IRC log for #harmattan on 20110823

00:18.03*** join/#harmattan denism1 (~denism@nat/nokia/x-fxapglhrbefpbcuu)
00:19.37*** join/#harmattan captaini1loo (~Nico@lan31-4-82-227-130-131.fbx.proxad.net)
00:19.41*** join/#harmattan weggi__ (~vetapani@staff.oamk.fi)
00:19.42*** join/#harmattan thp_ (~thp@sulu.thp.io)
00:19.55*** join/#harmattan ajalkane_ (~arto@a88-115-213-7.elisa-laajakaista.fi)
00:20.40*** join/#harmattan Ronksu_ (~trongas@apostaasi.animavitae.fi)
00:27.37*** join/#harmattan Kypeli (kypeli@kapsi.fi)
00:33.26*** join/#harmattan eman (~lemmings@124-149-101-241.dyn.iinet.net.au)
00:42.40*** join/#harmattan BrettQ (~BrettQ@99-38-191-36.lightspeed.clmasc.sbcglobal.net)
00:42.59*** part/#harmattan eman (~lemmings@124-149-101-241.dyn.iinet.net.au)
01:01.02*** join/#harmattan vladest_ (~Vlad@185-73-132-95.pool.ukrtel.net)
01:22.01*** join/#harmattan lcuk2 (lcuk@cpc2-oldh7-0-0-cust702.10-1.cable.virginmedia.com)
01:31.31*** join/#harmattan eman (~eman@124-149-101-241.dyn.iinet.net.au)
01:57.28*** join/#harmattan djszapi__ (~lpapp@84-231-18-239.elisa-mobile.fi)
02:14.03*** join/#harmattan Arkenoi (~ark@178.177.67.166)
02:21.40*** join/#harmattan MohammadAG (~MohammadA@pool-72-89-152-214.nycmny.fios.verizon.net)
02:28.44*** join/#harmattan MohammadAG (~MohammadA@pool-72-89-152-214.nycmny.fios.verizon.net)
02:33.11*** join/#harmattan Mohammad- (~MohammadA@pool-72-89-152-214.nycmny.fios.verizon.net)
02:42.49*** part/#harmattan meegoexperts (~Adium@unaffiliated/meegoexperts)
02:56.02MohammadAGoh yay, lost my first guitar string
03:02.25*** join/#harmattan djszapi_ (~lpapp@84-231-18-239.elisa-mobile.fi)
03:04.49*** join/#harmattan rm_code (~adam@2001:470:b:488:21f:3bff:fe18:dd65)
03:50.09*** join/#harmattan crevetor (~antoine@modemcable210.76-70-69.static.videotron.ca)
04:30.54*** join/#harmattan DocScrutinizer (~halley@openmoko/engineers/joerg)
05:12.07*** join/#harmattan smoku1 (~spectrum@xkh0g2.infr.xiaoka.com)
05:23.51*** join/#harmattan GNUtonio (~Gnuclear@85-156-54-80.elisa-mobile.fi)
05:48.13*** join/#harmattan xarcass (~igorsazon@her.rian.ru)
05:51.22*** join/#harmattan spenap (~spena@nat/nokia/x-zknfvgailxxoigos)
06:06.25*** part/#harmattan smoku1 (~spectrum@xkh0g2.infr.xiaoka.com)
06:06.35*** join/#harmattan smoku1 (~spectrum@xkh0g2.infr.xiaoka.com)
06:29.55*** part/#harmattan smoku1 (~spectrum@xkh0g2.infr.xiaoka.com)
06:53.48*** join/#harmattan antman8969 (~anthony@pool-96-239-32-4.nycmny.fios.verizon.net)
06:56.50*** join/#harmattan harbaum (~quassel@2001:8d8:1fe:8:baac:6fff:fe2d:73a3)
07:05.30*** join/#harmattan Arkenoi (~ark@swsoft-msk-nat.sw.ru)
07:10.19*** join/#harmattan veskuh (~vesahart@nat/nokia/x-vatpveqoeipqiigh)
07:10.28*** part/#harmattan veskuh (~vesahart@nat/nokia/x-vatpveqoeipqiigh)
07:19.34*** join/#harmattan mikhas (~michael@85.183.48.167)
07:22.34*** join/#harmattan Stecchino (~bart@amarok/developer/Stecchino)
07:47.14*** join/#harmattan rcg (~rc@g230050251.adsl.alicedsl.de)
07:58.22*** join/#harmattan frinring (~kossebau@85.183.48.167)
08:03.34*** join/#harmattan leinir (~leinir@amarok/usability/leinir)
08:06.17*** join/#harmattan Sicelo (sicelo@unaffiliated/sicelo)
08:17.56*** join/#harmattan lardman (~simon@Maemo/community/contributor/lardman)
08:18.32lardmanmorning
08:20.24*** join/#harmattan Sicelo (sicelo@unaffiliated/sicelo)
08:23.55*** join/#harmattan vladest (~Vlad@195.238.92.177)
08:25.07*** join/#harmattan wazd (~wazd@broadband-95-84-185-178.nationalcablenetworks.ru)
08:27.34*** join/#harmattan djszapi (~lpapp@kde/developer/lpapp)
08:30.54*** join/#harmattan seif (~seiflotfy@ip-95-223-13-104.unitymediagroup.de)
08:31.02wazdhi all
08:31.34*** part/#harmattan Sicelo__ (qhubekela@unaffiliated/sicelo)
08:32.16djszapiNot sure who, but someone was asking a question related to requesting credentials for an install script. I told that he can request it to <for path="/var/lib/dpkg/info/mypackage.postinst" />, but I realized that it is a better way to do by using the context attribute for the installation/removal phrase.
08:34.16xarcassdjszapi: that was me, probably. but i've solved this problem long ago. and there's better way, it's in the documentation: <request context="INSTALL">
08:36.08xarcassdjszapi: oops, haven't read your whole sentence..
08:36.40djszapixarcass: yep, actually more people asked it. Do you understand why it is better way ?
08:36.59djszapior shall I document it more in the next SDK ?
08:37.01xarcassbtw, i haven't found a way to remove files without gaining root ownership first
08:37.37djszapixarcass: remove file in what context ? Do you have a scenario, please ?
08:38.05xarcassdjszapi: it would be helpful if there was full list of capabilities that can be requested on the same page. or a link
08:38.19djszapiWe did already few weeks ago.
08:38.54xarcassdjszapi: i use doc pages from SDK, they are not updated very frequently
08:39.04djszapibut there are 3 different matters, here. Could you please answer the first two first ?
08:39.19djszapixarcass: SDK is updated when there is a new release, not sync'd up daily.
08:39.25djszapisince till that, it is a moving target.
08:40.36xarcassdjszapi: scenario: i have directory which is created by app. there are directories and files in it, which are created also by an app. i wanted to remove this whole directory upon uninstall. i wasn't be able to do this because of permissions.
08:41.34djszapixarcass: right, as for me, I required dac_override, but I know you cannot do that. Will study it and come back to you.
08:41.51djszapixarcass: is the context clear for you why that is better ?
08:43.08kimjuI'd still like to see a platform documentation with list of all tokens in use in the system as released, what resources those are protecting and if there is limitations in use of those (ie. can a package not coming from official repository ask for those tokens).
08:43.13xarcassdjszapi: how i've solved this: i requested cap_chown in manifest, then i chown'ed all this directory contents, then i rm'ed this contents. so, now i have all files removed, but there's only empty directory in the home. I suppose, this is acceptable, but not exactly 'clear'. Not perfect, i'd say.
08:44.02djszapikimju: that has nothing to do with aegis, that is OVI question. I cannot answer anything about their documentation. We can maximum reference to them
08:44.35djszapixarcass: yes, that is rather hackish ;)
08:44.46kimjudjszapi, that is a harmattan platform question, not ovi store or anything.
08:44.56djszapikimju: you are wrong, that is OVI question
08:45.12kimjudefine ovi?
08:45.34djszapiie. can a package not coming from  official repository ask for those tokens -> this has nothing to do with aegis.
08:45.41djszapithe first part, I already answered, see above
08:46.35kimjuwhere?
08:46.45djszapi11:38 < djszapi> We did already few weeks ago.
08:47.49djszapiWe would not really like to confuse people with different stores and their consequences. We can only say that: use OVI. OVI needs to document it the further things since the origin thing happens there anyway.
08:47.56djszapistores -> sources.
08:48.37kimjuSorry, I don't understand what you are saying.
08:49.08djszapikimju: well, security provides a platform, right ?
08:49.34djszapiOVI uses the and decides the original policies and so forth, so it is up to really them how they use our platform, we cannot say what our users do.
08:52.15Arkenoitook a look at ovi store. almost impossible to find anything useful by browsing because it is full of useless bookmarks disguised as apps
08:52.56kimjudjszapi, so are you saying that I can't install .debs from anywhere else than ovi store?
08:53.32lardmancan I instantiate a QML component which is contained in a string?
08:53.42lardmans/contained/defined
08:54.34djszapikimju: no, I do not say
08:55.03djszapixarcass: the solution seems to be very simple for your case: just request UID::user credential for the install context
08:56.23djszapikimju: but that is obviously the lowest origin source in the OVI store "hiearchy", so it will be documented there.
08:56.49djszapiwith all the other levels, it is up to them. That is the target way Nokia tries to achieve anyway.
08:57.26kimjudjszapi, ok, so let me rephrase the question: If I package for example bash in obs (or scratchbox) and download the resulting deb into the device. can I install it? what if I ask for CAP::sys_module in manifest, can I still install it and get the capability token granted?
08:58.09djszapikimju: as said, read the OVI documentation.
08:58.26djszapiwe will publish a reference to that for sure from the security guide.
08:59.02elpurilardman: sure
08:59.25djszapikimju: Nokia does not care about c-obs, it cares about OVI store, that is
08:59.49*** join/#harmattan lcuk (lcuk@Maemo/community/contributor/lcuk)
08:59.53lardmanelpuri: I need to change a "widget" at runtime, and am not sure whether to supply a QDeclarativeWidget or some QML code from the C++ side; either way I'm not sure how to plumb it in
09:00.14lardmanlcuk: morning
09:00.22kimjuand I don't care about ovi store, I care what the software platform in the device allows me to do.
09:00.24xarcassdjszapi: i was afraid that UID::user in request might break something. I've tried CAP::fowner - without success, surprisingly
09:00.36djszapikimju: and, no you cannot obviosuly grant sys_module, that is against the whole architecture design from the page zero
09:01.02djszapixarcass: it does not break anything, that is the idea and design. Feel free to contact me if something breaks.
09:01.10elpurilardman: is this what you were looking for? http://doc.qt.nokia.com/4.7-snapshot/qdeclarativedynamicobjects.html#creating-an-object-from-a-string-of-qml
09:01.21djszapikimju: *sigh*
09:01.38xarcassdjszapi: thanks, i'll try
09:01.39djszapikimju: that is what Nokia pushes, period. Not sure why we still discuss it, if you do not accept what Nokia pushes, do not use it :D
09:01.40lardmanelpuri: looks promising, thanks :)
09:02.18djszapikimju: we will obviously not mix up the documentation in 1000 places as a separate snippets, just because of c-obs that is really no goal of nokia.
09:02.34djszapiactually, it is quite against the Nokia wishes.
09:03.19elpurilardman: look at the qml<->c++ models too
09:03.28elpuriusually models are the best choice
09:03.44kimjudjszapi, ok, what other tokens I can't request then? http://www.developer.nokia.com/Community/Wiki/Harmattan:Developer_Library/Developing_for_Harmattan/Harmattan_security/Security_guide#Requesting_POSIX_capabilities documents how to request them, but what I've been asking what the device allows you to request. I don't see how that is related to ovi, it's part of the software platform in the device.
09:04.19lcukmorning lardman \o
09:04.20lcukhey simon, there is an event happening at manchester university about content creation and usability/ux :)
09:04.20lcukis getting ticket
09:04.28lardmanelpuri: models as in database models?
09:04.34djszapikimju: ok, I told it to you more times, I stop it.
09:04.55dm8tbrdjszapi: are you referring to documentation currently available only under NDA?
09:04.56lardmanlcuk: I'm sat twiddling thumbs waiting for a baby still, only a week and a bit overdue now
09:05.19lcuklardman, :D fun
09:05.22djszapidm8tbr: yes, the documentation of the new release (which is a moving target) is obviously not out.
09:05.31lcuktracy was induced in the end
09:05.38lcukwell waters broke
09:05.46lardmanHolly is booked in, but there's time yet....
09:05.55lcukindeed
09:06.07dm8tbrdjszapi: please keep in mind that this channel has mostly people that did not sign an NDA with nokia and thus all discussion should be kept in mind that this is the baseline level.
09:06.31lcukdo we need to sign NDA to talk about pregnancy now?
09:07.03hiemanshulcuk: yes sir
09:07.06Ronksulcuk: not after the first three months :)
09:07.08lcuk:D
09:07.16hiemanshulcuk: its called the Pre-Delivery NDA, or the PDNDA :P
09:07.25djszapidm8tbr: not sure what the outcome is of your sentence. Should I explain more what I say because it is hard to understand for people here because it is too depth, or ?
09:07.27lcukfacepalms
09:08.09*** mode/#harmattan [+o dm8tbr] by ChanServ
09:08.13*** topic/#harmattan by dm8tbr -> A cozy little place for pure harmattan device and development discussions | No discussion that requires NDA please! | Developers check this: http://library.developer.nokia.com/ | http://wiki.meego.com/N950_landing_page | MeeGo N9(|50) CE on its way, MOSLO still missing, discuss in #meego-arm please | logs: http://mg.pov.lt/harmattan-irclog/
09:08.17hiemanshudjszapi: its just that most people dont have access to stuff you have, and so writing someone off is not a good idea
09:08.40djszapihiemanshu: what do you mean by writing someone off ?
09:08.56lardmanthat can be easily solved by uploading the relevant NDA'd docs of course ;)
09:09.00hiemanshudjszapi: <djszapi> kimju: ok, I told it to you more times, I stop it.
09:09.11djszapihiemanshu: what is wrong about that sentence ?
09:09.22hiemanshudjszapi: sounds very very rude
09:09.55djszapiI think that is the consequence of not accepting the platform and design. I cannot really say more than I said. Why should I continue ?
09:10.07dm8tbrdjszapi: to make this more clear for you: if you say something here. please make sure that you only asume that people have information that is not under NDA.
09:10.08djszapiit seems he did not accept the nokia decisions ? I cannot comment more on that.
09:10.40dm8tbrdjszapi: if you need clarification of how to separate such information please contact the relevant Nokia people to arrange a briefing.
09:10.50hiemanshudjszapi: well this isn't the only thing, you did the same to me yesterday as well
09:10.51Stskeepsif anyone is obviously breaching an NDA, be sure to report to corporate security
09:11.33kimjuI haven't said that I'm not accepting the platform or Nokia decisions. I'm just trying to understand what that platform allows me to do or not.
09:11.36djszapidm8tbr: I am not sure why you are telling it to me, I firmly believe I know better what I can say and not. I am the only one actually warned others about it when they told more (for instance the guy with new image flashing question here)
09:11.39Stskeepsreturns to his perl build
09:12.04lardmanis interested in a Perl build
09:12.14djszapikimju: but I told you so many times. It seems you do not accept it since you are still against that decision.
09:12.15kimjuI still think it's a valid question to ask what tokens can be requested by a package not coming from the official repositories.
09:12.19lardmanthough now I think about it, the app in question uses a GTK+ ui, which is not ideal
09:12.21dm8tbrwould be interested in bluetooth python bindings
09:12.33djszapikimju: and I already answered that how you can do that, numerous times.
