00:11.29 | *** join/#harmattan teleshoes (~teleshoes@pool-74-108-147-150.nycmny.fios.verizon.net) |
00:18.20 | *** join/#harmattan liar (~liar@clnet-p09-185.ikbnet.co.at) |
00:20.32 | DocScrutinizer | this means both uboot and kernel got started and are fine |
00:22.41 | Sazpaimon | DocScrutinizer, yes Im aware |
00:22.52 | Sazpaimon | but for some reason it doesnt actually get to the OS |
00:23.12 | Sazpaimon | and there's no way for me to actually determine why |
00:26.09 | DocScrutinizer | if I had to guess, I'd bet on your kernel modules not matching the kernel |
00:26.33 | Sazpaimon | thats entirely possible, but i dont know why that would be |
00:26.36 | Sazpaimon | its the same kenel version |
00:26.39 | Sazpaimon | *kernel |
00:33.21 | *** join/#harmattan torarne2 (~torarne@cm-84.215.139.70.getinternet.no) |
00:34.23 | Sazpaimon | ..strangely, include/config/kernel.release says 2.6.32.39-dfl61 |
00:34.26 | Sazpaimon | which is what, PR1.1? |
00:36.03 | Sazpaimon | really strange |
00:49.46 | teleshoes | aww, no binary pkg for python-pyside.qttest |
00:50.03 | teleshoes | nokias such a dick |
00:50.54 | Sazpaimon | I frequently wish some other company made maemo |
00:51.06 | teleshoes | i just wish they werent such an asshole |
00:51.12 | teleshoes | they went through and decided what packages they only want to be installed in scratchbox and deliberately didnt release the binaries for em |
00:51.17 | Sazpaimon | nokia would probably way down on the list of companies I want to produce a moblile OS |
00:51.25 | Sazpaimon | you know, like maemo |
00:51.30 | teleshoes | along with...microsoft, apple, and google |
00:51.34 | Sazpaimon | and intel |
00:51.47 | teleshoes | intel is high up on my list, though |
00:52.19 | Sazpaimon | intel has already shown with meego that they can make a high quality open OS |
00:52.28 | Sazpaimon | but since theyre intel, they can afford to can it whenever they want |
00:52.39 | teleshoes | mm |
00:52.41 | teleshoes | problematic |
00:52.55 | teleshoes | i dont really see why we need mobile oses |
00:53.27 | *** join/#harmattan Enforcer (David@203-206-166-147.perm.iinet.net.au) |
01:07.37 | teleshoes | anyone know why i cant backspace in vim? |
01:08.18 | teleshoes | on my n9, thatis |
01:15.02 | itsnotabigtruck | eh, intel also has an extreme lack of commitment to anything |
01:15.43 | itsnotabigtruck | a huge part of what they've ever done outside of their core business has been cancelled months to years in |
01:16.26 | itsnotabigtruck | their core products are damn good, it's just that they won't hold on to other things long enough to have them become actually profitable |
01:17.08 | itsnotabigtruck | also teleshoes: vi or vim |
01:17.14 | teleshoes | vim |
01:17.18 | itsnotabigtruck | busybox's vi doesn't let you backspace a newline |
01:17.38 | teleshoes | yea, this is the vim in i think rzrs repo |
01:25.16 | Sazpaimon | yeah this thing still isnt booting |
01:25.29 | Sazpaimon | i made sure the kenel version was correct |
01:25.38 | Sazpaimon | and it's still breaking |
01:37.11 | Sazpaimon | looks like e-yes used Sourcery to compile the kernel |
01:37.15 | Sazpaimon | i guess ill try that |
01:40.56 | *** join/#harmattan adlan (~adlan@115.85.128.54) |
01:41.03 | teleshoes | thp: hello! ive got a quick question |
01:59.18 | itsnotabigtruck | Sazpaimon teleshoes (+ anyone else on): any suggestions on how to make inception better? |
01:59.45 | itsnotabigtruck | besides keeping it working once PR1.3's out of course |
01:59.46 | teleshoes | magical role-based permissions |
01:59.48 | teleshoes | and candy |
02:00.14 | itsnotabigtruck | hah |
02:00.40 | itsnotabigtruck | yeah, role based access control would be nice - and would require heavy duty kernel (and userspace) hacking :( |
02:02.34 | itsnotabigtruck | it's a real shame, security's all about letting the user in and keeping everyone else out, but it seems like there's no way to achieve that on harmattan |
02:02.57 | itsnotabigtruck | teleshoes ^ |
02:03.08 | teleshoes | yea |
02:03.08 | Sazpaimon | i dont use inception |
02:03.17 | Sazpaimon | and to be honest am not very interested in it |
02:03.23 | teleshoes | aw, you probably should, its nice |
02:03.31 | Sazpaimon | plus, I think with nitdroid around the corner, more people will be using open mode |
02:04.12 | itsnotabigtruck | except that both harmattan w/ open mode and nitdroid are terribly broken atm |
02:04.19 | itsnotabigtruck | nitdroid's getting better but harmattan open mode isn't |
02:04.22 | teleshoes | harmattan w/ openmode is broken? |
02:04.26 | Sazpaimon | i disagree |
02:04.34 | Sazpaimon | it works just fine if you arent converting from closed mode |
