCode has quit IRC21:02
Palianyway I have some problems with LED too21:02
Paliit does not work until I restart mce...21:02
Palifreemangordon: ^^^^21:02
Paliany idea?21:02
Paliproblem is there after reboot or power on again21:03
Palistop mce && start mce fix it21:03
*** DrCode has joined #maemo-ssu21:07
*** sec has quit IRC21:20
*** LauRoman|Alt has joined #maemo-ssu21:54
*** sec has joined #maemo-ssu22:01
*** LauRoman has quit IRC22:17
*** LauRoman|Alt has quit IRC22:18
*** dhbiker has joined #maemo-ssu22:38
keriofreemangordon et al.: is there a good reason our libssl isn't upgraded?22:39
*** dhbiker has quit IRC22:47
Palikerio: yes, manpower22:53
Palineed to test if API/ABI was changed22:53
Palior backport patches22:54
Palinobody has time for it22:54
kerioholy fucking shit we're on 0.9.8n and the current 0.9.8 is 0.9.8zc22:55
keriohow fucking sad does your release schedule have to be to reach 28 patch releases22:55
kerio29, actually22:55
keriothere was a plain 0.9.822:55
kerioTWENTY22:56
kerioFUCKING22:56
kerioNINE22:56
keriowell, if https://gitorious.org/community-ssu/openssl is the repo, we're currently vulnerable to POODLE22:57
kerionot sure if that's server or client, tho22:58
secBoth I think depending on the application using libssl23:02
keriowe should upgrade to 0.9.8zc23:02
kerioi wonder if the debian one would work23:02
secIt's not easy I think, there will be dependencies where the older libraries are required and can not be replaced23:03
Pali~ping23:04
infobot~pong23:04
Palikerio: problem is that openssl does not have stable ABI23:04
keriowe're on 0.9.823:05
kerioupgrading to 0.9.8 will not require any other change23:05
keriolike, the latest 0.9.823:05
Palieven 0.9.8 do not have to have stable ABI23:05
kerio...but it's literally the same .so file23:05
Palikerio: do tests and prepare new update23:06
kerioif it's not abi-compatible, they fucked up23:06
Paliopenssl is not ABI compatible23:06
sec^23:06
Palikerio: can you look into openssl patches and prepare new release?23:07
keriohold on i'm going to do something stupid first23:10
keriohow similar is fremantle to squeeze?23:10
kerioawww, needs too recent of a libc :(23:10
seckerio: Try Lenny23:11
bencohno, lenny is too young23:13
bencohtry etch&half23:13
secI was thinking the same23:13
keriois "arm" the same as "armel"?23:13
bencoh(actually it could work)23:13
secBut Etch's packages would be so far behind23:13
bencohkerio: arm usually is little-endian, so most of the time in this context yeah23:14
keriolenny's openssl is older than ours23:14
secHehe23:15
bencohkerio: yeah, but what about libc ? :)23:16
keriodo you guys think anything bad will happen if i add the current debian repos and upgrade?23:17
bencohPOODLE is a protocol issue, so clients and servers try not to be exposed23:17
keriolike, yolo upgrade23:17
bencohadd the current debian repo to what ? maemo ?23:17
kerioyes :323:18
bencohone way ticket to reflash23:18
bencohunless you want to manually revert23:18
bencoh(from a chroot)23:18
bencoh(in rescueos :p)23:18
keriofrom a chroot? :o23:19
secIt won't work kerio :P23:19
sixwheeledbeast^http://talk.maemo.org/showthread.php?t=9329623:19
bencohI dont understand why they decided to break 0.9.8 ABI after n23:20
bencohit sounds unreal23:20
secYou can avoid problems by configuring servers to reject SSL in its entirety and only use TLS23:20
keriohahahah did we really avoid heartbleed just by being too old23:20
keriosec: TLSv1 is also vulnerable23:21
keriowithout patching23:21
secHm, that could probably be configured too in some cases23:21
keriojust needs a patch23:21