09:12.38Stskeepswould like a pony
09:12.45lardmanlol
09:12.52dm8tbrStskeeps: for me one steak sandwich please!
09:13.01Stskeepsdm8tbr: damn you, now i have to go out for a steak sandwich
09:13.01djszapihiemanshu: I provided a feedback to make your software better, you started telling me, it is installed even if it was not.
09:13.04Stskeeps:P
09:13.10dm8tbrbut actually I should start consuming the sushi I made myself for lunch :D
09:13.12djszapihiemanshu: Not sure what I did wrong.
09:13.14lardmanonly £25?
09:13.23lardmanor did you mean a real one?
09:13.45djszapihiemanshu: I am really happy if a feedback comes into the picture in KDE projects I am involved in.
09:13.56lardmanstops with the slang and goes back to QML "goodness"
09:14.28hiemanshudjszapi: like I said, it works for everyone with an N950, and we cannot do anything until we have newer software
09:14.52djszapihiemanshu: that is fine, but I did not like that when you wanted to know better what I had installed and what not :)
09:15.14hiemanshudjszapi: if you file a buy, I will try to solve it :P
09:15.20djszapibuy lol :D
09:15.33hiemanshubug*
09:16.12lardmanDoes the email app work for anyone else? I seem to be unable to send mail, though I can receive it. Anyone know if there's any logging anywhere as the "Error occurred" message isn't overly enlightening?
09:16.27*** join/#harmattan artemm (~Adium@d85-194-229-245.cust.wlannet.com)
09:16.57maxwI see that too, fwiw
09:17.10lardmanok, glad it's not just me
09:17.28maxwI've not tried to solve the problem though.
09:17.42djszapihiemanshu: actually, you started me asking about this, and I even told you, sorry no because it is NDA :)
09:17.55maxwI had it in mind to remove and add the account again, to see if it made any difference.
09:18.27djszapiand, no I do not think I should report someone (for instance the last Qt guys while trying to ask NDA things here) for the first time. I do think we are mature enough to warn people in private.
09:18.55lardmanI've done lots of fiddling with account settings to no avail, I've also tried starting fenix from the command line, but it detached from the term and I've not checked whether it was a shell script or there's some options yet
09:19.20hiemanshudjszapi: like I said if you say you have a problem, I would want to know what it is, you went on to tell me I shouldn't write software using guess work and such
09:19.52lardmanThe other interesting problem I sometimes see if that the clock has missing digits; usually the 10s of the minutes
09:20.48djszapihiemanshu: I do not know what problem it is in fact since I do not have time to deal with the software, sorry. I am happy to help with any security issues though. :)
09:23.04xarcasslardman: i've seen the same thing. but only on the 'lock screen'
09:23.17hiemanshudjszapi: so whats the use of pointing out an error when you dont want a solution :P
09:23.29hiemanshudjszapi: which is what pissed me off yesterday
09:23.39djszapihiemanshu: to know whether it is a trivial issue and can be fixed easily or not.
09:23.55lardmanxarcass: when I see it on the lock screen and unlock it also appears on the "system tray" clock
09:24.23hiemanshudjszapi: its a trivial issue, it could be fixed easily if you could tell me just give me the output of the command I asked for, and you said that was under NDA
09:25.24*** join/#harmattan ajalkane_N950 (~ircchatte@ZYYYKMMMCCXXIII.gprs.sl-laajakaista.fi)
09:26.26djszapihiemanshu: trivial fix as in easy to fix without having a device.
09:27.10djszapi12:23 < hiemanshu> djszapi: so whats the use of pointing out an error when you dont want a solution :P
09:27.14djszapi12:23 < hiemanshu> djszapi: which is what pissed me off yesterday
09:27.26SpeedEvilThe app runs just fine on a n950 with the publically available image.
09:27.28djszapiit is not really, I do really want a solution and that is why I mentioned  to you. However NDA has higher priority than a leisure time irc client ;-)
09:27.44hiemanshudjszapi: NOTFIXING, WORKSFORME, EOF
09:28.29*** join/#harmattan rcg (~rc@fb2-pub-1.dv-nr.fh-frankfurt.de)
09:33.08sebashiemanshu: you can't really expect djszapi to break his contractual obligations I think
09:33.56hiemanshusebas: I am not expecting him to do that, a simple doesn't work for me, and I cannot help you without a issue because I have an NDA to follow would have been good enough
09:34.43sebasI understood djszapi as such
09:35.14sebasmaybe you should assume positive
09:35.49w00t_sebas: you might have missed the part of the conversation yesterday when he was telling hiemanshu to not write software by guesswork, etc :)
09:36.22sebasyep, I missed that part
09:36.40djszapiw00t_: What I meant with that, it possibly expect a hard coded option. Sorry for not being clear and it could be misunderstood
09:36.54djszapibut the problem seems to be that it expects a "guess" which is not working on this device.
09:37.50djszapiguess as in hard coded (either dependency missing, or hard coded path somewhere).
09:40.08hiemanshudjszapi: like I said, it worked perfectly for everyone who tested it on a N950, and I cannot *guess* what the N9 has and doesn't
09:41.03djszapiyep, exactly that is why it is important to mention every dependencies, not using hard coded paths, set the proper paths (either in the build system or somewhere else).
09:41.18sebasmaybe file a bug about this, then at least someone powerful enough can look at it and decide wether or not to give out this information, or fix it?
09:42.03hiemanshudjszapi: it is mentioned, and there is no hard coded paths
09:42.27hiemanshuwe have 'import com.meego.extras' which doesn't work for you
09:42.45hiemanshuits not a hard coded path, and its a part of the qt-components package, atleast on the N950
09:42.54Sputhmm. is there a way to execute a binary on the device using Madde, without having to package it as a .deb? I tried using the mad remote send which put the binary in developer's home directory, but I don't seem to be able to execute that neither using mad remote run nor directly on the shell
09:42.58dm8tbrhiemanshu: to briefly touch on your previous statement: actually most NDAs I've seen are worded that you are not even supposed to mention that you are bound by it. So a simple 'I'm sorry but I can't answer that' or simply not engaging in conversation that might bring up such a question are good strategies.
09:43.08SputI guess I have to add permissions somehow, but I have no idea how :)
09:43.26Sput"the device" being the N950
09:43.55djszapihiemanshu: yep, but it does not hurt to ask whether it is general issue about hard coding and can be fixed without device, I guess.
09:44.17hiemanshudjszapi: I said no, and you said 'dont write software using guess work'
09:44.45djszapireading back the log, it seems you realized it later, it is not hard coded.
09:45.00djszapiand you told it after I said whether there is any guess work.
09:45.04hiemanshuI know it is not hard coded, its a part of the qt-components package
09:45.25djszapiyep, but I did not know who never dealt with that package ;-)
09:47.41radiofreeis it com.meego.extras?
09:47.46radiofreenot com.nokia.extras?
09:48.08hiemanshuwe used com.meego.extras yes
09:48.39radiofreeinteresting
09:49.29hiemanshu<djszapi> hiemanshu: you should really not make a software with guess-works, seriously. <-- from the logs
09:50.10djszapiI still stick by, there is a guess work there, and I am sorry if it cannot be covered what exactly because of the NDA.
09:50.35ajalkane_N950com.meego.extras is wrong maybe, git has com.nokia.extras in examples
09:50.44djszapithat guess work ^
09:50.52radiofreeyes, for me qt-components is com.nokia.extras
09:52.02hiemanshuajalkane_N950: like I said the one we have on N950 works for us
09:53.24ajalkane_N950I know, I'm using it. But seems N9 has newer version with different import
09:54.23hiemanshuajalkane_N950: yeah, and my psychic power has gone for a toss to guess that
09:54.24ajalkane_N950I use extras too, I think the nokia one
09:55.55ajalkane_N950hiemanshu, I'm just guessing, not commenting on the argument between you and djszapi.
09:56.22hiemanshuajalkane_N950: no guess-work is welcome here
09:56.24hiemanshuruns
09:56.59hiemanshu---> $dayjob
09:57.52ajalkane_N950I like guessing.
09:58.25DocScrutinizerdjszapi: don't you think your way to put things is rather antagonizing? It's commonly perceived as rude and not exactly helpful. Please try to reconsider the way you participate in this channel. I suggest you also have a short glance at http://freenode.net/channel_guidelines.shtml just in case there might be some generic ideas about concepts I personally love to reread every once in a while
09:58.44ajalkane_N950Like, I once guessed lottery numbers. Exciting
09:59.32xarcassuses com.meego.extras all the time and it works on two N950 with different fw versions
10:01.10djszapiDocScrutinizer: mmm, I have never said such things that I heard here about aegis (mainly when it is just a lack of understanding, it does not make a good atmosphere, to say "fuck", "shit" aegis and others as so many people do from the beginning).
10:01.37DocScrutinizerdjszapi: and (if I didn't get this part wrong in speedreading backscroll) your claim you can't utter simple "com.meego.extras is wrong maybe, git has com.nokia.extras in examples" as you're under an NDA is mere ridiculous
10:02.22djszapiDocScrutinizer: I had no idea about this issue. I have been asked by providing outputs from the device.
10:03.46djszapiDocScrutinizer: imagine the situation from my point of view. I am trying to help the community to get into the aegis usage better, and I just read from hours to hours, "fuck aegis(TM)". What do you think I feel after 20-30 situations like that ?
10:04.15DocScrutinizerI don't want to go into doing actual statistics, but my perception of this channel is it's a lot of bitching about how we _say_ things most of the time, rather than a cooperative solving of problems
10:04.37*** join/#harmattan Kaadlajk (kylanpaj@mustakiuru.cs.tut.fi)
10:05.04djszapiDocScrutinizer: Yep, I think I answered all the aegis questions heretofore. I do not see any unresolved issue.
10:05.45djszapiThat is why it is a bit frustrating to me to read "fuck aegis(TM)" from the day first, when I try to help about it.
10:07.03hiemanshusets a timer, PM djszapi every 30 seconds with 'Aegis - It just *doesn't* work (TM)'
10:07.14DocScrutinizersorry about that, but that's the often rude harsh tone in FOSS community, and esp on IRC. Better just ignore it, or get a receive-regex substituting each "fuck aegis" to "I'm frustrated as I don't get this aegis thing right"
10:07.14xarcassdjszapi: btw, requesting UID::user don't work - permission denied. so i'll stick to CAP::chown & chown & rm solution for now
10:07.15djszapiSee ?
10:07.29hiemanshudjszapi: I being funny :P
10:07.32hiemanshuI am*
10:07.44fluxmaybe the community feels like they are being force-fed something they would rather have the option of opting out.
10:08.05djszapiDocScrutinizer: sure, it can be avoided 1-2 times, but not after reading it continously 20-30 times :(
10:08.34hiemanshudjszapi: thats your problem for having a very low threshold
10:08.48djszapiflux: but that is not the case, so we need to solve the problem, not thinking of that which is not the current situation.
10:08.54hiemanshuits 30 people now, if there were say 5k devs in here, it would be 300 times
10:09.06DocScrutinizerdjszapi: then I'm sorry to say I don't see any other way for you to keep your mental sanity than just leave this channel alone. A pity but probably the only way, as you won't change the wording here
10:09.59hiemanshuif you have a problem with 1, you speak to the chanops, if you have a problem with a million, you just leave :)
10:10.22DocScrutinizerdjszapi: nobody likes aegis, and there will always be devels that express this feeling in a XXX way
10:12.09mikhasI like AEGIS.
10:12.14djszapiMmm, leaving or a very strong vest, true.
10:12.15DocScrutinizerwe can tighten general rules about proper speech in IRC, to make everybody use "f*** aegis" instead of using XXX words. In the end it won't change anything, though I'd be willing to go into this tedious duty to enforce worksafe speech in this chan
10:12.19mikhasWithout it, you folks here wouldnt have anything to talk about.
10:12.39hiemanshumikhas: do you want to talk about your issues?
10:12.51hiemanshumikhas: I would offer a free health checkup
10:14.21djszapiDocScrutinizer: thing is that you cannot avoid the security nowadays, and that is really a good gesture. We implemented a very similar (almost the same from the third party developer pov) on meego, so you will not like it either.
10:14.28DocScrutinizermikhas: the problem as generally percieved is there's way too much talking about aegis, and be assured we had just enough to talk about when aegis would just vanish
10:14.54djszapiHowever I agree with you, I should put on a very strong vest or leave. That is really the two options.
10:16.43radiofreedjszapi: you've done the same to meego?!
10:16.45djszapixarcass: if the directory is owned by the user, it works. I tested it here.
10:17.06djszapiradiofree: from third party developer pov, it is almost the same, yes.
10:17.19Arkenoimikhas, you love aegis so much that you want to f**k it!
10:17.27*** join/#harmattan razvanpetru (~razvan@188.26.187.156)
10:17.31mikhasArkenoi, I'd put a ring on it.
10:17.33DocScrutinizerdjszapi: (thing is that you cannot avoid the security nowadays...) that's your POV, others may feel completely different about it. You won't convince them the way you defend aegis here, as that decision had to get discussed on a way more abstract level of platform concepts and product targets
10:17.34Stskeepsyes, my statement about fuck aegis is that i want to erm, make sweet love to it
10:17.43Stskeeps;)
10:17.51razvanpetruI like aegis!!
10:17.52xarcassdjszapi: yes it is user:users and it doesn't work. on two devices with different versions of fw. it's right in /home/user directory
10:17.54radiofreefrom a user point of view, aegis makes sense
10:18.06razvanpetruin fact it needs more permissions...
10:18.09Arkenoiradiofree, how?
10:18.13radiofreei wish i could completely disable it on my device though, from a developer point of view
10:18.14w00t_Stskeeps: i don't think "penetrate it with a 30ft post" is the same as "make sweet love to it"
10:18.25Stskeepsw00t_: to me it does!
10:18.27w00t_though i guess in so..
10:18.30w00t_ok, beat me to it
10:18.40djszapixarcass: the only guess is the old image then since it works here.
10:18.44w00t_facepalms gently
10:18.46mikhasThe one thing to realize and accept: AEGIS won't go away for MeeGo Harmattan, it'll stay.
10:18.48radiofreeArkenoi: it does a decent job of preventing applications from doing what they are not supposed to do
10:19.08mikhasNo amount of water running down the Niagara falls, or similarly, the amount of talk here, will change that.
10:19.25Arkenoicould be useful if platform was just a bit more widespread. as it is not, it is just pure annoyance
10:19.47Arkenoialso, there is no decent user controlled capability management process to make it useful
10:19.55radiofreeits a pure annoyance to a developer
10:20.04DocScrutinizermikhas: I tend to agree on that one
10:20.10mikhasSo is manual memory management.
10:20.28mikhasOr debugging without debug symbols or sources.
10:20.45mikhasIf you get easily annoyed as a dev, it's time to change careers.
10:20.50mikhasIt won't get better!
10:22.00DocScrutinizermikhas: we almost all don't have a career  on HARM/meego. And I for one am fine with my options to choose which platform to use for development. It's not an aegis-infested platform
10:22.27mikhasYes, please exert that freedom of choice.
10:22.46*** join/#harmattan ajalkane_N950 (~ircchatte@GYYYMMCDXXIII.gprs.sl-laajakaista.fi)
10:22.46DocScrutinizerI already did and stopped all work on harmattan development
10:23.10djszapiWhat I have never understood is that, here is the platform. People got free devices. If they do not like how the platform was designed, they are not obligated to use it. Summary: if you work in a project, why not cooperating nicely after accepting the platform principles instead of continously developing for a platform where you do not accept the principal architecture design ?