02:04.49 | Sazpaimon | a fresh reflash with an openmode kernel and no user data works fine |
02:05.06 | itsnotabigtruck | everything seems to indicate that signon/aegisfs/aps are at least a little bit borked |
02:05.13 | Sazpaimon | nope |
02:05.22 | teleshoes | oh, i got mine working recently |
02:05.22 | Sazpaimon | its just the way aegis treats open mode |
02:05.27 | itsnotabigtruck | and no one seems to be doing anything with open mode that can't be done with inception |
02:05.28 | Sazpaimon | it uses a different shared key |
02:05.38 | Sazpaimon | itsnotabigtruck, running android |
02:05.44 | teleshoes | itsnotabigtruck thats definitely true |
02:05.46 | itsnotabigtruck | Sazpaimon: apart from that |
02:05.47 | itsnotabigtruck | i'm not seeing anything like awesome customized kernels |
02:05.48 | teleshoes | ehh, that doesnt count |
02:06.11 | itsnotabigtruck | customized beyond patching out a couple lines in aegis |
02:06.26 | Sazpaimon | nitdroid's kernel is customized beyond that |
02:06.30 | Sazpaimon | but ok |
02:06.32 | Sazpaimon | nitdroid doesnt count |
02:06.37 | Sazpaimon | even though harmattan runs on it |
02:06.38 | itsnotabigtruck | it's about 6 months in and it seems like there's basically no progress on open mode |
02:06.52 | Sazpaimon | you could say that about HARM in generl |
02:06.54 | Sazpaimon | *general |
02:07.00 | teleshoes | heh |
02:07.01 | itsnotabigtruck | no disclaimer customizers, easy installers, cool apps, and so on |
02:07.07 | itsnotabigtruck | inception has the cool apps problem too though :( |
02:07.15 | Sazpaimon | you can custoomize the disclaimer fine |
02:07.17 | Sazpaimon | *customize |
02:07.22 | teleshoes | the only advantage of openmode > inception, |
02:07.22 | Sazpaimon | you just need to do it in closed mode first |
02:07.29 | itsnotabigtruck | no one explored that until something like a week ago |
02:07.35 | itsnotabigtruck | the tools still aren't fully baked |
02:07.38 | Sazpaimon | i, personally, disabled the disclaimer in closed mode, and then flashed open mode fine |
02:07.45 | teleshoes | is that inception takes a teensy bit more effort |
02:07.47 | teleshoes | WHOA |
02:07.52 | teleshoes | Sazpaimon, where is this? |
02:07.59 | teleshoes | disclaimer removal?? |
02:08.08 | itsnotabigtruck | so deleting the disclaimer image does in fact disable the disclaimer? |
02:08.18 | teleshoes | it doesnt for me!! |
02:08.29 | itsnotabigtruck | teleshoes: well, did you do it from open mode |
02:08.33 | itsnotabigtruck | you can't touch it after going open |
02:08.37 | teleshoes | yea........ |
02:08.39 | teleshoes | fuck |
02:08.46 | teleshoes | but wait! |
02:08.51 | teleshoes | if i do it in closed |
02:08.52 | teleshoes | then switch |
02:08.54 | Sazpaimon | disclaimer-cal remove View-openmode |
02:08.56 | teleshoes | my keys are fucked up |
02:08.56 | Sazpaimon | run that in closed mode |
02:08.57 | itsnotabigtruck | so why wasn't this explored 6 months ago, instead of trickling out months and months later |
02:09.00 | Sazpaimon | then flash open mode |
02:09.01 | Sazpaimon | done |
02:09.13 | itsnotabigtruck | this kinda proves my point |
02:09.15 | Sazpaimon | or |
02:09.18 | teleshoes | wait, how do you both do this, AND not have your accounts prompt for passwords |
02:09.23 | Sazpaimon | disclaimer-cal write View-openmove custom-image.rle |
02:09.24 | itsnotabigtruck | the proponents of open mode have basically done nothing to support open mode |
02:09.30 | Sazpaimon | that sets a custom image |
02:09.50 | itsnotabigtruck | when it comes to documentation, tutorials, and tools |
02:09.51 | Sazpaimon | teleshoes, for accounts, the easiest way is to wipe your user data |
02:09.57 | Sazpaimon | then re-set up your accounts |
02:09.59 | itsnotabigtruck | in fact a lot of the info is nowhere written |
02:10.06 | teleshoes | where wipe-your-user-data means? |
02:10.30 | Sazpaimon | basically reflash the emmc and do --secure-erase-data |
02:10.33 | Sazpaimon | or whatever its called |
02:10.34 | teleshoes | i have a script that inserts my accounts into the db after i reflash |
02:10.37 | teleshoes | oh, |
02:10.43 | teleshoes | so flash everything closed mode, |
02:10.47 | Sazpaimon | no |
02:10.47 | teleshoes | boot the phone |
02:10.48 | itsnotabigtruck | try --erase-mmc=quick instead |
02:10.51 | teleshoes | kill the disclaimer |
02:10.58 | Sazpaimon | yeah |
02:10.59 | teleshoes | flash the emmc |
02:11.07 | teleshoes | and flash the openkernel |
02:11.10 | Sazpaimon | right |
02:11.17 | teleshoes | coooooooool |
02:11.22 | itsnotabigtruck | specifically |
02:11.25 | Sazpaimon | if youre working with a completely fresh flash though, there's no need to flash the emmc |