kerioor you just go "fuck it" and only allow tls 1.223:21
secEven OpenSSH/Dropbear are super old23:21
kerio(and 1.1, but who the fuck supports 1.1 but not 1.2?)23:22
bencohgoing "fuck it" would just prevent a non-negligeable amount of customers from accessing your services :)23:23
bencoh(I tried, and I reverted back to keeping tlsv1)23:23
secAlso, I doubt many people run servers on N900s23:23
secDoes anyone have newer OpenSSH/Dropbear packages?23:24
bencohsec: 0.9.8n doesnt have tls1.223:24
secWhat ._.23:24
bencohI'm not even sure it has proper support for tls1.123:24
bencohwell, unless I'm mistaken23:24
keriothe cipher support is ass23:24
secWell we're screwed then aye23:24
bencohyeah ;)23:24
bencoh22:23 < bencoh> going "fuck it" would just prevent a non-negligeable amount of customers from accessing your services :)23:25
bencohI forgot to tell "including n900" ;)23:25
kerioxchat can't connect to my znc \_o_/23:25
*** lizardo has quit IRC23:25
bencohyay23:25
secLol23:25
kerioalthough it could be a configuration issue23:25
keriolike, on xchat side23:25
secAlso, it's only going to get worse with OpenSSL refactoring code and weeding out bugs now that they're getting funded. I am assuming this za will be xyz in another few months23:26
keriorofl23:26
keriono way23:26
bencoh:))23:26
kerioyou mean zza23:26
kerioxyz < za23:26
secThat doesn't sound right23:27
sechttp://talk.maemo.org/showpost.php?p=1428683&postcount=1323:27
bencohanyawy, what brought openssl here tonight ? :)23:28
Palimy happy new year message :D23:28
Palieh, no it was on #neo90023:28
Palinot here23:28
* sec waits for the day maemo sources are leaked somehow23:32
bencohhttp://upstream.rosalinux.ru/compat_reports/openssl/0.9.8o_to_0.9.8p/abi_compat_report.html23:32
bencohsec: we could still patch/revert ABI changes, but meh23:33
bencohlast time debian played with ssl ...23:33
secbencoh: http://talk.maemo.org/showpost.php?p=1430524&postcount=2123:33
secIs there a #openssl?23:34
bencohprolly23:34
sec   #  Topic for ##openssl: NEWS:  OpenSSL 0.9.8zc, 1.0.0.o and 1.0.1j released 15-October-2014 | security advisory =>23:34
secWhat did I say23:34
bencohsec: pure luck, considering http://upstream.rosalinux.ru/versions/openssl.html :]23:35
bencohI guess maemo/the software he has installed doesnt use the impacted symbols/structures23:36
bencohbut still .... "struct dtls1_bitmap_st (1) Size of this type has been changed from 44 bytes to 20 bytes."23:37
bencohand "struct dtls1_state_st (1)  Size of this type has been changed from 808 bytes to 760 bytes."23:37
secI don't know what to think of it. I don't want to believe it's pure luck at this point xD23:37
Palirevert those changes23:37
bencohI think it all comes from the changes in BIGNUM / PQ_64BIT23:39
bencohhmm, maybe this has no impact on arm (bignum on arm ... meh)23:40
secCan't wait for 10" phones and 4" tablets at CES this year23:43
secPali: http://talk.maemo.org/showthread.php?t=9442623:45
bencohsec: cant wait for qualcomm MSM stuff everywhere ? :>23:47
secxD23:47
secAlright, guys: #openssl says:23:47
sec             sec$ Hello, could anyone help out. I would like to know whether 0.9.8n and 0.9.8za are ABI compatible or not.23:47
sec      richmoore2$ they're supposed to be however there could be bugs. however you'd be mad to update to za rather than zb and in the23:47
sec                  event of problems you'd be mad not to solve them and go straight to 1.123:48
kerioLOL23:53
keriohold on, why zb and not zc23:54

Generated by irclog2html.py 2.15.1 by Marius Gedminas - find it at mg.pov.lt!