10:24.00DocScrutinizererr I guess this explicitly does not apply to me?
10:24.07Sicelo0_o really DocScrutinizer ?
10:25.29DocScrutinizerSicelo: yes. I *hate* the platform concept with regard to aegis/security, and I'm not excited about N9 either. So what would me make invest my time into it
10:26.25DocScrutinizerI just keep this aegis-coffin they sent to me as I hope there's some better platform without aegis available soon, which deserves my attention
10:26.28*** join/#harmattan M4rtinK (~M4rtinK@mail.melf.eu)
10:26.37mikhasDocScrutinizer, in case you got a N950: I suspect ending all H work means you'll hand it over to another developer?
10:26.42Sicelolol, coffin. yay!
10:26.45djszapiI have mentioned previously Harmattan and MeeGo. From what I can say, Android tries to replicate aegis design principles nowadays, they also go into that direction. It is just heavily needed to provide security for the mobile phone users nowadays. It is not the Windows security way, I know. Nothing comes freely, you need to work a bit with it, but after a good documentation, it should not be hard.
10:26.58SpeedEvilA device you're expected to develop on without pay is not free.
10:27.41fluxdjszapi, I think people are annoyed that developers don't have a loophole for the security system. in other words, they must work at a further level from the core system than the manufacturer.
10:27.53fluxthe security system per se seems quite interesting to me
10:28.14hiemanshudjszapi: have you ever written SELinux policies?
10:28.56DocScrutinizerflux: indeed
10:28.59hiemanshuthe thumb rule says 'Test your app without SELinux, see if it works on the platform just fine, then enable SELinux and add the security stuff needed'
10:29.28hiemanshuand aegis doesn't let you do that
10:29.33djszapihiemanshu: I am really sorry, but I would not like to discuss SELinux right now because that would be a very deep and long conversation during the work hours. All the feedback can be founded on the linux kernel mailing list I pasted few weeks ago more times. I agree about that what is written over there by Linus Towards and other security experts, if you are interested in our opinion.
10:29.44DocScrutinizerhiemanshu: which is the SOP I suggested from beginning and thought was what "developer mode" is all about
10:30.17SputI'd just like to be able to deploy and run a binary for testing purposes, without having to build a full package first :/
10:30.26hiemanshusee ^
10:30.37hiemanshuDocScrutinizer: exactly my point about aegis
10:30.47hiemanshuits not the security platform that I am sick of, its the implementation
10:30.58Sputespecially since building a package takes much longer than remaking the binary
10:31.06hiemanshuusers dont blame implementations, they blame platforms
10:31.12DocScrutinizerdjszapi: the problem is "you security experts" (I honestly doubt Linus would attribute himself as such) seem to be pretty ignorant about "us developers"
10:31.53hiemanshudjszapi: and I have been studying security since I was 15, so I know my stuff
10:32.32hiemanshudev mode != production mode, which is why dev mode has a lot of rules relaxed for you
10:32.44DocScrutinizerand now I'm out again,  as - stated correctly before - NOTHING will change for aegis neither on N950 nor on N9 or HARM in general
10:33.55SpeedEvildjszapi: Can aegis be used for user security? Is it possible to for example require (in principle) a passphrase from the user before decrypting the aegisfs?
10:34.35djszapiaegis and smack are used for user security.
10:35.49SpeedEvilAre there docs on this side of the implementation - I haven't found any.
10:35.58djszapialso the coming android security which replicates aegis more and more.
10:36.01DocScrutinizerand djszapi won't talk aegis beautiful for the majority of devels that are just annoyed by it, esp by the fact they have to cope with it even in developer mode on a DEVELOPER DEVICE (as is printed in all capitals on back of N950)
10:36.04*** join/#harmattan baraujo (~Bruno@189.2.128.130)
10:37.12djszapiDocScrutinizer: I am seriously not getting what you are talking about...It is like saying to git, solve my merge conflict automatically since it is an issue for me.
10:37.50djszapisimple cases can be "autogenerated" (ie.: aegis-manifest-dev), but custom cases obviously cannot.
10:38.07*** join/#harmattan willer_ (~Willer@189.2.128.130)
10:38.59djszapito be quiet honest: I ported Gluon with all its games to Harmattan without any security issue. It is a complete game development and distribution platform, and I had zero security issue.
10:39.03djszapiquite*
10:39.34DocScrutinizerdjszapi: if the above sentence was maybe too screwed to not get lost in translation, here's a second try: You ( djszapi ) like aegis, some of us don't. And there's nothing that will change this discrepancy
10:39.39djszapiif there is a custom case (ie.: like merging conflicts in case git, which cannot be automated by a tool), it obviously needs custom developer configuration.
10:40.05DocScrutinizerand I'm out now for good (again)
10:40.28djszapi"You ( djszapi ) like aegis, some of us don't. And there's nothing that will change this discrepancy" -> I do not like meego as a project, but I do not say every day like I got for aegis.
10:40.36djszapiso it is a very sad conclusion.
10:41.54Sputdjszapi: so far I fail to simply execute a binary on the device using Madde, which is supposed to be the official deployment env. is it possible to change that somehow?
10:42.24djszapiSput: I can help later today, I need to get back to work. :)
10:42.39*** part/#harmattan djszapi (~lpapp@kde/developer/lpapp)
10:42.42hiemanshuSput: wait let me find you a link
10:44.24hiemanshuSput: http://forum.meego.com/showthread.php?t=4000
10:45.30Sputthanks, but I don't think that's the issue... I can't use Qt Creator because the project is cmake-based, I tried using mad remote run though, but I get permission denied
10:45.41Sput(+x is set on the binary, so it's probably some security policy)
10:46.04hiemanshuSput: devel-su; develsh; /usr/sbin/aegis-developer-mode --relaxed-exec <binary>
10:46.26hiemanshuand you can still use Qt Creator even with cmake
10:46.28Sputah ok, will try that later when I'm in front of the SDK again
10:46.38Sputhiemanshu: yes I can, but Creator misses all the device and deployment options
10:47.02Sput(which is somewhat stupid, as that stuff shouldn't be buildsys specific)
10:47.23Sputso I use Creator for editing the project, but I have to resort to mad in order to deploy and run on the device
10:47.46hiemanshuah yeah, makes sense
10:49.01SputI really really hope they add the deployment and on-device debugging stuff for cmake-based projects at some point :/
10:57.22ArkenoiI *am* security experts with about 20 years of field experience, and i say: aegis sucks!
10:57.52Arkenoiexpert, even
11:02.37dm8tbrit's sure a pain in the neck
11:03.36dm8tbrit sucks enough to make people want to remove it. so in the end hopefully things will be good
11:04.24Arkenoiit is yet unknown if we really lose any functionality in the open mode. apparently not.
11:04.40Arkenoi(any vital functionality)
11:05.04Arkenoii do not care about DRM-protected video and other useless stuff
11:05.56dm8tbrthere is no drm afaict :)
11:05.58*** join/#harmattan jykae (jyrkkav@hopeatilhi.cs.tut.fi)
11:07.31jykaeis there fixed version of landscape enabler for n950 around somewhere?
11:09.00Arkenoias for capabilities based security is it exactly as good as capabilities management system you have. selinux is slightly better than nothing. the one we have at symbian is way worse than nothing. at the moment aegis behaves worse than selinux but better than symbian (at least we can control it), but is unpredictable, changes from version to version and all that NDA stuff is pure nonsense, so now it is worse than nothing as well
11:11.48Arkenoialso think "qui prodest"
11:12.01Arkenoiselinux was made for users
11:12.18Arkenoisymbian capabilities system was made for symbian foundation
11:12.45Arkenoiaegis was made for "IP owners" and network operators
11:13.01Arkenoianything that was not made for users is worse than nothing for users
11:13.48Arkenoijykae: all existing ones basically patch the same config files
11:13.59Arkenoiso if it is that ugly, it still is
11:14.48*** join/#harmattan eman (~eman@124-149-101-241.dyn.iinet.net.au)
11:15.18dm8tbrArkenoi: I agree I guess
11:17.52DocScrutinizertoo
11:21.29ajalkane_But Aegis can be disabled by installing custom kernel if I've understood correctly?
11:23.06Arkenoiat the moment we do not have fully functional replacement kernel, right?
11:24.30*** join/#harmattan cpscotti (~cpscotti@212.36.161.100)
11:25.24ajalkane_I haven't heard about one, but I expect it won't take long once the devices come on sale
11:30.45SpeedEvilAegis can be disabled - however it seems likely that maps and drive stop working.
11:30.54SpeedEvilWhich is unfortunate, as those are two quite nice apps.
11:31.20SpeedEvilI'm basing this on the fact that there seems to be some aegis oddness going on with my device that means it can't login to nokia accounts.
11:31.49SpeedEvilMaps sort-of-works in this state, as it has a bug.
11:31.54ArkenoiSpeedEvil, does it interact with nokia any different way than other nokia devices?
11:31.59DocScrutinizerreasonable assumption, as maps and drive need a nokia account
11:32.13SpeedEvilArkenoi: It requires a nokia account to run drive and maps.
11:32.21SpeedEvilIf you don't have one, it simply does not work.
11:32.28*** join/#harmattan Reffy (542daceb@gateway/web/freenode/ip.84.45.172.235)
11:32.41SpeedEvil(well, maps works, as it has a bug where if you switch back to the maps witndow, and tap it randomly a few doxen times, it unlocks)
11:32.58DocScrutinizerLOL
11:33.12ArkenoiSpeedEvil, well, i have my login and password, why cannot it work without aegis?
11:33.25SpeedEvilAnother interesting question is if you have a working nokia account on the phone, have the maps downloaded to the phone (you can do this), then does if you need to reboot the phone, it stay logged in>
11:33.41SpeedEvilBecause if it doesn't, and if you're in an area without net service, you're screwed.
11:34.03rzrtalking about nokia account ?
11:34.05SpeedEvilyes
11:34.16rzrmine used to work , but not last time i tried
11:34.22SpeedEvilUnless maps only requires the account on frst startup, which is not implausible.
11:34.24rzri can check again hold on
11:35.23SpeedEvilSo the possibilities I guess are that a kernel with aegis disabled means maps never works. Or it could mean that maps only works if you start it at least once with the aegis kernel.
11:36.07rzrsemms my nok account is working again
11:36.17SpeedEvilOr aegis could download some sort of security credential which in normal operation it would store meaning it does not need to access the net ever agai, but with aegis-kernelspace out of the picture it won't do that.
11:37.24ajalkane_umm, sounds annoying. Losing maps would suck.
11:37.27SpeedEvilOr aegis being involved with the maps and accounts could be a bug to be resolved in the release images.
11:37.46SpeedEvilI guess only one way to find out.
11:49.56*** join/#harmattan Reffy (519d013b@gateway/web/freenode/ip.81.157.1.59)
11:49.59*** join/#harmattan jykae_n950 (~ircchatte@130.230.147.124)
11:54.05*** join/#harmattan lardman (~simon@Maemo/community/contributor/lardman)
11:54.56*** join/#harmattan trx (~ns-team@93.87.57.88)
11:56.00*** join/#harmattan jkt (~jkt@gentoo/developer/jkt)
11:56.53*** join/#harmattan Khertan (c16a270a@gateway/web/freenode/ip.193.106.39.10)
11:56.55KhertanMorning
11:57.31rzrevening Kaadlajk
11:57.33rzrKhertan:
11:57.48Khertanfailed
11:57.48Khertan:)
11:57.53Khertan'lu rzr
11:58.07rzris trying to dl some maps
11:58.12rzrusing the CLI way
11:58.33Khertangnié ? maps from maps ? why not downloading them using the gui ?
11:58.41Khertanworks well :)
12:04.30*** mode/#harmattan [-o dm8tbr] by ChanServ
12:17.45Termanamorning
12:20.42razvanpetruMouseAreas work even if they're obscured by a Sheet?
12:22.44xarcassrazvanpetru: yes. they don't react only if they're obscured by another MouseAreas
12:24.10razvanpetruthat's rather unfortunate... :)
12:24.22razvanpetruany workaround?
12:25.04Khertanopacity:0 ?
12:25.43Khertanforgot ... a MouseArea didn't have opacity
12:25.43Khertan:)
12:26.11w00t_razvanpetru: put a MouseArea on your sheet obscuring the other MouseArea
12:26.27elpuriit does
12:26.31razvanpetrubut then... my sheet buttons can't be clicked I guess?
12:26.33Khertanhuhu :)
12:26.39elpuriMouseArea i mean
12:26.40w00t_*on* the sheet
12:26.41razvanpetruKhertan: enabled should also work
12:26.43elpuriit inherits Item
12:26.49Khertanyep would be better
12:26.49Khertan:)
12:26.50elpurisetting opactiy to 0 disables it
12:26.55w00t_as in, behind your buttons
12:27.07w00t_the button MouseArea will be in front of it, so they will still work
12:27.17razvanpetrubehind as in declared earlier in qml, with lower z, or other? :)
12:27.19Khertanelpuri: true
12:28.33razvanpetruw00t: by sheet buttons I don't mean the two at the top, I have some buttons inside the sheet. I will try a few things and see how this works if I add another MouseArea
12:29.04xarcassrazvanpetru: sheet button are not in the 'content' item
12:29.18razvanpetruxarcass - true
12:30.06Khertanpffff i m tired to change password everywhere due to using only 5 or 6 differents password
12:30.12xarcassrazvanpetru: so, i've declared MouseArea which does nothing with anchors.fill: parent at the top of content item: that solves the issue
12:30.17Khertanand one site have security breaks
12:30.33Khertanand can't retain all different password by site
12:30.35Khertanhum ...
12:31.21Khertanwhat did you think of using the first 12 char of the result of a md5 of a concatenation of a master password and the domain name of a site
12:31.33Khertanso one pass for all ... but different for all
12:31.35Khertan?
12:31.46DocScrutinizersounds good
12:32.01razvanpetruthis is a prolbem in qml... because let's say that I design a component that contains a MouseArea
12:32.13Khertanmd5 representation can be something else than an hex representation :)
12:32.19razvanpetrunow I'm forcing everyone using that component to use MouseAreas when displaying things on top of it
12:33.23razvanpetruand I just wanted a clickable TextField :)
12:34.11DocScrutinizerrazvanpetru: indeed
12:34.39razvanpetrucan I tell if an Item is obscured by another? I could bind MouseArea.enabled to something like that...
12:35.08DocScrutinizerthat's a genuine duty of your widget set
12:35.16razvanpetru:D
12:35.26*** join/#harmattan zarlino (~zarlino@109.54.45.169)
12:36.39DocScrutinizerrazvanpetru: otoh think about me planning toplce textures ob the mouseAreas of your widget - I'd *want* them to still work
12:36.58DocScrutinizerto place*
12:37.04*** join/#harmattan seif (~seiflotfy@ip-95-223-13-104.unitymediagroup.de)
12:37.23*** join/#harmattan artemm (~Adium@d85-194-229-245.cust.wlannet.com)
12:37.25razvanpetruwell they would still be visible... or do you want them to be clickable?
12:37.43razvanpetruI'm working on date picker
12:37.52DocScrutinizer?o/
12:37.55razvanpetruit's just a textedit that shows a date picker dialog
12:37.58DocScrutinizermeh
12:38.01DocScrutinizer\o/
12:38.18razvanpetrudon't know why this was not included by default
12:38.23razvanpetrusame with combo boxes
12:40.05DocScrutinizerI think qml has got that unbearable slotmachine datepicker
12:40.31razvanpetruit does...