02:11.37 | Sazpaimon | just completely reflash the phone, rootfs, emmc, everything |
02:11.39 | teleshoes | right, but once i boot into open mode, |
02:11.45 | teleshoes | into CLOSED mode |
02:11.46 | teleshoes | i mean |
02:11.50 | Sazpaimon | skip creating the nokia account, install developer tools |
02:11.54 | Sazpaimon | remove the disclaimer |
02:11.59 | Sazpaimon | then flash open mode kernel |
02:12.03 | Sazpaimon | then create your user accounts |
02:12.04 | itsnotabigtruck | a) flash main image, b) mess with disclaimer, c) flash main+emmc and use --erase-mmc=quick on the main image flash, d) flash a kernel of your choice |
02:12.20 | teleshoes | sweet, thanks guys |
02:12.24 | Sazpaimon | itsnotabigtruck, you could probably combine a and c |
02:12.26 | itsnotabigtruck | or alternately boot an unauthorized kernel once and have vanilla open mode |
02:12.37 | itsnotabigtruck | Sazpaimon: but you need to expunge everything from the 1st boot |
02:12.50 | Sazpaimon | as long as the device has no accounts or anything that uses aegisfs set up, youre fine |
02:12.54 | Sazpaimon | thats the main issue |
02:12.57 | itsnotabigtruck | just booting will set up some aps stuff |
02:13.05 | itsnotabigtruck | like the aegis root of trust |
02:13.19 | teleshoes | yea, so i totally DO need to flash the emmc, right? |
02:13.24 | Sazpaimon | what I actually did was remove all the keys in /home/user/.aegis |
02:13.27 | Sazpaimon | then rebooted |
02:13.27 | itsnotabigtruck | aps is on rootfs |
02:13.36 | Sazpaimon | aegis re-set that all up fine using openmode keys |
02:13.37 | itsnotabigtruck | (aegis protected storage) |
02:13.45 | teleshoes | sweeet |
02:14.00 | Sazpaimon | and I didnt even need to reflash |
02:14.06 | Sazpaimon | teleshoes, if you want, you can try that instead |
02:14.08 | Sazpaimon | may be easier |
02:14.12 | Sazpaimon | then again, may not |
02:14.15 | teleshoes | can i just recursively remove /home/user/.aegis/* ? |
02:14.18 | itsnotabigtruck | or...you could just use inception...like i was saying earlier, in the absence of an awesome kernel hack or something it just doesn't make sense |
02:14.32 | Sazpaimon | teleshoes, i did mv /home/user/.aegis /home/user/.aegis2 |
02:14.38 | teleshoes | cool |
02:14.38 | Sazpaimon | then rebooted |
02:14.45 | teleshoes | the only reason, itsnotabigtruck, that im interested in removing this from open mode |
02:15.01 | Sazpaimon | after i re-entered my passwords and agreed for that posistioning thing, i never had to do it again |
02:15.01 | teleshoes | is to make sure i can do this if pr1.3 murders inception |
02:15.11 | itsnotabigtruck | hopefully they won't sneak in the 'fix' for this in pr1.3 nolo |
02:15.16 | Sazpaimon | s/if/when |
02:15.24 | itsnotabigtruck | which is probably a valid reason for not having spread the disclaimer-cal word before |
02:15.51 | teleshoes | i guess both are pretty vulnerable |
02:15.56 | itsnotabigtruck | oh, also, remember that booting in closed mode will reset the disclaimer unless you mess with the script that updates the images during boot |
02:16.04 | Sazpaimon | i think you could also do some magic with apscli |
02:16.07 | itsnotabigtruck | so don't reboot before going into open mode |
02:16.13 | Sazpaimon | but really it was easier just to say fuck it and remove .aegis |
02:18.52 | Sazpaimon | also, since youre already in open mode, you'll need to reflash the whole thing anyway, to remove the disclaimer |
02:19.03 | Sazpaimon | since iirc you cant freely go to and from open mode without a reflash |
02:19.13 | teleshoes | yea |
02:19.17 | teleshoes | that i knew |
02:19.23 | teleshoes | which sucks alot |
02:19.30 | teleshoes | because i have to resync my music library over night |
02:20.18 | Sazpaimon | yeah |
02:20.25 | Sazpaimon | i miss my sd card on my N900 |
02:20.33 | teleshoes | YEAAAAA |
02:20.36 | teleshoes | whats wrong with them? |
02:20.49 | teleshoes | was it just to upsell us? |
02:21.26 | Sazpaimon | because the N9 was the product of outdated and held back design |
02:25.12 | teleshoes | itsnotabigtruck so i think im going to switch to openmode for awhile; does inception work on it? |
02:26.39 | itsnotabigtruck | teleshoes: it does...though AEGIS_FIXED_ORIGIN=com.nokia.maemo dpkg -i foo.deb |
02:26.44 | itsnotabigtruck | does pretty much the same thing as incept |
02:27.34 | teleshoes | is that all incept does? |
02:27.56 | itsnotabigtruck | well, that isn't allowed in non-open mode, incept works differently |
02:28.00 | teleshoes | ok |
02:28.12 | itsnotabigtruck | but the net effect is the same, installing into a trusted domain |
02:28.19 | teleshoes | mmhmm |
02:28.38 | teleshoes | i know inception isnt useful on openmode, i just want to pretend that im on closed mode |