12:40.37DocScrutinizerthere's a bug ticket of me lingering around at nokia's tracker about that
12:40.41xarcassrazvanpetru: what about so called 'Tumblers'? they are included
12:41.08razvanpetruxarcass - yes, but those are only part of the date picker
12:41.17razvanpetruthe part that shows the date on screen is missing
12:41.38razvanpetrufor instance in ios you have a date edit and when you click that you get the tumbler
12:41.43razvanpetruwhich makes sense actually...
12:41.50DocScrutinizerwhat are tumblers? (except they are used to dry my clothes)
12:41.57Khertanrazvanpetru: and a fileselector .... hum ?
12:42.07Khertaneveryone is writing is own fileselector
12:42.24Khertanso it ll be different on all apps and will be disapointing for users
12:42.33DocScrutinizerindeed
12:42.33razvanpetruoh yeah :D
12:42.36xarcassrazvanpetru: we are using, apparently, different kinds of tumblers. i can see date clearly
12:42.37DocScrutinizerhighly annoying
12:42.51razvanpetruxarcass... but can you add those tumblers to a form
12:43.01razvanpetrue.g name, last name, *date*
12:43.40Khertanhttps://bugreports.qt.nokia.com//browse/QTBUG-13007?focusedCommentId=137123#comment-137123
12:43.44DocScrutinizerwell, the gods of meego HARM UX (aka GUI designers) have decided you don't need to expose any file system to HARM endusers
12:44.11Khertanhihi ... haha ...
12:44.13Khertanmouarf ...
12:44.18xarcassrazvanpetru: have a look at "QMLComp..." app - it's done there (i don't know how this app is called properly - that's what is shown)
12:44.27DocScrutinizerprobably they thought if apple is failing on that concept, it's a challenge Nokia gets it right
12:44.57KhertanDocScrutinizer: yeah but if users want a iphone they bought a iphone
12:45.15Khertanif they want something else ... they "could" buy nokia
12:45.20DocScrutinizerexactly :-D
12:45.44DocScrutinizeronly if N9 wasn't just another me-too-iPhone-lookalike
12:45.52razvanpetruwhat's the point in exposing the file system? 99% of users dont care about filesystem
12:45.59Khertanat least they could by a iphone clone if it was selled 50$
12:46.06razvanpetrun9 is definitely borrowing elements from iphone
12:46.15Khertanrazvanpetru: oh really ?
12:46.17razvanpetrubut the cool thing is that you CAN write a filesystem browser
12:46.26razvanpetruthis is the big difference
12:46.43razvanpetruyeah really :)
12:46.44Khertanrazvanpetru: yep ... but you loose the plateforms look and style
12:46.49razvanpetruthe text magnifiying glass
12:46.52Khertanas every apps will look different
12:47.00razvanpetruI'm sorry they didn't borrow the text copy/paste
12:47.07razvanpetrugo all in, so to say :>
12:47.21Khertancopy/paste ? there is that in harmattan ?
12:47.30Khertandid see it working
12:47.32DocScrutinizerno, the big difference is fremantle already *had* a fileselector widget, and even MTF had nice usefull date- and time-pickers
12:47.34Khertandidn't see it working
12:47.40Hq`there is
12:48.10Khertanyep the concept is here ... but currently missing
12:48.23Khertantry webbrowser or terminal .... or ... contacts :)
12:48.40Khertan(on contacts it can works sometimes)
12:49.01razvanpetruyeah, it's worse than ios, that's for sure
12:49.05Hq`maybe it's broken on the public image then...
12:50.08jkthi there; I'm struggling to get my N950 nnect to the Eduroam network. Any idea about how to convert these settings http://paste2.org/p/1604448 from wpa_supplicant into that connection UI?
12:51.10jktand maybe a related question, in the settings dialog with certificates, when I click on "add certificate", the GUI says "no certificate", so what do I have to do in order to actually import one? Where to store it?
12:52.14*** join/#harmattan ajalkane_N950 (~ircchatte@YGKMMCDXXXVII.gprs.sl-laajakaista.fi)
12:52.37*** join/#harmattan fiferboy (~fiferboy@Maemo/community/contributor/fiferboy)
12:53.58razvanpetruthe sheet MouseArea blocks the buttons from working also...
12:54.59razvanpetruSheet > ListView > Delegate > Button. MouseArea fills the ListView and buttons stopped working
12:55.21razvanpetrubut at least I can't click through the sheet now \o/
12:56.44razvanpetrumaybe I need to add more MouseAreas...
12:56.52razvanpetruMouseAreas are like violence
12:59.01xarcassMouseArea should be *behind* the listview
13:02.22razvanpetruThanks xarcass, it worked now
13:02.47razvanpetrubut... isn't the list delegate "in front" of the list view?
13:06.42jykaeanyone knows how I get my mpoker app to my-meego.com?
13:08.27jykaeto gain visibility for it
13:11.13*** join/#harmattan crevetor (~antoine@bureau.ubity.com)
13:12.56jykaehmm, ok, sent contact mail.
13:13.28jykaewho is running that site btw?
13:14.06*** join/#harmattan NIN101 (~NIN101@p5DD294A5.dip0.t-ipconnect.de)
13:15.24*** join/#harmattan fiferboy (~fiferboy@Maemo/community/contributor/fiferboy)
13:15.29DocScrutinizerjkt: good question
13:16.38jktDocScrutinizer: yeah :). any ideas?
13:16.58DocScrutinizerjkt: WLAN login failed for me on a rather standard WPA2 infrastrucure AP yesterday. I pulled out my N900 and connected with no problems... :-S
13:18.01DocScrutinizerso no, alas no idea at all, just saying it's a really good set of questions
13:18.21jktDocScrutinizer: frankly, I don't know what the difference between PEAP, MSCHAP, TKIP and what not is; just saying that it is weird
13:18.36jkthttps://bugs.maemo.org/show_bug.cgi?id=417 is a bit scary, though
13:18.37povbotBug 417: Support WEP with 802.1x EAP PEAP
13:18.40MeeGoBotBug https://bugs.meego.com/show_bug.cgi?id=417 nor, Medium, ---, yong.y.wang, VERI INVALID, please enable the CONFIG_RT2860 option in the kernel
13:18.42ArkenoiPEAP/MSCHAP did not work for me
13:18.52Arkenoineither with WEP nor with WPA
13:18.58Arkenoin900 worked ok with WPA
13:18.58DocScrutinizerjkt: I had to look it up in wikipedia as well ;-D
13:19.20jktArkenoi: do you happen to know how to find out what methods the AP/radius infrastructure supports?
13:19.30jktthe staffers here are not really helpful, saying "it's AES"
13:19.48jktI do have a linux notebook where I can use various standard tools, though
13:20.43Arkenoijkt: dunno :-( just try to guess
13:20.48DocScrutinizerVERI INVALID? X-D
13:21.48*** join/#harmattan thp (~thp@Maemo/community/contributor/thp)
13:29.46DocScrutinizerjkt: http://en.wikipedia.org/wiki/Wi-Fi_Protected_Access has a few explanations, at least of equivalent terms
13:30.14DocScrutinizere.g. >>CCMP: An AES-based encryption mechanism that is stronger than TKIP. Sometimes referred to as AES instead of CCMP. Used by WPA2.<<
13:30.18*** join/#harmattan fiferboy (~fiferboy@Maemo/community/contributor/fiferboy)
13:32.28DocScrutinizerjkt: maybe also http://en.wikipedia.org/wiki/Eduroam helps
13:34.14DocScrutinizerMy spidersenses tell me the "@realm" part will often give users headache due to the @ character
13:36.29*** join/#harmattan javispedro (~javier@Maemo/community/contributor/javispedro)
13:39.06*** join/#harmattan lizardo (~lizardo@201008185251.user.veloxzone.com.br)
13:39.20DocScrutinizerjavispedro: moo
13:39.29javispedromoo.
13:42.19seifanything new abut new images
13:42.20seif:)
13:45.28*** join/#harmattan wazd (~wazd@broadband-95-84-185-178.nationalcablenetworks.ru)
13:50.51DocScrutinizerwas musing about the aegis dispute as of earlier this day, and had a weird scary imagination of next "developer device" coming with a 12key 1..9*0# kbd and no way to ssh in to device, as developers are supposed to develop their apps on the target platform. "Use T9! This is not a unix workstation, this is an end-user device"
13:55.04*** join/#harmattan CepiPerez (~matias@190.221.197.126)
13:55.07DocScrutinizerseif: sure, the new images. They come with true N9 feeling: hw-kbd optimized out completely, and you get a huge aegis warning on bootup about the broken NFC hardware ;-P
13:55.15DocScrutinizerseif: just kidding
13:58.19jktspeaking of aegis -- where do I found some documentation about how to "deal with it"? I'm trying to have a look at http://www.developer.nokia.com/bugs/show_bug.cgi?id=234 , but I'm unable to even strace the number of existing /usr/bin/signonpluginprocess processes
13:58.58jktslides from http://conference2010.meego.com/session/mobile-simplified-security-framework-overview were not that much helpful
14:02.37*** join/#harmattan fiferboy (~fiferboy@Maemo/community/contributor/fiferboy)
14:28.36mariobHow are the rounded corners made on several places in the built-in apps? Are shaders used for this?
14:28.52mariobFor example in the contacts app
14:34.51ajalkane_images, as far as I know
14:35.57javispedromariob: what's your toolkit? they should be added auto in most supported toolkits
14:36.34mariobI mean, for each contact you can have an image... And that image will have rounded corners.
14:36.46javispedroah
14:36.55mariobIs that down on the C++ side?
14:37.36mariob*done*
14:38.57mariobwhishes that Nokia releases some of the code for built-in apps
14:42.48ajalkane_oh... contacts app uses MTF, Haven't checked it much
14:44.50mariobajalkane_: was afraid of that...
14:57.07DocScrutinizerjkt: that's the neuralgic point here with the missing docu about aegis
14:57.16Tronicmariob: CSS border-radius would be my guess.
14:57.28Tronicmariob: Apparently CSS is used for style in some parts of the UI.
14:57.34Tronic(if not all)
14:58.38DocScrutinizerjkt: there's sth about MSSF on dev.nokia wiki, but for all I know it just covers the very standard usecase and even that not exactly in a comprehensive way
14:59.15DocScrutinizerthere are not even manpages for the aegis related cli commands
14:59.45DocScrutinizerneither for any file formats
15:01.55DocScrutinizernot even to dream about documentation to details on when aegis self destruction is meant to get triggered, why, and how, and how you'd check if you're already close to stepping on the trigger
15:03.38DocScrutinizerallegedly my #92 aegis suicide was a bug and not meant to happen, but evidently there's some self destruction mechanism that got implemented on purpose, and it's nowhere documented
15:04.24TronicI guess we have 92 ways of suicide documented now?
15:04.55DocScrutinizerso if you're happy with the Romulanian's 4-dimensional version of minesweeper....
15:07.09DocScrutinizerI love linux as I always can get my info somehow, I hate windows as you're basically busted if sth doesn't behave or you plan to do sth in a non-standard way. Now guess my feelings towards HARM&aegis
15:09.40DocScrutinizerwhile on fremantle the locked (due to non-foss blob) bits were mainly some core applications, on HARM basically the complete system is (potentially) locked, and worse: you have no means to find out what's locked and what'S not, until you run into a roadblock
15:10.47DocScrutinizerextremely risky platform to develop, just from a commercial project risk management POV. If I were to do sth commercially I'd never dare to pick HARM for our target platform
15:15.01DocScrutinizerjkt: anyway infobot has some links for you:
15:15.04DocScrutinizer~aegis
15:15.04infobotaegis is, like, http://www.developer.nokia.com/Community/Wiki/Harmattan:Developer_Library/Developing_for_Harmattan/Harmattan_security/Security_guide , or "The purpose of this framework is: ... to make sure that the platform meets the requirements set by third party software that requires a safe execution environment.", or http://en.wikipedia.org/wiki/Trusted_Computing#Criticism, or http://en.qi-hardware.com/w/images/1/10/ME_382_LockedUpTechnology2.gif
15:16.41*** join/#harmattan NIN102 (~NIN101@p5DD28C1A.dip0.t-ipconnect.de)
15:17.07TronicI wonder whether there would be a way to do backup flashing without upsetting aegis.
15:17.29TronicSo that if you end up triggering it, you could at least recover easily.
15:23.44*** part/#harmattan razvanpetru (~razvan@188.26.187.156)
15:29.53jktDocScrutinizer: thanks for pointers and sharing the frustration :)
15:30.06DocScrutinizeryw :-D
15:31.16jktI have no idea how things stand at other companies, but I start to feel frustrated a bit. The platform looks like an open one from distance, provides a nice and shiny UI when you start working with it, but when you hit a bug and decide to try to fix it, you find out that a critical component is closed and/or should not be touched
15:31.45jktlike http://www.developer.nokia.com/bugs/show_bug.cgi?id=234 or http://www.developer.nokia.com/bugs/show_bug.cgi?id=360
15:32.11jktI mean, it's a developer preview, and it's cool that Nokia went out of their way to provide it to the developers, and I really appreciate it
15:32.38jktit's just that the tiny last steps are missing
15:34.06DocScrutinizerjkt: hey I confirmed on that first ticket :-D
15:34.28javispedroit's funny that the browser-ui is one of those ocomponents that has since nearly forever been promised it'll eventually be released
15:34.38javispedroand here we are, at the end of time, and it has not been released.
15:36.48javispedrobtw
15:36.54javispedrocome to think of it
15:36.57javispedrowebkit is GPL
15:37.05javispedroand NOT LGPL afaik.
15:37.13w00t_say what?
15:37.17w00t_webkit isn't *GPL at all
15:37.38javispedroKHTML surely was
15:37.42w00t_how do you think safari exists? :)
15:38.15javispedrooh, it's LGPL.
15:38.21TermanaThe JavaScriptCore and WebCore components of WebKit are GPL
15:38.29javispedronah, it's LGPL.
15:38.36javispedrojust checked on the source itself ;)
15:39.48javispedroeither way, Nokia is violating, where is libgrob-qtwebkit source?
15:41.00javispedroalso, note that the reason they're using WebKit2 is not because they can split out plugins in separate processes (we have no plugins!) but because they can split the WebKit process into another process, therefore avoiding any pesky GPL complications.
15:41.01javispedrosighs
15:41.22javispedroand possibly some added stability and more blablablabla.
15:41.29w00t_I think you'll find it's actually performance/stability related
15:41.35w00t_#qtwebkit might be of help
15:44.48*** join/#harmattan berndhs (~berndhs@2604:8800:11b:1:21e:90ff:fe8f:8bee)
15:46.34DocScrutinizerpardon my doubt, but since bme in userland I don't believe in a sane rationale when finding this class of design decision taken
15:47.05w00t_javispedro: from asking one of the right people involved, git@gitorious.org:+qtwebkit-webkit2-dev/webkit/qtwebkit-webkit2-dev.git should be what you want
15:47.18javispedroagrees with DocScrutinizer here
15:47.29javispedroalbeit qtwebkit2 does crash quite a bit.
15:47.56javispedrow00t_: thanks!
16:08.27*** join/#harmattan ajalkane_N950 (~ircchatte@a88-115-217-31.elisa-laajakaista.fi)
16:27.30*** join/#harmattan rcg1 (~rc@g230054171.adsl.alicedsl.de)
16:28.01*** join/#harmattan NIN102 (~NIN101@p5DD28ACD.dip0.t-ipconnect.de)
16:30.26rzrhi
16:30.47rzrdont you have the phone screen all black sometime ?