02:28.43 | itsnotabigtruck | lol |
02:28.55 | teleshoes | so i can drop inception or openmode when one of them turns on me |
02:29.03 | itsnotabigtruck | hehe |
02:29.21 | teleshoes | the only reason i wasnt doing this before is the BSW |
02:31.50 | itsnotabigtruck | probably the big difference between using AEGIS_FIXED_ORIGIN and inception is that inception puts everything in a separate domain, which causes those things to be de-privileged if you uninstall the policy package |
02:31.54 | itsnotabigtruck | which is both good and bad |
02:32.21 | teleshoes | i see |
02:32.48 | itsnotabigtruck | whereas if you put the packages in com.nokia.maemo they're not distinct from os packages at all |
02:33.05 | teleshoes | right |
02:34.32 | itsnotabigtruck | one feature that someone asked for a while back was a command to inquire about what packages have been incepted |
02:34.45 | itsnotabigtruck | and a feature that i thought about putting in inception 0.1 was a trusted launcher to replace opensh |
02:34.51 | itsnotabigtruck | a la sudo |
02:35.10 | teleshoes | that would be FANTASTIC |
02:35.24 | teleshoes | both of those sound nice |
02:36.46 | itsnotabigtruck | the problem with the trusted launcher was - syntax |
02:37.25 | itsnotabigtruck | i'm not sure how to make the command line syntax usable |
02:38.02 | teleshoes | i dont see the problem |
02:39.22 | itsnotabigtruck | teleshoes: well, obviously specifying every single credential you want on the command line isn't very convenient |
02:39.30 | itsnotabigtruck | and all or nothing isn't always what you want |
02:39.31 | itsnotabigtruck | what do you think |
02:39.38 | teleshoes | oh, i imagined all or nothing |
02:39.43 | teleshoes | hmm |
02:40.02 | teleshoes | so all args from the left that start with a - should be args to inceptdo |
02:40.13 | teleshoes | and the first non-hyphen-prefixed arg should be the start of the cmd |
02:40.39 | itsnotabigtruck | but how to specify which credentials |
02:40.44 | teleshoes | inceptdo -gprs::audio cmd |
02:40.50 | teleshoes | or whatever the things are |
02:41.11 | itsnotabigtruck | there's 33 linux capabilities (which make up root access) |
02:41.42 | itsnotabigtruck | plus tcb, a number of supplementary groups, and tons of custom credentials |
02:41.57 | teleshoes | for linux, i imagine inceptdo -CAP_SETGID=on |
02:42.25 | itsnotabigtruck | but what if you want to do all the caps in one fell swoop, which is pretty common |
02:42.41 | itsnotabigtruck | something like inceptdo +CAP::* cmd might make sense but that quickly gets unwieldy |
02:42.46 | teleshoes | i see, so there are just too many permutations to be useful |
02:43.03 | itsnotabigtruck | it would be possible to chain aegis-exec to inceptdo for more specific control |
02:43.14 | itsnotabigtruck | aegis-exec allows adding/removing privileges one by one |
02:43.51 | *** join/#harmattan bambee (~bambi@ks3096138.kimsufi.com) |
02:43.51 | *** join/#harmattan bambee (~bambi@ubuntu/member/bambee) |
02:44.36 | teleshoes | you could simply make a giant list of all the permissions, and allow a regex for them |
02:45.10 | teleshoes | inceptdo -h |
02:45.10 | teleshoes | perms: |
02:45.10 | teleshoes | CAP::FOWNER |
02:45.10 | teleshoes | CAP::SETGID |
02:45.10 | teleshoes | ... |
02:45.30 | itsnotabigtruck | regex would be kinda overkill but that's what the wildcard match approach would be |
02:45.30 | teleshoes | inceptdo +'CAP::.*' -CAP::FOWNER |
02:45.49 | teleshoes | also, its bad to have a complex input language |
02:45.57 | teleshoes | especially on something security related |
02:46.07 | teleshoes | thats the source of nearly all security holes |
02:46.13 | *** join/#harmattan CissWit (~cisswit@6-8.fr) |
02:46.27 | itsnotabigtruck | right |
02:46.40 | itsnotabigtruck | another thing somebody wanted was a program that would regenerate the refhashlist from the current system statre |
02:46.50 | teleshoes | whats that? |
02:47.04 | itsnotabigtruck | though that could be a security risk if someone owned one of your files, but that would be a small risk among many major ones |
02:47.21 | itsnotabigtruck | *system state |
02:47.32 | itsnotabigtruck | i.e. hash all the files and update aegis with them |
02:47.38 | teleshoes | ah |
02:47.39 | teleshoes | i see |
02:48.08 | teleshoes | yea, i dont see the risk there |
02:48.51 | itsnotabigtruck | because it only requires root access to modify a file |
02:48.58 | teleshoes | right |
02:49.00 | itsnotabigtruck | it requires tcb access to register it with aegis |
02:49.24 | itsnotabigtruck | but if you couldn't get tcb access with root access, inception wouldn't exist |
02:49.37 | teleshoes | mmhmm |
02:49.55 | teleshoes | so, the best feature here would be a state-of-the-inception |