16:42.21*** join/#harmattan leinir_ (~leinir@amarok/usability/leinir)
16:43.21*** join/#harmattan captainigloo (~Nico@lan31-4-82-227-130-131.fbx.proxad.net)
16:44.16*** join/#harmattan alterego (~t.swindel@212.110.185.209)
16:48.29rzrhttp://www.developer.nokia.com/bugs/show_bug.cgi?id=347
16:48.59javispedrorzr: yeah, happened to me, but so far seems random
16:49.23javispedroTexrat says it is a bunch of 3rdparty apps that cause it, but I've seen it even without installing anything
16:53.01*** join/#harmattan arnaud1 (~arnaud@chouchoune.fr)
17:08.43npmi bet those third party apps aren't respecting resource policy for resources (e.g. audio or video device) and interfering w/ apps that work correctly (the stock harmattan apps): http://forum.meego.com/showthread.php?t=4125
17:09.10javispedrothis policy stuff was already partially in harmattan
17:09.11*** join/#harmattan lcuk (lcuk@cpc2-oldh7-0-0-cust702.10-1.cable.virginmedia.com)
17:09.11*** join/#harmattan lcuk (lcuk@Maemo/community/contributor/lcuk)
17:09.12javispedroer
17:09.14javispedroI mean, fremantle
17:09.22Stskeepswe even have it in CE
17:09.34npmand meego tablet ux
17:09.43javispedromost of the time doing nothing does the right thing, e.g. corking your streams if you get a phone call
17:10.34npmi too have seen the black phone screen thing. perhaps i'm seeing it less now that the app that was hogging the resources (qmltube) is now compliant
17:10.48npmalso, i believe harmattan has a bug there that meego doesn't
17:10.55npmit doesn't "cork the stream" correctly
17:11.08javispedrohm??
17:11.12javispedroit does very well here
17:11.28javispedroso well, it triggers exactly the same deadlock in PAsimple it triggered on Fremantle ;)
17:12.18npmwell if you run qmltube on harmattan, and then startup video-suite and start a video playing qmltube doesn't get the pause signal that the resource went away, rather it gets paused at a lower level inside qt mobility video element
17:12.48javispedrothat's mostly what it also does for audio
17:12.49npmdo the same tihing on meego 1.2 tablet ux and it sends the "callback" correctly that the resource went away.
17:12.56javispedroah
17:13.01npmand so i can pause the stream in advance of getting the underlying error
17:13.09javispedroyou mean it is not sending resource revoked msgs correctly?
17:13.12npmyes
17:13.16javispedrook.
17:13.19javispedroweird
17:14.14npmplease try out http://nielsmayer.com/meego/qml/qmltube_1_11_1_armel.deb versus http://nielsmayer.com/meego/qml/qmltube-1_11_1-1_i586.rpm
17:14.58npmand i'll be fixing the screen-space wasting headers on video playback soon in tablet ux version
17:15.47npmbut you'll see that behavior -- start qmltube from commandline or qtcreator remote and watch the debug output
17:24.17*** join/#harmattan spenap (~spena@cs27063224.pp.htv.fi)
17:31.29*** join/#harmattan n950evil (~dodo@mauve.plus.com)
17:34.20DocScrutinizerso where's any howto or concept paper or manpage about "(un)corking streams"?
17:34.44StskeepsDocScrutinizer: the one you refer to occasionally and shout they're bloody idiots, i think
17:34.50Stskeeps(pulseaudio)
17:35.28DocScrutinizerStskeeps: I don't think I called anybody a bloody idiot any time in my whole life, so please don't spread lies
17:35.46Stskeepsright, maybe not those exact words, but anyway, that's one place i would look myself
17:35.55javispedronah
17:36.04javispedrodon't uncork it using PA or you'll cause havoc in the resource manager
17:36.08npmlinus torvalds calls people masturbating monkeys :-)
17:36.46javispedroeither way, this time the resource manager seems to have a saner policy
17:36.53javispedrolike prioritizing games over music
17:37.06javispedrostill needs to ensure that is true, but first test showed that might be the case
17:37.37*** join/#harmattan GAN950 (~ryan@32.132.147.53)
17:37.46*** join/#harmattan GAN950 (~ryan@Maemo/community/contributor/GeneralAntilles)
17:38.02javispedroalso, I quite loved that acquiring the music resource means the -/+ buttons are automatically remapped to main volume instead of ringing volume
17:38.59GAN950Automagically?
17:39.08npmi added a clip of the conversation to http://www.developer.nokia.com/bugs/show_bug.cgi?id=347
17:39.22javispedroGAN950: yep, so I can put that to games
17:40.15javispedronpm: I'm still not sure it has anything to do with resources though.
17:40.37*** join/#harmattan aslani (~aslan@ruutana.net)
17:40.43javispedroif you believe so you should explain why on that bug, cause from the log it's not clear.
17:42.09javispedroenjoys his vsynced SDL some more
17:42.16javispedroooh, vsynced mario kart.
17:44.29javispedrohm, just noticing the random noise generation is a bit off
17:44.49GAN950You can't set up repeating events yet can you?
17:45.40javispedrouh, a bit, it's totally broken
17:45.47javispedroGAN950: hm? what do you mean?
17:45.53StskeepsGAN950: i can, if i go and edit afterwards
17:45.54*** join/#harmattan wazd (~wazd@broadband-95-84-185-178.nationalcablenetworks.ru)
17:46.12javispedroah, in calendar
17:48.35*** join/#harmattan harbaum (~quassel@krlh-4d0362d1.pool.mediaWays.net)
17:48.43rzrplz vote for it http://www.developer.nokia.com/bugs/show_bug.cgi?id=347
17:49.20npmjavispedro: i clarified my "paste"
17:49.46npmand gave it 100 votes :-)
17:50.02Stskeeps" which is why the Korean government has stepped in to create its own OS. Kim Jae-hong, deputy minister from Seoul's Ministry of Knowledge Economy, thinks that American dominance in mobile software is generally a bad thing. The minister said that the country would "foster a habitat" for the open-source OS, which might mean incentivized pricing on these device"
17:50.08Stskeepshttp://www.engadget.com/2011/08/23/south-korea-brings-the-big-guns-to-the-mobile-os-knife-fight/
17:50.18Stskeepstime for KRMeeGo, or something
17:50.24npmwhich i'll reduce as soon as i find some other bug that competes with it in terms of making the phone somewhat painful to use in an emergency
17:50.57npmit also gets into a state where you can't hang it up without power-cycling.
17:51.02npmwhich is sort of old school
17:51.04npm:-)
17:51.57npmas if all those billions of transistors were just a bunch of wires and magnets
17:52.12javispedrowelcome to the world of tomorrow!
17:52.44npmsomeone should write an app to simulate a rotary phone in qt :-)... complete with clicking
17:53.05alteregonpm: there's a demo doing that.
17:53.20rzrStskeeps: you're talking about the republic of samsung
17:53.40npmi wonder if that could be used in certain emergency conditions when the regular tone networks aren't working, perhaps due to an EMP
17:55.07*** join/#harmattan smoku1 (~spectrum@xkh0g2.infr.xiaoka.com)
17:59.06*** join/#harmattan SpeedEvil (~user@tor/regular/SpeedEvil)
18:01.41rzrI think I screwed someone comments
18:02.09rzrwho is NielsMayer ?
18:02.53rzrnpm: that screen does not even show once rebooted my side
18:07.04npmis NielsMayer
18:09.40*** join/#harmattan SpeedEvil (~user@tor/regular/SpeedEvil)
18:11.40DocScrutinizer(aegis, developer-mode) it all boils down to the true meaning and implications of <quote URL=http://www.developer.nokia.com/Community/Wiki/Harmattan:Developer_Library/Developing_for_Harmattan/Harmattan_security/Security_guide> If your application needs any POSIX capabilities, the following example shows how to request POSIX capabilities for your application: Note that POSIX capabilities are sensitive credentials. Even if you use the
18:11.41DocScrutinizerrequest, whether you get the capabilities or not depends on the software source.</quote> How would we add a policy that defines an arbitrary or specified local source as an entitled source for requesting all posix resources?  --  In fact I thought THAT was what developer mode would do, but as I got told in CAPITALS several times developer mode is something completely different (alas I still didn't manage to wrap my head around what it
18:11.43DocScrutinizeractually is then)
18:12.19rzrnpm: ok your post seems to be still there
18:12.28rzrvotes his points on http://www.developer.nokia.com/bugs/votes.cgi?action=show_user&user_id=691#
18:13.18DocScrutinizers/posix resources/posix capabilities/
18:13.24*** join/#harmattan SpeedEvil (~user@tor/regular/SpeedEvil)
18:16.11*** join/#harmattan deimos (~deimos@host168-51-dynamic.21-79-r.retail.telecomitalia.it)
18:26.01DocScrutinizeralso to me it seems rather unclear *when* aegis is going to force new credentials/tokens to a process. The >>When your application is launched, the credential information defined in the file is passed on to the system kernel.<< is pretty fuzzy and unclear. What does this mean exactly? is this on execve() and friends? On loading a harmattan app from applications launcher via *.desktop et al? On fork()? On loading an executable to RAM (i.
18:26.03DocScrutinizere. also for *.so etc)?
18:27.51dm8tbrDocScrutinizer: I thought that developer mode allowed you to install your own binaries with (almost) all possible base capabilities.
18:28.10dm8tbrbut some apparently not like loading modules, etc bla
18:28.23dm8tbrso, close but not close enough for an open feeling
18:28.32DocScrutinizerI.E. will e.g. a (true, non busybox) shell command inherit the shell's capabilities, or are the freshly defined?
18:29.09dm8tbrI'd expect inheritance, but then I know nothing about this
18:29.37Stskeepsthat's a funny question actually..
18:29.51Stskeepswhat aegis permissions a console shell has
18:29.57Stskeepslike, serial line
18:30.28dm8tbrI think that's also in this repsok file or what it's called
18:30.40DocScrutinizerone thing's for sure: aegis "documentation" as of http://www.developer.nokia.com/Community/Wiki/Harmattan:Developer_Library/Developing_for_Harmattan/Harmattan_security/Security_guide is a joke, an evil pun, or just an introduction that's missing the true proper documentation plus links to that
18:30.47dm8tbrI've seen serial lines caps being defined there
18:30.50Stskeepsdm8tbr: ah, ok
18:31.32dm8tbrDocScrutinizer: I truly hope it's just the latter. the very important question is if we get to see the rest
18:31.55DocScrutinizermy hopes are small for that to ever happen
18:35.37javispedrohow ineriting works in aegis I've not fully understood yet
18:35.45rzrnpm: do u see something suspect in my logs at http://www.developer.nokia.com/bugs/show_bug.cgi?id=347?
18:35.59DocScrutinizeras small actually as my hopes for a proper cert/policy that entitles packages from my local repository to request arbitrary credentials/posix capabilities
18:36.03javispedroin fact, I think the supposed bug that caused Doc's self-destruction was caused by something related to inheriting tokens.
18:39.58*** join/#harmattan rm_code (~adam@2001:470:b:488:21f:3bff:fe18:dd65)
18:40.57RST38hrm_code: Could you quickly add Nokia's own harmattan repos to the packrat?
18:41.24RST38hrm_code: as a static list whose contents are loaded before wiki is mined for the rest of repo addresses?
18:41.25DocScrutinizerjavispedro: nah, according to djszapi I was just making up all that
18:42.13rm_codeRST38h, i had problems doing that  because they require auth
18:42.35DocScrutinizerthere is no such thing like a dedicate suicide function in aegis!!1!1!!11
18:42.39Sputcan the device recover from self-destruction somehow, or is it permanently bricked then?
18:42.55RST38hrm_code: Oh, true
18:43.03RST38hrm_code: But not all of them, I think
18:43.06rzri also noticed the device wont ring too
18:43.17rm_codeRST38h, this is how i add custom repos:
18:43.33rm_code<PROTECTED>
18:43.33rm_code<PROTECTED>
18:43.33rm_code<PROTECTED>
18:43.41DocScrutinizerSput: reflash
18:43.51SputDocScrutinizer: ok. so data loss, but not beyond salvation
18:43.58DocScrutinizeryup
18:44.10Sputthat's... reassuring
18:44.18SputI keep backups in Ovi Suite anyway :)
18:44.29npmrzr -- yes
18:44.49DocScrutinizerSput: though I was willing to believe this suicide-bomber has several different assault modes
18:44.52javispedroDocScrutinizer: for next time -- it's official name is "MALF"
18:45.00javispedro(the self destruct feature I mean)
18:45.05npmrzr : Aug 23 20:01:57 (none) nped[1370]: i2c_write: Remote I/O error
18:45.08npm??
18:45.13DocScrutinizersbin/malf --final
18:45.15rm_codenpm, is there a newer qmltube? it stopped working recently
18:45.35DocScrutinizersbin/malf --just-a-little
18:45.50RST38hrm_you: yea, that is one way to do it :)
18:45.53npmhttp://nielsmayer.com/meego/qml/qmltube_1_11_1_armel.deb <-- rm_code
18:45.55DocScrutinizersbin/malf --solid-fsckup
18:46.04*** join/#harmattan mikhas (~michael@p4FC23A7F.dip.t-dialin.net)
18:46.10rm_codenpm, k thx :) is that a valid repo?
18:46.14npmno
18:46.15rm_codenpm, if so i can add it to packrat
18:46.18rm_codeah k
18:46.25rm_codeif you want me to add your package to my repo i can
18:46.31rm_codeit will be packrat indexed
18:46.41DocScrutinizerit fails to hit me how such a suicide-function is "to protect the user"
18:46.56npmlet me know if that version works for you and if so, then please add to repo
18:47.30npmthere's also a more in progress meego ux version http://nielsmayer.com/meego/qml/qmltube-1_11_1-1_i586.rpm
18:47.39npmwork in progress that is
18:48.36rm_codehow usable?
18:52.46rm_codenpm, looks working
18:52.57rm_codedownloads are actually moving instead of failing :P
18:52.59rm_codeadding to my repo
18:54.34DocScrutinizerjavispedro: less /etc/init/check_malf.conf; thanks for pointer mate
18:55.05DocScrutinizer<PROTECTED>
18:55.06DocScrutinizer<PROTECTED>
18:55.08DocScrutinizer<PROTECTED>
18:55.21DocScrutinizerI bet this will look like my photo
18:55.22rm_codewtf is malf
18:55.29DocScrutinizermalfunction
18:55.36Stskeepsthat it 'malfunctions'
18:55.36rm_codeah
18:55.36DocScrutinizeraegis suicide-bomber
18:55.42Stskeepsnah, it's older than that
18:55.50*** join/#harmattan lcuk (lcuk@cpc2-oldh7-0-0-cust702.10-1.cable.virginmedia.com)
18:55.50*** join/#harmattan lcuk (lcuk@Maemo/community/contributor/lcuk)
18:55.52Stskeepsbut aegis can indicate malf, yeah
18:56.00rzrnpm: i can reboot to double check
18:56.29rm_codeso can you just bind something over that file that always indicates no malfunction? :P
18:56.38DocScrutinizerI bet editing /etc/init/check_malf.conf will trigger MALF ;-P
18:56.38npmrm_code: thanks... what's your email incase i have an update?
18:56.47rm_codenpm, check for my notice
18:56.59npmok
18:58.46DocScrutinizerhehe /etc/init/check_malf.conf, I feel venturous today
18:58.53SpeedEvilIn principle the 'flash now' screen is good - if it detects stuff right - rather than just silently and confusingly failing.
18:59.02DocScrutinizeractually /usr/sbin/check_malf
18:59.43DocScrutinizersay goodbye to my N950 :-D
19:00.39rm_codeDocScrutinizer, find "good" output of /var/malf, then put that into a file "good_return" and bind it over /var/malf :)
19:01.33rzrnpm: no i2c err this time
19:02.03DocScrutinizerrm_code: I gather no output is a good output, actually:
19:02.06DocScrutinizerelif [ -G /var/malf ]; then
19:02.08DocScrutinizer<PROTECTED>
19:02.09DocScrutinizer<PROTECTED>
19:02.12rm_codeah
19:02.15rzr+Aug 23 21:04:54 (none) applifed[847]: Application 'Com.Nokia.Telephony.CallUi' released from prestarted state, count=1
19:02.28rzr+Aug 23 21:04:56 (none) cellular: csd[587]: com.nokia.csd.GPRS: service suspended, status=8
19:02.35rzr+Aug 23 21:05:02 (none) kernel: [  248.555328] cmt_speech cmt_speech: Write pending on data channel.
19:02.48DocScrutinizerRM680-22-6_PR_RM680:~# /usr/sbin/check_malf --help
19:02.50DocScrutinizerRM680-22-6_PR_RM680:~#
19:02.52DocScrutinizer:-S
19:03.19rm_code:P
19:03.21DocScrutinizerman check_malf *ENTER*
19:03.53DocScrutinizer$#!!\¿¿!##@@!
19:03.55rzrls -l /var/malf
19:03.56rzrls: /var/malf: No such file or directory
19:04.12javispedrothere's a set of startup files that should be both a) existing b ) validated by aegis, otherwise -> MALF.
19:04.34javispedroiirc that included, obviously, malf itself.
19:04.40DocScrutinizer(sorry djszapi)  FSCK aegis!
19:04.54javispedroDocScrutinizer: did it self destruct again?
19:04.55rm_codeyeah but if it uses check_malf to do the check
19:05.01DocScrutinizernot yet
19:05.14DocScrutinizerbut doesn't reveal any bit of info either
19:05.24rm_codeyou should be able to make a new version of check_malf that only returns clean status?
19:06.23DocScrutinizerI'd maybe test to edit /etc/init/check_malf.conf but it seems to me I already know what's going to follow
19:06.33DocScrutinizereither FSCK!!!! or MUHAHAHAHA
19:06.57rm_codebrb
19:08.54DocScrutinizerthough::::  >>-G FILE        True if the file is effectively owned by your group.<<
19:09.53DocScrutinizercreate /var/malf with another group, with another owner, set 444
19:10.18DocScrutinizerso nobody can overwrite it
19:11.05DocScrutinizerneither anybody changes effective group of that file
19:13.57DocScrutinizerprobably aegis' cerberus will make damn sure this file gets created with proper effective group no matter what's been there before
19:14.02rzri think i got more info to share
19:14.06rzrMAssembly: Stylesheet missing "/usr/share/themes/base/meegotouch/libminputcontext/style/libminputcontext.css"
19:17.18DocScrutinizer>>couldn't open page \n Request to open non-local file file://usr/share/images/malfNOK_en_GB.bmp<<
19:17.32rzrMAssembly: Stylesheet missing "/usr/share/themes/base/meegotouch/libSignOnUI/style/libSignOnUI.css"
19:17.36DocScrutinizersomehow microB was way nicer
19:18.25DocScrutinizerWTF /usr/sbin/enter_malf
19:19.09DocScrutinizerln -s /usr/sbin/enter_malf /usr/sbin/suicide-bomber
19:20.42DocScrutinizerSput: if you're curious I suggest you ask /usr/sbin/enter_malf --help to find out if it has a parameter to determine severity of self-destruction ;-P
19:21.25DocScrutinizerit will either tell you about possible options, or demonstrate it doesn't take any options
19:21.42*** join/#harmattan leinir (~leinir@amarok/usability/leinir)
19:22.26DocScrutinizeralso reassuring: /lib/dsme/malf.so
19:23.45DocScrutinizer"we had to restart browserd 10 times! MALFUNCTION DETECTED! please try to reflash, if that fails please visit your local Nokia service-center" heh just kidding?
19:24.20Stskeepsthat usually shows a deeper problem
19:24.29DocScrutinizerI'd say /etc/init/check_malf.conf has to die
19:28.10DocScrutinizerStskeeps: if there is a "deeper problem" then I'd prefer to try and investigate for myself, rather than check_malf suggesting I should reflash (thus nuking all forensic evidence about the actual problem) and to make sure I do it locks the device
19:28.56StskeepsDocScrutinizer: no arguments there
19:30.59javispedrotriggers a harmattan gcc bug
19:31.25javispedroand sadly removing the snippet from its context makes it disappear
19:32.07javispedroint type = (byte & mask) ? 1 : 0; printf("%d\n", type) --> "16" :D
19:32.57javispedroif I replace the ternary with an if...else, still fails. If I add two printfs to check with if branch it decides to take, it works.
19:33.00DocScrutinizerUGH
19:33.05javispedros/with/which/
19:33.06Stskeepsancient toolchain there, too
19:33.29javispedroinfobot: shut up!
19:33.29infobotget lost, jerkoff
19:35.05DocScrutinizerint type; int check = (byte & mask); type = check ? 1 : 0;
19:35.57DocScrutinizers/int check/char check/.
19:36.08*** part/#harmattan CepiPerez (~matias@190.221.197.126)
19:36.13javispedroDocScrutinizer: seems to work
19:36.27DocScrutinizerparsing sequence error?
19:36.50javispedrothinks it is optimizing something
19:37.03DocScrutinizerint {type = (byte & mask)} ? 1 : 0
19:37.12javispedronah, byte & mask is 0 btw.
19:37.13rzrnpm: I got it back
19:37.19javispedrofor each value of mask in the loop.
19:37.21rzrnpm: I had to kill it
19:37.25javispedro(checked with printf too)
19:37.36rzrnpm: killall -9 call-ui && killall -9 call-ui &&  killall -9 call-ui ; even once rebooted
19:37.39DocScrutinizerhmm, hoped it's 16
19:38.10DocScrutinizerlet's call it a bug, and get some club mate aka hackerbrause
19:38.13javispedroDocScrutinizer: it's in a loop, mask is 0x1, 0x2, ..., 0x16, .. , 0x128
19:38.32javispedroerm
19:38.36javispedros/0x16/0x10 ;)
19:38.51javispedros/0x128/128 ;) ;)
19:39.22DocScrutinizer0x7F
19:39.28DocScrutinizererr
19:39.38DocScrutinizer0x80
19:39.48*** join/#harmattan djszapi_ (~lpapp@84-231-18-239.elisa-mobile.fi)
19:39.50DocScrutinizerneeds a shower, URGENTLY
19:40.00DocScrutinizer~weather EDDN
19:41.30javispedroapplies DocScrutinizer's change and calls it a day
19:42.10DocScrutinizerdon't forget to claim your free towel for reporting the bug against gcc
19:44.00*** part/#harmattan smoku1 (~spectrum@xkh0g2.infr.xiaoka.com)
19:45.13DocScrutinizergrr he's gone - just when it hits me I once heard something was odd about ternary
19:49.56lardmanevening all
19:50.16*** join/#harmattan antman8969 (~anthony@pool-96-239-32-4.nycmny.fios.verizon.net)
19:50.39lardmanso I'd like to at runtime generate/use a random QML component that will be provided by a plugin; how do I get this component to display in my main QML view?
19:51.21lardmanmain code is C++ with QDeclarativeEngine etc, and the plugin will also be C++ and generate a QML component
19:51.59lardmanthe question is whether I need to use some javascript code to create the component from the C++ plugin, or whether I can do this all in C++?
19:52.27DocScrutinizerhi lardman
19:52.38lardmanhey Doc
19:53.40DocScrutinizerhave fun with your demanding concept of dynamic QML ;-D
19:54.03lardmanis not particularly pleased
19:54.14DocScrutinizerprobably you'll have to learn how the guts of QML work to get an answer for this question
19:54.24lardmanporting from dynamic QWidgets is not all that much fun
19:54.37antman8969let me make sure I understand what you're asking.... you just want to know what you need to make a qml plugin?
19:54.52lardmanno not really
19:55.03DocScrutinizer*dynamically* make a plugin
19:55.16DocScrutinizeraiui
19:55.17lardmanI've got the main mBarcode code, which is a C++ class to wrap the functionality plus QML code to provide the ui
19:55.38lardmanthen I have lots of plugins, each of which needs to display a QWidget that it populates with whatever it wants
19:55.57lardmane.g. buttons to do some action, some labels to describe the contents of the barcode, etc. etc
19:56.06lardmanthe question is how to get that QWidget into the main QML code
19:56.42lardmanand whether that should be done by using a QDeclarativeView, whether an app can have more than one QDeclarativeView, etc.
19:56.51antman8969is this link useful? http://doc.qt.nokia.com/4.7-snapshot/qml-integration.html
19:56.58DocScrutinizeron Qt plain it'd be pretty easy
19:57.01lardmanor whether to load the plugin's QML file dynamically using Javascript
19:57.20lardmanDocScrutinizer: yeah in C++ code it all worked fine
19:57.31lardmanantman8969: looking now
19:57.41antman8969i THINK thats what you want...
19:58.18antman8969I know it warns you that it's "slower" to use QDeclarative view (for starting up) but I think you should test it and see how much slower it actually is
19:58.24antman8969especially on the n950 hardware
19:58.31lardmanhmm, I think that's a way of wrapping your entire application
19:59.04lardmanoh I see, I can do  QGraphicsObject *object = qobject_cast<QGraphicsObject *>(component.create());
19:59.16antman8969the last section
19:59.16antman8969yea
19:59.29DocScrutinizerwell it's half the rent
19:59.41DocScrutinizeryou can call QML from Qt
20:00.00DocScrutinizernow you need to integrate this Qt/C++ code to QML
20:00.31lardmanyeah I know you can manipulate from both sides, but that then means they are pretty intertwined, which is the whole thing QML is supposed to get away from I thought
20:00.34DocScrutinizerbut actually better ignore me, I have NFC about QML and not much revent experience with Qt either
20:00.42lardmanlol
20:00.52antman8969lol
20:01.02antman8969I agree lardman, I would want to stay away from controlling QML from Qt
20:01.08antman8969from C++ rather
20:01.10lardmanI'm still a bit fuzzy about how I should place the component I create too
20:01.29lardmanwith C++ I could generate a QWidget in my plugin, pass it back and have the main code put it somewhere
20:01.38lardmanI guess I could achieve that with Javascript
20:02.00antman8969The entire point of using QWidget in your application is... you already have a working version and don't want to rewrite?
20:02.31lardmannot quite, I've altered the app quite a bit, but basically the plugin needs to pass back some component that will be self contained and displayed
20:02.32Sputlardman: also relying on QGraphics* is a bad idea, as that's going away in Qt5
20:02.45Sput(not the actual QGV stuff, but QML no longer will be based on it)
20:02.51lardmanso it's not currently a QWidget, I'm just using that as I'm familiary with the C++ terminology
20:03.06lardmanSput: ok, all the more reason to not go that route then
20:03.10antman8969if thats the case, then I'd obviously recommend QML lol
20:03.23lardmanantman8969: yeah but the plugin is C++
20:03.32Sputyou can always use QDeclarativeItem
20:03.41antman8969you can make plugins available too, and just have the QML talk to the C++ for the data you need
20:03.45Sputjust don't assume that that's based on QGV in the future
20:04.12lardmanSput: so the plugin can return a QDeclarativeItem in C++, and then somehow have that created from the main code?
20:04.36Sputyou can use a QDeclarativeItem implemented in C++ as a normal Item element in QML
20:04.48antman8969is this mbarcode reader lardman?
20:04.54lardmanantman8969: yeah
20:05.19lardmanSput: ok, but when I write the main code I don't know what the component will be called, that only happens at runtime
20:05.52antman8969thats why I would rather just use the plugin to deliver a model or data. You can dynamically create QML delegates as you need to much easier
20:06.35lardmanantman8969: the plugin needs to decode the barcode contents e.g. for a vCard work out what the fields mean, and present that to the user
20:07.12antman8969well, does it HAVE to do all of that? or can it just decode, pass a model to QML and then have a ListView (or something similar) display the data to the user
20:07.16lardmanseems a bit clunky to generate a QString filled with QML code to create the component to be displayed, is that what you're suggesting?
20:07.38antman8969not rly
20:07.50antman8969you can make a QAbstractListModel type class if you wanted
20:07.58lardmanantman8969: well there are lots of options of course, that was what the old version did, but it would be nicer for the user to be presented with a decoded view of the payload imo
20:07.59antman8969and then use it in one of the builtin ListViews of qml
20:08.30antman8969I guess I don't see why that isn't possible with my suggestion, just a different type of data being passed to QML
20:08.50lardmanalso things like vCards can contain email addresses and urls, it would be useful for the user to be able to open these or to import the whole thing, etc. the choice should be left up to the plugin writer
20:09.20lardmanso what about a geo: payload, showing a map location?
20:09.47lardmanit would be good to show a map with a pin, rather than just a couple of lines of description of lat/lon
20:10.03antman8969right
20:10.33lardmancertainly when I was sketching out the code I was planning a multiline label, but that's not very nice to look at or use
20:10.34hardakermarble is supposedly embeddeblae fairly easily.
20:10.42hardakerbut I haven't tried it.
20:10.45antman8969i've not used QtMobility form QML yet, but thats where the maps stuff is I think. As long as QML at some point gets the lat/lon, you can bring up a map to display it.
20:11.14antman8969you can also separate the plugins functionality. You can use c++ code without making it a plugin too
20:11.31lardmanantman8969: I don't want the main code to have to handle every possibility for what to display though, I'd like the plugin to generate its own QML component to display and handle any interaction
20:11.32antman8969you can have your map function called from QML after the QML receives the data from the decoded barcodes (from your plugin)
20:12.19antman8969so it's more of a "mbarcode" plugin than a series of "docoder" plugin, "map" plugin etc...
20:12.30antman8969well, you know that theres really on right way
20:12.38antman8969I just like to keep everything separate as much as possible
20:12.43lardmanah slight misunderstanding here, the main code accepts the decoded barcode data as a string, then it passes it to the plugins which decide which can handle the payload best
20:13.09antman8969now, when you say "main" code, you mean qt c++ code? or code in main()
20:13.25lardmanmain code is the Qt C++ code with a QML ui
20:13.40antman8969mm
20:13.47lardmanso main as opposed to plugin codes
20:14.39lardmanthe reason for plugins is that some payloads can contain a number of different content types. E.g. a vCard could contain both the cVard and as fields an URL an email telephone numbers, etc.
20:14.53djszapi_Sput: Did you find a solution for your issue after all ?
20:15.10Sputdjszapi_: haven't had the time today to play with the SDK :/
20:15.16lardmanso each plugin will look for something it can handle in the string it is passed, and then they are ranked such that if a vCard is detected that will be displayed, rather than just the URL, etc
20:15.19SputI took note of the hint and will try soon
20:15.23DocScrutinizerlardman: ( don't want the main code to have to handle every possibility...) fair enough, as the plugin even might want to use a custom made widget
20:15.28antman8969right lardman. I've never worked with barcodes to I could be missing something btw. But
20:16.03antman8969thats where MY plugin's job would end, decode and then thats all. Making it responsible for so much as to include generating the UI is daunting
20:16.37lardmanantman8969: the barcode decoding is now handled by a daemon called PhotoAnalyser which sits and scans new photographs
20:17.00lardmanthat then sends a DBus message if it sees a barcode; mBarcode then wakes up (or is started) and handles the payload of the barcode
20:17.28lardmanso mBarcode now really is only focussed on doing something with what was in the barcode, rather than with the scanning and decoding parts
20:18.09antman8969ok, just let's say I scan a barcode with a vcard in it. can you tell me what happens to that data after it's decoded
20:18.12antman8969in your model
20:18.14lardmanthis also means that PhotoAnalyser can perform more than just barcode extraction, e.g. text extraction and translation would be quite doable
20:18.33lardmanantman8969: it's decoded and the string is sent over DBus to mBarcode
20:18.57antman8969and from there
20:19.02DocScrutinizerlardman: do you need to place the plugin's GUI inside the main window? It could open its own window?