02:50.23 | teleshoes | what packages youve incepted and their install status, etc |
02:50.56 | *** join/#harmattan jluisn (~quassel@187.114.217.56) |
02:51.31 | itsnotabigtruck | well, i was just going to look up packages in the inception domain and print them out...i guess i could pass them to dpkg and print out other info too |
02:51.44 | itsnotabigtruck | though it's possible to have info for a package in aegis and not in dpkg |
02:52.00 | *** join/#harmattan natunen (~nalle@213-186-240-19.bb.dnainternet.fi) |
02:52.03 | itsnotabigtruck | that's what happens every time you try to install something as non-root and it fails |
02:54.03 | itsnotabigtruck | or when there's a stale dpkg lock |
02:59.44 | itsnotabigtruck | teleshoes ^ |
03:00.02 | teleshoes | i see |
03:00.21 | teleshoes | how about if it just fails generally? |
03:00.25 | teleshoes | like, package deps |
03:00.46 | teleshoes | it goes in aegis anyway? |
03:01.58 | itsnotabigtruck | teleshoes: yeah, aegis updates regardless of whether dpkg fails, usually |
03:02.04 | teleshoes | i see |
03:02.36 | itsnotabigtruck | also i just made it test for a dpkg lock file so it doesn't fail later because of that |
03:04.12 | teleshoes | quick q about emmc quick erase |
03:04.49 | teleshoes | so im flashing the emmc to get back out of openmode into closedmode |
03:04.59 | teleshoes | firmware + emmc |
03:05.41 | itsnotabigtruck | i'm not sure you actually have to do the emmc for that, you'll have the signon/aegisfs problems if you don't though |
03:05.42 | teleshoes | so i do that first, and then do --erase-mmc=quick? |
03:05.45 | itsnotabigtruck | but you don't really care about that |
03:05.55 | itsnotabigtruck | you would do the erase-mmc with the main image flash |
03:05.57 | itsnotabigtruck | not the emmc flash |
03:06.03 | itsnotabigtruck | erase-mmc, i think, does the entire emmc |
03:06.10 | itsnotabigtruck | the rootfs is on the emmc |
03:06.20 | itsnotabigtruck | rather confusing because the 'emmc image' isn't for the entire emmc |
03:06.28 | teleshoes | its...not? |
03:06.36 | itsnotabigtruck | emmc has 3 parts |
03:06.38 | teleshoes | its only part#1? |
03:06.41 | itsnotabigtruck | mydocs, userdata, and rootfs |
03:06.44 | teleshoes | mmhmm |
03:06.53 | itsnotabigtruck | emmc just does the 1st one and maybe the 2nd |
03:07.00 | teleshoes | def the second |
03:07.07 | teleshoes | <PROTECTED> |
03:07.15 | teleshoes | and the first |
03:07.27 | itsnotabigtruck | whereas cal/kernel/nolo are on the nand |
03:07.43 | teleshoes | i thought emmc did the rootfs as well |
03:08.18 | teleshoes | so i totally DONT want to do that, i just wanna do the firmware image |
03:08.34 | teleshoes | then boot, disclaimer-cal, openkernel |
03:15.54 | itsnotabigtruck | erase-mmc = wipes rootfs/userdata/mydocs (i think - haven't tested) |
03:15.59 | itsnotabigtruck | flashing main image = wipes rootfs only |
03:16.04 | itsnotabigtruck | flashing emmc image = wipes userdata+mydocs only |
03:16.13 | itsnotabigtruck | so you want to do |
03:16.27 | itsnotabigtruck | flasher -f -F main.img --erase-mmc=quick |
03:16.33 | itsnotabigtruck | flasher -f -F emmc.img |
03:17.07 | itsnotabigtruck | flasher -f --kernel=foo |
03:17.10 | teleshoes | i dont want to erase my mydocs if i dont absolutely have to, to convince it im not in openmode |
03:17.46 | itsnotabigtruck | you don't need to touch mydocs going *out* of open mode, if you don't mind it being a bit broken |
03:17.57 | itsnotabigtruck | that phase is just temporary for the disclaimer tweak |
03:18.25 | teleshoes | mm, i see |
03:19.05 | teleshoes | i hate having to boot twice every time to enable 'dev mode' |
03:20.24 | teleshoes | theres absolutely no reason for the reboot |
03:26.13 | itsnotabigtruck | there sort of is |
03:26.20 | itsnotabigtruck | it's to enable aegis relaxed mode |
03:26.54 | teleshoes | heh, what i really mean is that wanting a terminal shouldnt imply that |
03:26.55 | itsnotabigtruck | relaxed mode can't be enabled after booting without the unseal hack (e.g. aegisctl) |
03:27.59 | teleshoes | all i really wanna do is set a user passwd, so i can ssh in run the rest of my bootstrapping |
03:28.15 | itsnotabigtruck | heh |
03:28.27 | itsnotabigtruck | well, you could install meecatalog and get meego terminal |
03:28.44 | teleshoes | thats longer, tho, and externally dependent |
03:28.48 | teleshoes | requires internet, i mean |
03:28.55 | itsnotabigtruck | so does dev mode :p |
03:29.00 | teleshoes | oh yea |
03:29.35 | teleshoes | i just wish a user password was set by default |
03:34.06 | teleshoes | well i can confirm that openmode works, and i have no disclaimer! |
03:34.45 | teleshoes | so we now have two more-or-less equivalent paths to the same end |
03:41.06 | teleshoes | i can also confirm that absolutely everything is fine with aegis keys, if you just 'rm -rf /home/user/.aegis' and reboot |
03:41.21 | teleshoes | enter your passwords at startup, and never have to enter them again |
03:42.21 | teleshoes | signon/aegisfs aside, this is a victory for science |
03:47.24 | Sazpaimon | well |
03:47.27 | itsnotabigtruck | cool |
03:47.33 | Sazpaimon | dev mode sets a user password for the developer account |
03:47.48 | Sazpaimon | so all you really need is the sdk program and openssh |
03:48.00 | Sazpaimon | not actually all of the developer-mode metapackage |
03:48.15 | Sazpaimon | [23:40] <teleshoes> i can also confirm that absolutely everything is fine with aegis keys, if you just 'rm -rf /home/user/.aegis' and reboot |
03:48.20 | Sazpaimon | glad to hear it worked |
03:48.24 | teleshoes | thanks again |
03:49.03 | Sazpaimon | only problem ive been having recently is my GPS is buggy |
03:49.11 | Sazpaimon | like, when using drive, it will jump all over the map |
03:49.15 | Sazpaimon | or be unresponsive completely |
03:49.27 | teleshoes | yea! |
03:49.36 | Sazpaimon | kind of annoying, but its okay because i semi-know where Im going most of the time |
03:49.36 | teleshoes | that happens to me occasionally |
03:49.41 | teleshoes | my last reflash fixed it |
03:49.52 | Sazpaimon | it happens to me consistently |
03:50.05 | teleshoes | try resetting cities |
03:50.28 | itsnotabigtruck | hm, this incepted package query business is a bit more complicated than i anticipated |
03:51.03 | Sazpaimon | its not a huge deal because i dont actually *own* a car |
03:51.10 | Sazpaimon | but i occasionally will drive one |
03:51.39 | Sazpaimon | so lets see if codesourcery will build me a working kernel |
03:52.48 | Sazpaimon | its the same toolchain e-yes used |
03:52.57 | Sazpaimon | so if this doesnt work, i dont know what will |
03:53.28 | teleshoes | fuck, i HATE how installing bash |
03:53.29 | teleshoes | Unpacking bash (from .../bash_4.1-3+maemo6+0m6_armel.deb) ... |
03:53.29 | teleshoes | The bash upgrade discovered that your /bin/sh link points to busybox. |
03:53.30 | teleshoes | As bash for Debian is destined to provide a working /bin/sh (pointing to |
03:53.30 | teleshoes | /bin/bash) your link will be overwritten by a default link. |
03:53.30 | teleshoes | If you don't want further upgrades to overwrite your customization, please |
03:53.30 | teleshoes | read /usr/share/doc/bash/README.Debian.gz for a more permanent solution. |
03:53.30 | teleshoes | [Press RETURN to continue] |
03:54.04 | teleshoes | and it doesnt actually show up in my ssh bootstrapper because of line buffering |
03:54.08 | teleshoes | gets me every time |
03:55.16 | Sazpaimon | okay, this begets me a zImage that's only about 100 bytes different |
03:55.22 | Sazpaimon | not exactly the same, but closer than what I got |
03:55.27 | Sazpaimon | *got with scratchbox |
03:55.36 | Sazpaimon | let me flash it and see what happens |
03:55.54 | teleshoes | whats in this kernel youre makin? |
03:56.17 | Sazpaimon | its the nitdroid kernel |
03:56.25 | Sazpaimon | with some changes to hopefully allow it to boot nemo too |
03:59.27 | Sazpaimon | nope, this wont boot either |
04:00.42 | itsnotabigtruck | Sazpaimon teleshoes: so, any advice on the credential selection issue |
04:00.50 | itsnotabigtruck | the full blown wildcard selection thing seems like too much |
04:01.55 | *** join/#harmattan oberling (~oberling@brln-4dbc5a36.pool.mediaWays.net) |
04:03.15 | teleshoes | at least allow enumerated +PERM -PERM args |
04:03.27 | teleshoes | no need for -PERM, i guess |
04:03.53 | itsnotabigtruck | teleshoes: well, would it start from the empty set or the inherited set |
04:04.02 | teleshoes | inherited set, mm |
04:04.04 | itsnotabigtruck | if it inherits stuff it makes sense to have -perm |
04:04.06 | teleshoes | so -perm |
04:04.23 | teleshoes | ok, so yea, just enumerate -perm +perm |
04:04.27 | teleshoes | very important feature |
04:04.28 | teleshoes | is -h |
04:04.31 | *** join/#harmattan unreal_ (~unreal@interwebs.greenade.net) |
04:04.32 | teleshoes | or whatever |
04:04.33 | itsnotabigtruck | but aegis-exec already offers that kind of thing |
04:04.35 | teleshoes | to list the perms |
04:04.41 | teleshoes | true |
04:04.57 | teleshoes | so maybe its not terrible useful |
04:04.58 | itsnotabigtruck | e.g. inceptdo aegis-exec -c -a perm -a perm -a perm sh |
04:05.02 | teleshoes | mmhmm |
04:05.10 | itsnotabigtruck | vs inceptdo +perm +perm +perm sh |
04:05.25 | teleshoes | the perms are well defined? |
04:05.34 | teleshoes | i mean, there is an easy way to list them? |