20:19.12lardmanmBarcode then sends that data to each of its plugins, waits for them to all reply whether they can handle the barcode type and payload or not and then asks the highest priority one to return a widget for display
20:19.43lardmanDocScrutinizer: better inside the main UI, as thay houses the history list and a centralised settings page, etc
20:19.53lardmanalso fewer open windows is better imo
20:20.05antman8969oooh, the plugins main job IS to make the widget, I thought it was doing much more...
20:20.06DocScrutinizeryeah, sure
20:20.42lardmanantman8969: it makes the widget, then waits for the widget to ask it to do something - e.g. add the vCard, open a URL/email/etc
20:20.54lardmanbutton presses, etc
20:21.05antman8969mm
20:21.08*** join/#harmattan cpscotti (~cpscotti@170.72.125.91.rb4.adsl.brightview.com)
20:22.42antman8969I would still end up using QML and Javascript for most things... If you were going to use your plugins then you need to figure out how to make them available... but you know that already lol
20:22.58lardmanok I reckon I can do the following - return a QDeclarativeItem from the plugin, plus its name; send that by way of a signal to the QML code that is attached to my main mBarcode object (which is exposed to QML), then have some javascript code create the plugin-created item in the main QML "view"
20:23.17djszapi_SpeedEvil: What was your issue about aegis and maps ?
20:23.54antman8969lardman that sounds good. And from that it sounds like you already know that you can send signals from Qt and catch them in QML
20:24.16lardmanantman8969: yeah I've read that stuff, seems quite straight forward... hopefully ;)
20:24.23lardmanbbiab
20:25.14antman8969wouldn't be bad at all. You wouldn't need much javascript either, just something like
20:25.33antman8969onSignal: loader.sourceComponent = myPluginItem
20:25.40antman8969and have a loader as the main comp for that screen
20:28.49DocScrutinizerlardman|afk: what about doing *all* QML wrapped into this QDeclarative wrapper and control it from C++ main()
20:29.19DocScrutinizerlardman|afk: not only plugins but also your main code's GUI
20:30.18djszapi_jkt: use develsh for strace.
20:32.12DocScrutinizerdjszapi_: can you tell me _when_ a process gets assigned its credentials/tokens/capabilities? As in "the posix capabilities are derived from aegis and set to kernel on (2) execve()
20:32.15DocScrutinizer"
20:32.51DocScrutinizeror is it just the harmattan launcher that does this?
20:33.38SpeedEvildjszapi_: I cannot for some reason on my device create a new nokia account. This may be an unrelated bug - however, when I attempt to do so, I get no network traffic - just 'unavailable' - I forget the exact error. Someone elses comment lead me to believe it was possible that all account verification is done through aegis.
20:33.49DocScrutinizeror maybe even (2) fork() ?
20:35.25SpeedEvildjszapi_: I hypothesised that somehow the chain of trust is broken on my device, leading to aegis reporting a failure creating/obtaining a key or something, which manifests in 'can't open account'.
20:36.16SpeedEvildjszapi_: It could of course be something else - but if this is true, it indicates what might happen with an unapproved kernel. I haven't been screwing with the kernel however. Can't create account = can't access maps or drive.
20:36.38djszapi_SpeedEvil: You are using tha Harmattan image ?
20:36.38antman8969speedevil, have you tested the theory with other account creations?
20:36.45SpeedEvildjszapi_: I'm using the most recent publically available image.
20:37.15djszapi_SpeedEvil: if it is not custom kernel, could you please send me the scenario how it is supposed to be reproducible ?
20:37.33SpeedEvildjszapi_: No, as it's apparantly not for anyone else.
20:38.14SpeedEvilFlash device - connect to 3g internet - attempt to add nokia account -> service unavailable
20:38.49*** join/#harmattan trollet (~trollet@p4FFC9951.dip.t-dialin.net)
20:38.56DocScrutinizerhttp://www.developer.nokia.com/bugs/show_bug.cgi?id=234
20:39.01djszapi_SpeedEvil: no idea about the account verification and how they implemented it. You might need to ask the developers of the application.
20:39.01npmrzr -- perhaps i did the same as your " killall -9 call-ui && killall -9 call-ui &&  killall -9 call-ui " when i did a "close all" in app manager
20:39.14*** join/#harmattan Stecchino_ (~bart@d54C095CD.access.telenet.be)
20:39.58DocScrutinizerSpeedEvil: djszapi_: ^^^ this ticket is about that issue
20:41.09SpeedEvilAdding a facebook account works
20:41.24SpeedEvilI forgot about my facebook account, as it's in a fake name, and I don't use it.
20:42.02*** join/#harmattan npm (~npm@cpe-76-90-30-220.socal.res.rr.com)
20:42.40djszapi_SpeedEvil: but at any rate, if it is any security "related", it is related to the application and their misusage of the security framework. It is not us how wrote the application. :) Feel free to prove me wrong with logs, outputs.
20:42.46SpeedEvilAfter adding FB account, try to add nokia account in the same way.
20:42.56SpeedEvil'service currently unavailable'
20:42.57djszapi_SpeedEvil: It seems to work here.
20:43.04SpeedEvilFor most it works.
20:43.33SpeedEvilThere are no docs as to the seciruty framework, and how it interacts with apps (that I've seen), so I'm guessing.
20:43.40DocScrutinizerSpeedEvil: try deleting all cookies
20:43.56djszapi_SpeedEvil: try to grep for aegis in syslog.
20:44.04SpeedEvilDocScrutinizer: I reflashed
20:44.08antman8969does harmattan use the same flasher utility has the n900? flasher-3.5 or w/e
20:44.10SpeedEvilA couple of times - with no results.
20:44.15DocScrutinizerand it still fails :-/
20:44.18DocScrutinizerhmm
20:44.47rzrdoes it worth to be reflashed ?
20:45.05DocScrutinizerantman8969: no
20:45.08djszapi_antman8969: imo nope
20:45.09DocScrutinizernew flasher
20:45.17antman8969just saw from the site.. thanks
20:45.31antman8969556 mb download...
20:45.42DocScrutinizeryup, sounds correct
20:45.52DocScrutinizerone_click_flasher
20:45.56djszapi_so small ?
20:46.44DocScrutinizerwell, these 556MB is all we get for N950 ;-D
20:47.06DocScrutinizerno angry birds in there ;-)
20:47.26antman8969lol
20:48.03SpeedEvildoesn't see any clearly obviously smoking guns in syslog.
20:48.07SpeedEviltries rebooting.
20:48.13djszapi_SpeedEvil: issues relevant to missing credentials and capabilities are normally reported in syslog (not 1:1, but yep).
20:48.49DocScrutinizerI hnestly doubt that nokia account issue is related to security at all
20:48.54djszapi_if there is nothing in syslog, it is probably not aegis issue
20:49.01SpeedEvilOk - thanks - that's useful.
20:49.06djszapi_DocScrutinizer: everything is related ;-)
20:49.07SpeedEvilI question what the hell it can be though.
20:50.13*** join/#harmattan vgrade (~martinbro@cpc2-nrte22-2-0-cust128.8-4.cable.virginmedia.com)
20:50.15DocScrutinizercreating a nokia account seems a web service (more or less), and it also seems that account management is kinda messed up even when you try to access it via firefox from your PC
20:50.44SpeedEvilDisentangling between poorly understood security infrastructure, old bugs that are possibly fixed by now, and PEBKAC is fun.
20:51.05DocScrutinizerindeed
20:51.12djszapi_mmm, javispedro did not know how the inheritance works for the capabilities, that is simple to clarify, there is an add policy, that is
20:51.45DocScrutinizerthinking about it I never *created* an account on N950, I just used an already existing account's credentials
20:52.18SpeedEvilI've tried both, neither worked.
20:52.25DocScrutinizerand that worked after reflash or maybe unrelated to that, and since then maps and drive are ok
20:52.33djszapi_SpeedEvil: Yes, it can be frustrating, and that is why I am trying to help with where I can ;-)
20:53.02DocScrutinizerI think trying to create an account drops a cookie that taints your system soo nothing will work from then on
20:53.24SpeedEvilBut drops a cookie somewhere that survives flashing???
20:53.31DocScrutinizerno
20:53.48SpeedEvilThat's part of the reason I was wondering if it was some secure storage area that the user can never touch.
20:53.57DocScrutinizeras mentioned above it worked for me after flashing. Also for somebody else on that ticket
20:54.09SpeedEvilYeah - that's what confused.
20:55.41SpeedEvilAug 23 21:51:50 (none) mission-control-5[794]: GLIB CRITICAL ** default - ag_account_get_selected_service: assertion `AG_IS_ACCOUNT (account)' failed
20:55.43SpeedEvilhmm
20:55.55DocScrutinizermaybe you also need to log out from your account and related sites on all your other devices prior to this thing working on N950, who knows. Similar advice regularly given by quim et al for developer.nokia.com and the launchpad
20:56.13SpeedEvilI'm not logged in on any devices on that account.
20:56.54djszapi_DocScrutinizer: system kernel is not execve, nope.
20:57.09djszapi_not even fork and friends.
20:57.28rzrdjszapi_: still on kde ?
20:57.28DocScrutinizerno idea honestly. You'd think somebody who has better access to the source and to debugging tools should answer on http://www.developer.nokia.com/bugs/show_bug.cgi?id=234 eventually
20:57.47djszapi_I.E. will e.g. a (true, non busybox) shell command inherit the shell's capabilities, or are the freshly defined? -> it depends, it is not that simple.
20:58.07DocScrutinizeryeah, that's why I ask
20:58.08lardmanantman8969: exactly
20:58.10djszapi_it is not a comprehensive yes/no answer.
20:58.38djszapi_javispedro was basically asking the same. The key point is the add policy here.
20:58.52lardmanDocScrutinizer: the problem with controlling the QML from the C++ is that it goes against the idea of separating the C++ and QML code, afaiu
20:59.01djszapi_rzr: sorry ?
20:59.07DocScrutinizerunless I at least understand WHEN aegis kicks in, I never can wrap my head around how it works at large
20:59.49mikhaslardman, huh?
21:00.06lardmanmikhas: sorry, reply from a little earlier
21:00.08antman8969convo from 20 mins ago mikhas lol
21:00.13DocScrutinizerI'd guess there should be a list of (kernel) functions that are actually aegified
21:00.25mikhashow is exposing a C++ property to QML or a show request for certain views from the C++ side a violation of the separation?
21:00.50mikhasin both cases, C++ side would exert control over UI
21:00.51SpeedEvilWell - that was a bust - nothing in syslog for attempting to login to account.
21:01.09lardmanmikhas: That's not, though the latter is more so unless you use a signal afaiu
21:01.14djszapi_DocScrutinizer: sorry ?
21:02.34DocScrutinizerdjszapi_: I know how posix capabilities and geneal permisions are handled on a "normal" system. Where does a aegified system differ, regarding inheritance of these permisions from one process to another?
21:03.47djszapi_DocScrutinizer: add policy is the key here.
21:03.54DocScrutinizeron a "normal" system a child always inherits the permissions of parent process. Seems for aegis this doesn't apply anymore
21:04.13SpeedEvilhttp://www.slideshare.net/reshetov/maemo-platform-security-fosdem
21:04.13djszapi_of course not.
21:04.23SpeedEvildjszapi_: Is that somewhat acccurate and useful now/
21:04.32djszapi_SpeedEvil: quite old.
21:05.45SpeedEvilSure. Is it representative, though old, or essentially useless.
21:05.54DocScrutinizeras I understand it aegis tokes are bount to fully qualified pathnames of executables?
21:05.54SpeedEvilIn the absence of any other docs
21:06.04DocScrutinizerbound*
21:06.48djszapi_DocScrutinizer: I cannot answer with yes/no, it is not that simple
21:06.52djszapi_sometimes, yes, sometimes not.
21:07.29DocScrutinizerI didn't ask for a yes/no answer
21:07.30djszapi_SpeedEvil: I guess it is useful since it does not require too much time to go through :)
21:08.23DocScrutinizeractually I guess it'd be pretty hard to find out about how aegis works by just asking questions that can get answered by yes/no
21:08.41djszapi_DocScrutinizer: the context is typically a use case when you do not specify a path which is a bit sad in my opinion and I wanna work on it to fix that up.
21:08.50DocScrutinizerit will need a bit more of an explanation answer
21:09.27djszapi_it does not cause any issue (at least I cannot mention any scenario), but in theory, it is not nice that way in my opinion.
21:12.35DocScrutinizerdjszapi_: I have a hard time understanding your info bits. Could you go thru an example, let's say "user shell invokes `nano /etc/init/check_malf.conf` ",  and you step by step explain when aegis kicks in and in which way?
21:12.39djszapi_ajalkane_: "But Aegis can be disabled by installing custom kernel if I've understood correctly?" -> It is not yes/no question either. :) If you turn out the user space part of aegis, the application using the user space aegis libraries will stop working of course.
21:13.03djszapi_ajalkone_: but yeah, you can do anything with a custom kernel for sure ;)
21:14.55djszapi_DocScrutinizer: you wanna understand the point, not the background aegis implementation in order to get rid of this as soon as possible.
21:15.05DocScrutinizerI'd gather first thing that happens is shell tells kernel to load and execute the nano binary (simplified picture), and I wonder if aegis already kick in there and what exactly it does
21:16.08DocScrutinizerdjszapi_: I don't want to get rid of anything asap
21:16.30DocScrutinizerI want to understand how I can make things work under aegis
21:17.05SpeedEvildjszapi_: Is there a way to make aegis dump lots of informatio to syslog, when for example apps use the secure storage.
21:17.06djszapi_It is a big improvement to let us just disable aegis ;-)
21:17.46DocScrutinizerI'm not here to discuss improvements
21:18.45djszapi_SpeedEvil: you will have relevant messages, if it is an aegis issue. It is not about that aegis does not talk more about the issue category. There seems to be no aegis issue at all.
21:18.50*** part/#harmattan crevetor (~antoine@bureau.ubity.com)
21:19.13SpeedEvilI'm not disagreeing with that - I mean for other things.
21:19.16DocScrutinizerI want to learn if it's theoretically possible to gather enough info about how aegis works to allow a developer to actually get work done despite aegis. If this includes disabling aegis for developer mode, for convenience purposes - fine.
21:19.45djszapi_DocScrutinizer: wait for the next SDK Documentation then I guess.
21:20.06lcukwaves @ djszapi_
21:20.15DocScrutinizerif it means there's proper info on getting stuff done with aegis enabled - also fine
21:20.25djszapi_SpeedEvil: Could you tell me a use case what you are interested in ?
21:20.41djszapi_DocScrutinizer: *nods*
21:21.39SpeedEvilI want to see what apps are storing stuff in secure mode, and what are just using normal files. Ideally.