04:05.51 | itsnotabigtruck | it's not very easy to list all of them |
04:05.59 | itsnotabigtruck | at least without having a program that asserts all of them like opensh |
04:06.09 | teleshoes | it would be nice, then, if this could |
04:06.11 | *** join/#harmattan kevin_b (~kevin_b@ks35127.kimsufi.com) |
04:06.17 | itsnotabigtruck | were it all or nothing one could jut do |
04:06.21 | itsnotabigtruck | inceptdo accli -I |
04:07.23 | itsnotabigtruck | one thing is that if all credentials are asserted, the source id check is really problematic |
04:11.17 | Sazpaimon | nope, this other branch of the N9 nitdroid kernel also wont boot |
04:11.20 | Sazpaimon | rolls eyes |
04:11.33 | Sazpaimon | guess Ill yell at e-yes when he comes around |
04:13.00 | teleshoes | hey, itsnotabigtruck, you were the one who was talking with MohammadAG about getting a binary repo set up for 1.2 sources right? |
04:13.59 | teleshoes | anything come out of that? |
04:16.15 | Sazpaimon | teleshoes, yes |
04:16.16 | Sazpaimon | http://mohammadag.xceleo.org/n9sources_repo |
04:16.31 | teleshoes | no, a binary repo |
04:16.35 | Sazpaimon | oh |
04:16.37 | *** join/#harmattan chouchoune (~chouchoun@ks209213.kimsufi.com) |
04:16.40 | Sazpaimon | misread, sorry |
04:16.46 | teleshoes | ;) |
04:18.29 | *** join/#harmattan chouchoune (~chouchoun@ks209213.kimsufi.com) |
04:23.01 | itsnotabigtruck | teleshoes: nope, nothing on that front |
04:23.06 | teleshoes | damn |
04:23.23 | teleshoes | i especially want python-pyside.qttest |
04:23.39 | teleshoes | and libc6-dev, of course |
04:28.29 | itsnotabigtruck | http://www.reddit.com/r/videos/comments/rgmp9/boston_dynamics_incredible_jumping_robot/c45qb4i?context=2 |
04:29.58 | teleshoes | holy shit thats cool |
04:29.59 | teleshoes | lool |
04:30.42 | teleshoes | hey so when im installing a bunch of debs with aegis-fixed-origin |
04:30.54 | teleshoes | the phone occasionally reboots |
04:31.01 | teleshoes | right in the middle |
04:31.12 | teleshoes | i just resume, maybe do a dpkg --config -a |
04:31.18 | teleshoes | and its aight |
04:31.39 | teleshoes | but it took me 4 reboots just now to install these |
04:31.40 | teleshoes | ad-hac_1.0_all.deb adobe-flashplayer_4_448620.0.0-73.1_armel.deb btinput_1_432400.0.0_armel.deb btinput-terminal_1_445544.0.0_armel.deb emumaster_0_367960.2.2_armel.deb fbreader_0_403398.99.5_armel.deb fennec_11_443205.0.0.1_armel.deb folder-gallery_1.10.2_armel_harmattan.deb gconfik_1.1.0_armel.deb gstreamer0.10-tools_0.10.34-0maemo2+0m6_armel.deb libgtkspell0_2.0.16-1_armel.deb liblaunchpad-integration1_0.1.35_armel.de |
04:32.53 | itsnotabigtruck | wtf |
04:32.58 | teleshoes | dunno |
04:33.06 | itsnotabigtruck | btw why are you installing all of those with fixed origin |
04:33.08 | teleshoes | im not sure whether it would or wouldnt have rebooted 4x with inception |
04:33.13 | itsnotabigtruck | shouldn't be necessary for any of them |
04:33.22 | teleshoes | it is for most of em |
04:33.23 | teleshoes | just not all |
04:33.48 | itsnotabigtruck | not ad-hac, flash, bitinput, emumaster, gstreamer tools, ... |
04:33.53 | teleshoes | right |
04:33.55 | teleshoes | those are fine |
04:34.15 | teleshoes | libgtkspell, liblaunchpad, libpurple, pidgin |
04:34.21 | teleshoes | mplayer, i think |
04:34.48 | teleshoes | some, not most |
04:34.54 | teleshoes | probably 6 of them |
04:35.41 | teleshoes | i incept everything i download from the ovi store for no reason |
04:36.05 | teleshoes | i should separate out loose debs that come from the store and loose debs that are hacked together nonsense |
04:36.08 | teleshoes | like my pidgin |
04:36.33 | itsnotabigtruck | you can check if something is an ovi package with ar t |
04:36.37 | itsnotabigtruck | see if it has an _x509sig |
04:40.09 | Sazpaimon | if anyone sees e-yes and im not here, can you ask him how the dualboot kernel is built and what sources are used for it |
04:42.45 | *** join/#harmattan montamer (~montamer@223.227.166.172) |
04:44.25 | *** join/#harmattan smokex|away (smokex@199.127.225.125) |
04:44.32 | *** join/#harmattan xarcass (~igorsazon@37.19.4.161) |
04:45.05 | *** join/#harmattan liar (~liar@clnet-p09-185.ikbnet.co.at) |
05:31.15 | *** join/#harmattan guruz (~mgoetz@noreg.fauleban.de) |
05:34.48 | *** join/#harmattan ieatlint (~ieatlint@tehinterweb.com) |
05:41.19 | *** join/#harmattan tgalal (~tarekg@p54BEA8F3.dip.t-dialin.net) |
05:47.22 | *** join/#harmattan npm_n9 (~npm_n9@cpe-76-168-113-151.socal.res.rr.com) |
05:50.05 | *** join/#harmattan xarcass (~igorsazon@37.19.4.161) |
05:51.58 | *** join/#harmattan e-yes__ (~e-yes@94.45.165.159) |
05:53.13 | *** join/#harmattan xarcass (~igorsazon@37.19.4.161) |