21:23.12djszapi_not getting the question
21:24.28djszapi_what do you mean by "secure mode" ? (if hash calculation, then everything, if integrity protected as well, that is a different matter)
21:24.30DocScrutinizerfor now what we got on aegis documentation is a draft of an introduction, with statements like >>When your application is launched, the credential information defined in the file is passed on to the system kernel.<< being all that's there to explain when and how aegis kicks in precisely. This isn't enough to understand if a fork()&execve() child process will nherit my parent process' credentials and permissions or get arbitrary new
21:24.32DocScrutinizercredentials applied
21:27.05DocScrutinizerand if functions as of man 2 * don't work as I'm used to, I feel rather uncomfortable with developing on such a platform
21:28.52djszapi_man 2 gives you an upstream linux kernel based man page meanwhile harmattan is not upstream. Not sure how this came out from that. Different kernel can have different operations.
21:29.24*** join/#harmattan seif (~seiflotfy@ip-95-223-13-104.unitymediagroup.de)
21:29.34DocScrutinizerthe bare minimum I'd expect is a list with (kernel/system) functions that have changed semantics on aegis, and an explanation what's the new function
21:30.56djszapi_for your implementation, code-wise interest, I recommend the libcreds2 library.
21:31.03DocScrutinizerthat's when I start to ask "how is aegis working?"
21:31.13DocScrutinizerthanks
21:31.48djszapi_not sure I understand your post. If you know how ioctl works, you know it is easy to extend with specific ioctl calls.
21:31.58DocScrutinizeryesyes
21:32.29djszapi_it is just an argument on userspace side, and some small snippet on the kernel side.
21:32.33DocScrutinizerif I know aegis intercepts/redefines/re-implements ioctl, then I've got one answer already
21:33.22DocScrutinizerI'll need to learn about new aegis related functionality of ioctl and then I'm a bit wiser
21:34.23djszapi_learn libcreds2 as said
21:34.41djszapi_http://meego.gitorious.org/meego-platform-security/libcreds2
21:34.42DocScrutinizerif one day I can say "look this is a comprehensive list of functions that are modified by aegis, it starts with ioctl as that's been the first one I learnt about" then my questions are completely answered I guess
21:35.20DocScrutinizermany thanks :-)
21:35.25djszapi_first tweak can be to look for ioctl in the project, for instance.
21:37.28djszapi_DocScrutinizer: no, aegis does not reimplement ioctl. Aegis uses the flexible ioctl which has been working for ages ;-)
21:39.01djszapi_actually, we wanted to push libcreds as an upstream project since it is a good idea for credential purposes. The idea is not tied to Nokia specific project, it is generic enough.
21:39.53DocScrutinizerseems it's hard to explan what it actually does though ;-)
21:40.03DocScrutinizerexplain*
21:41.05djszapi_why explain if it is well documented ? That is why we documented it..
21:41.32DocScrutinizerwell, then explaining is as simple as dropping an URL, no?
21:41.50djszapi_http://meego.gitorious.org/meego-platform-security/libcreds2/blobs/master/sys/creds.h -> It is actually a very well documented library.
21:43.42djszapi_Altought, we might remove the audit, that is a bit historical thing over there.
21:44.51djszapi_I think I was even working on a libcreds2-qt interface to make it higher level
21:45.20djszapi_but basically you might need the librestok, refhashutil and all jazz from there to your "complete" picture.
21:45.56djszapi_aegis basically starts operating from the installation over the dpkg wrapper anyways, so you might wanna take a look at the dpkg wrapper code as well (5-6000 perl LOC).
21:47.34djszapi_before saying perl is not secure enough: true :) That is why we have our own perl version.
21:47.44*** join/#harmattan eman (~eman@124-149-161-113.dyn.iinet.net.au)
21:48.43DocScrutinizerindeed, the comments in creds.h are maybe quite good for somebody that already got an idea what all this is supposed to do and how it's supposed to work. It's not exactly a press info paper explaining what this all is about, how it works by a rough sketch of things, and what are the advantages why anybody should "buy" it
21:49.10djszapi_that is the matter of the SDK documentation.
21:49.32djszapi_for the developers, for users: brochures I guess :)
21:50.11DocScrutinizeryup, and it's good on that. Nevertheless there's a gap between where that SDK stuff ends and where the creds.h starts
21:50.14*** join/#harmattan smoku (~spectrum@xkh0g2.infr.xiaoka.com)
21:51.17djszapi_yeah, the public.
21:53.46DocScrutinizerI think I can imagine what the dpkg wrapper does, roughly. What I don't know is how aegis interacts when run >> RM680-22-6_PR_RM680:~# nano /etc/init/check_malf.conf <<
21:55.29DocScrutinizerand you'd think it should be possible to comprehensively explain what's happening on this example, in as little as maybe 300 lines of text
21:56.57DocScrutinizeron a level of "...then aegis-xy_daemon looks into /etc/aegis/restok to find a line relating to the basename, and returns the set of credentials to aegis-masterFoo..."
21:57.47djszapi_it does not work that way, nope.
21:57.59DocScrutinizer" (see http://aegis/<some path> for details about restok file
21:58.02DocScrutinizer)"
21:58.04djszapi_I am sleepy for now :) I can explain it with a bit sober mind tomorrow though
21:58.29DocScrutinizerI know it doesn't work with aegis-masterFoo
21:58.38DocScrutinizereven without such a paper telling me
21:58.57djszapi_it is not about that, there is no "daemon".
21:59.04DocScrutinizerbut I think there should be such a paper that gives a 15min sketch of how things work
21:59.34DocScrutinizerI also believe there's no daemon
21:59.38djszapi_I do not think so.
21:59.42DocScrutinizeras probably a lot is inside kernel
22:00.01djszapi_What the introduction should show is how to use aegis, without kernel implement level as you request.
22:00.17djszapi_that is pointless a person who would just like to port a simple or "normal" application.
22:01.01djszapi_the advanced guide should talk more about the advanced usage, and controversial whether to discuss this implementation-wise, probably not, just a reference to the generated doxygen implementation documentation.
22:01.13djszapi_* for a person
22:01.26DocScrutinizerthat's exactly where I start to use works in same sentence as "aegis" that you don't like to hear
22:01.42DocScrutinizerwords*
22:03.13DocScrutinizerI'm obviously not a normal person as my apps are not normal either, so you say I'm not worth the effort of aegis developers giving me a decent documantation. I'm not amused about that notion
22:04.58DocScrutinizerI'm learning by understanding *how* things work, not by observing and memorizing *what* things act like
22:06.00DocScrutinizerI got no list of commands I have to prepend sudo. I know from the intended action when I need to get root to achieve something
22:07.01djszapi_sorry ?
22:07.42DocScrutinizeras long as there's not even a clear word about if a child process has same permissions as parent process, and if not then why and which new permissions it got, I don't think the documentation is sufficient even for 'normal' developers
22:08.41DocScrutinizerneither to write 'normal' apps. Maybe QML-only apps, yeah
22:08.42djszapi_well, I said more times the add policy
22:08.51djszapi_that is the key for inheriting.
22:10.01DocScrutinizergoogles "add policy"
22:10.10DocScrutinizergives up
22:13.01djszapi_:D
22:14.07djszapi_valgrind is actually a very good example for that what I am talking about.
22:15.16djszapi_a d gdb
22:15.36djszapi_* and gdb is a very good example for instance for non-inheriting. There you go.
22:18.50djszapi_good night
22:18.51*** part/#harmattan djszapi_ (~lpapp@84-231-18-239.elisa-mobile.fi)
22:19.44DocScrutinizerI'm completely aware of http://www.developer.nokia.com/Community/Wiki/Harmattan:Developer_Library/Developing_for_Harmattan/Harmattan_security/Security_guide#Requesting_POSIX_capabilities, but I'm not able to find WHEN those capabilities are applied to a process, as of "this is the event (whatever kind of event) when aegis looks into internal database, retrieves applicaple policy, and tells kernel about it"
22:21.21*** join/#harmattan javispedro (~javier@Maemo/community/contributor/javispedro)
22:21.44DocScrutinizerI gather this has to be execve() and/or fork() or whatever, or maybe it's a special call to aegis you have to patch into your bash and into harmattan app launcher, or it's plumbed to scheduler task switching, examining each task that gets a timeslice executed. Who knows?
22:23.43DocScrutinizerand then it's not entirely clear how the credentials definition in database is linked to a particular process, as you told me it's not via the pathname in <for path="/usr/bin/myapp" />
22:25.06DocScrutinizerso if it's not the pathname of the binary, what else is it that makes aegis pick a particular token or credentials or whatever the name from its database and apply it to a process?
22:27.11*** join/#harmattan willer_ (~Willer@201-75-87-230-ma.cpe.vivax.com.br)
22:27.45DocScrutinizer(btw the term "policy" appears exactly 3 times in http://www.developer.nokia.com/Community/Wiki/Harmattan:Developer_Library/Developing_for_Harmattan/Harmattan_security/Security_guide , "policies" another 2 times)
22:28.26*** join/#harmattan rm_you|wa (~rm_you@c-24-16-141-5.hsd1.wa.comcast.net)
22:28.28rm_you|wahrmrm....
22:28.51rm_you|walooks like /usr/bin/smartsearch and /usr/bin/messageserver are using a shit-ton of my CPU and draining my battery <_<
22:29.29*** part/#harmattan smoku (~spectrum@xkh0g2.infr.xiaoka.com)
22:45.09*** join/#harmattan rm_you| (~rm_you@c-76-104-225-147.hsd1.wa.comcast.net)
22:47.31javispedroso
22:47.45javispedroassuming I am trying to make up my mind and start doing something with Qml, what should I do?
22:48.28javispedrolast time I tried Qt Creator my love for Gtk+ increased, are there any nice samples for Qml development inside sbox?
22:50.31javispedroor, where can I get the latest version of the qml viewer stub that QtC generates?
22:53.54*** join/#harmattan BrettQ (~wircer@99-38-191-36.lightspeed.clmasc.sbcglobal.net)
22:54.56javispedrothinks I should make a qml-stub-generate cmdlet that quickly creates it
23:01.07*** join/#harmattan captainigloo (~Nico@lan31-4-82-227-130-131.fbx.proxad.net)
23:05.48mikhasjavispedro, forget about qmlviewe
23:05.49mikhasr
23:06.02javispedroI mean the one that qtC generates
23:06.05mikhasdoesnt really work if you want to use Qt Quick Components
23:06.11mikhasthis 10-liner?
23:06.16mikhasI can paste something
23:06.19javispedro10-liner only?
23:06.26javispedrooh.
23:06.42javispedrobut there's like thousands of files when I click new Qml app in QtC.
23:06.45javispedroer..
23:06.47javispedrotens of files ;)
23:06.50mikhasjavispedro, https://gitorious.org/testdef/testdef/blobs/master/testdef/main.cpp
23:07.03mikhasthat's all the wrapping you need
23:08.41rm_you|any new developments on the n950 + video front? :P
23:17.11hardakergotta love it: leave a ssh connection open to the phone, wander very far away from the phone so it looses the 802.11 link (twice), come back 2 hours later to find the session still works :-)
23:26.13DocScrutinizerknown from N900, happens to me regularly, each time I leave for a coffee or a beer next pub
23:26.38hardakerDidn't work for me on the N900...  the session would drop
23:26.49DocScrutinizerhmm
23:26.51hardakeri think.
23:27.07antman8969worked for me
23:27.15hardakermaybe I'm confusing myself with a ssh session over the cell network, which drops ify ou don't use it in something like 30 seconds.
23:27.28antman8969so well infact that I would have to kill the terminal to get out of it...
23:28.12hardakerso what are people using as cases?  I really need to get one.  I used my palm case for my n900, but the n950 is too big and I really need to get something.
23:28.19DocScrutinizerit keeps connection here for several hours, drops if I stay away for a whole day
23:29.29SpeedEvilhardaker: I'm using an old sock. (washed)
23:30.19hardakerSpeedEvil: Excellent.  Where do you stuff it?
23:30.49hardakerI suspect an iphone case (gasp) is probably about the right size
23:30.50Sputjust puts the N950 in his pants pockets
23:30.56Sputseems to be really scratch-resistant
23:30.59hardakerSput: moves around too much..
23:31.10hardakerthat's what I'm doing now, but am not really happy with it.
23:31.20SputI didn't manage to scratch my C7's screen yet, so I trust the N950 will be similarly resilient :)
23:31.21hardaker(err...  "I'm concerned" is probably a better way to put it)
23:32.32SpeedEvilI've managed to scratch the 950 camera lens
23:32.37SpeedEvilWhich is annoying.
23:32.48SpeedEvilFortunately not quite on the actual camera
23:32.58SpeedEvilI'm currently wondering about a screen protector.
23:33.22hardakerSpeedEvil: Yeah, that's going to be the downside of swipe I think.
23:33.39TronicNo scratches on mine either but I think that matt black paint will get damaged eventually, when kept in pocket.
23:33.39hardakerI haven't tried one either.
23:33.41SpeedEvilThe upside of a glass screen is it's scratch resistant.
23:33.52TronicSpeedEvil: Is the camera lens plastic?
23:33.54SpeedEvilThe downside of a glass screen is I'm really, really good at scratching stuff.
23:34.02hardakerheh.
23:34.05SpeedEvilTronic: I suspect it's glass of some form.
23:34.27hardakerbest watch face I ever owned was a good quality swatch.  I can not *believe* that thing never scratched considering what I did to it.
23:34.39SpeedEvilI have previously accidentally put my seccateurs in the wrong pocket, and bent up and down a couple of hundred times.
23:34.44TronicI'm having major trouble with grease, though. Looks very ugly and the glass surface is difficult to clean.
23:34.55TronicPlastic seems better in that respect.
23:34.58SpeedEvilThe screen protector of the n900 looked like I'd taken sandpaper to it.
23:35.17SpeedEvilVigourous rubbing on t-shirt is the key
23:36.01TronicSpeedEvil: Doesn't work well and will very easily scratch the surface if you have any sand/dirt on your shirt.
23:36.06SpeedEvilThat too
23:36.31TronicLicking the screen works but yuck!
23:36.48TronicSpitting on a piece of tissue paper and then rubbing works rather well, too.
23:36.53*** join/#harmattan seif (~seiflotfy@ip-95-223-13-104.unitymediagroup.de)
23:37.04hardakerYou know folks, they make this stuff called "glass cleaner" that contains no spit
23:37.09TronicWater + tissue paper not so well.
23:37.35DocScrutinizermeh, that double-tapping to wakeup is kinda annoying
23:37.36Tronichardaker: Glass cleaners might damage the paint, plus I don't carry any with me.
23:37.57SpeedEvilDocScrutinizer: waking up unintentionally?
23:37.59hardakerDocScrutinizer: it's much better than finding a button in your sleep to check the time
23:38.02SpeedEvilYou can always turn it off
23:38.04TronicDocScrutinizer: Double screenlock (having to open and then slide) in general is quite annoying.
23:38.26specialI ended up turning it off
23:38.39SpeedEvilyeah - I'd like double tap, then tap again to unlock
23:39.07SpeedEvilOr go straight past lock screen if you hit the butto
23:39.09SpeedEviln
23:39.15specialtoo easy to do accidentally, i'd think
23:39.19SpeedEvilBut I suspect all the UI at this level is liable to change
23:39.37SpeedEvilSupporting multitouch would be awesome.
23:39.52SpeedEvilFor example, it will only turn on if you drag two fingers across from one edge to the other
23:40.07SpeedEvilOr double tap with two fingers
23:53.42DocScrutinizerhaha long click on a song it "recently played" which seems actually the current playlist gives "add to queue" but no way to delete a song from playlist
23:54.55DocScrutinizerhmm maybe it's not the playlist

Generated by irclog2html.pl Modified by Tim Riker to work with infobot.