06:06.04 | *** join/#harmattan rnovacek (radek@nat/redhat/x-kibjimkflgzeuyvd) |
06:06.52 | *** join/#harmattan gabriel9 (~gabriel9@31.223.218.208) |
06:26.27 | *** join/#harmattan lfrb (~lfrb@pasanda.collabora.co.uk) |
06:26.35 | *** join/#harmattan jpwhiting (~jpwhiting@kde/developer/whiting) |
06:34.42 | *** join/#harmattan hardaker (~hardaker@dhcp-116b.meeting.ietf.org) |
06:36.47 | *** join/#harmattan natunen (~nalle@213-186-240-19.bb.dnainternet.fi) |
06:59.00 | *** join/#harmattan gabriel9|work (~quassel@92.241.143.37) |
07:09.45 | *** join/#harmattan jreznik (jreznik@nat/redhat/x-vzocbsztqfkztymw) |
07:28.25 | *** join/#harmattan leinir (~leinir@amarok/usability/leinir) |
08:04.11 | *** join/#harmattan leinir_ (~leinir@192.100.124.156) |
08:04.11 | *** join/#harmattan leinir_ (~leinir@amarok/usability/leinir) |
08:16.29 | *** join/#harmattan aquarius (~aquarius@cpc5-dudl10-2-0-cust29.wolv.cable.virginmedia.com) |
08:23.03 | *** join/#harmattan M4rtinK (~M4rtinK@ip-89-102-207-166.net.upcbroadband.cz) |
08:36.21 | *** join/#harmattan nwoki (~nwoki@host115-30-dynamic.117-80-r.retail.telecomitalia.it) |
08:36.21 | *** join/#harmattan nwoki (~nwoki@unaffiliated/nwoki) |
08:55.21 | *** join/#harmattan aheinecke_ (~quassel@77.245.47.29) |
08:57.31 | *** join/#harmattan mairas_ (mairas@nat/nokia/x-sdtxcdldycraqdyc) |
08:57.59 | *** join/#harmattan Jaffa (~andrew@badger.bleb.org) |
09:03.58 | *** join/#harmattan rigo (~rigo@ANancy-551-1-68-181.w86-204.abo.wanadoo.fr) |
09:09.05 | *** join/#harmattan chouchoune (~chouchoun@ks209213.kimsufi.com) |
09:09.17 | *** join/#harmattan kevin_b (~kevin_b@ks35127.kimsufi.com) |
09:15.03 | *** join/#harmattan Natunen (nalle@213-186-240-19.bb.dnainternet.fi) |
09:50.22 | *** join/#harmattan aheinecke (~quassel@77.245.47.29) |
10:04.08 | *** join/#harmattan liar (~liar@clnet-p09-185.ikbnet.co.at) |
10:08.51 | *** join/#harmattan aleksander_m (~aleksande@129.Red-83-45-42.dynamicIP.rima-tde.net) |
10:09.05 | *** join/#harmattan risca (~risca@wi-secure-2252.cc.umanitoba.ca) |
10:29.54 | *** join/#harmattan ciacon_ (~quassel@pd95c7e04.dip0.t-ipconnect.de) |
10:42.03 | *** join/#harmattan lizardo (lizardo@nat/indt/x-bjndglbfabwdfqdq) |
10:50.18 | *** join/#harmattan Hei_Ku (~asoliver@pasanda.collabora.co.uk) |
10:51.50 | *** join/#harmattan nwoki (~nwoki@host115-30-dynamic.117-80-r.retail.telecomitalia.it) |
10:51.51 | *** join/#harmattan nwoki (~nwoki@unaffiliated/nwoki) |
10:55.08 | *** join/#harmattan DocScrutinizer (~halley@openmoko/engineers/joerg) |
11:05.51 | *** join/#harmattan hardaker (~hardaker@dhcp-116b.meeting.ietf.org) |
11:21.51 | *** join/#harmattan x29a (x29a@unaffiliated/x29a) |
11:23.41 | *** join/#harmattan Hei_Ku (~asoliver@pasanda.collabora.co.uk) |
11:23.47 | *** join/#harmattan lfrb (~lfrb@pasanda.collabora.co.uk) |
11:23.56 | *** join/#harmattan jpwhiting (~jpwhiting@kde/developer/whiting) |
11:24.00 | x29a | heyho folks, i was wondering if anybody had experience with accessing the wireless lan low level scan features. i think i am on track with the osso-wlan lib, but i fear permission restrictions. since i dont own an n9 yet, its more a theoretical question, im just looking for good entrypoints to the problem |
12:03.47 | *** join/#harmattan shentey (~ircchatte@141.23.112.246) |
12:04.28 | *** join/#harmattan lucido (~krisztian@183.89.58.186) |
12:14.29 | *** join/#harmattan snowpong (~espen@156.116.27.2) |
12:20.43 | rigo | x29a, you should own an N9 :) |
12:21.44 | rigo | I had some experience with aegis, the security system, that tells me that in order to get low level access to the wlan scan etc, you need to talk to itsnotabigtruck |
12:25.11 | *** join/#harmattan etrunko (~etrunko@201.53.205.85) |
12:32.42 | *** join/#harmattan motogeek (8110b24e@gateway/web/freenode/ip.129.16.178.78) |
12:37.18 | jonni | heh scary, I nuked my imei to 000000000000000 by 'accident'(by playing with things I shoudnt have) :-), luckily I had backup |
12:38.46 | alterego | What? |
12:38.53 | alterego | You changed the IMEI of your phone?! |
12:39.08 | alterego | That shouldn't be possible .. |
12:40.56 | *** join/#harmattan faenil (~faenil@131.114.10.238) |
12:44.25 | flux | jonni, it would've been interesting to know if that's the IMEI it also told the phone network :) |
12:46.06 | jonni | heh, I also changed the mac in the wlan0, which isnt possible either :) |
12:47.36 | alterego | Changing the MAC is possible. |
12:47.43 | alterego | The IMEI should be protected on the baseband. |
12:48.29 | jonni | anyways I changed things back to normal. It might be that with RDC I had a bit too much power to mess with things :) |
12:49.36 | Tronic | RDC? |
12:50.19 | rigo | nah, changing the mac in the wlan is easy in linux |
12:50.30 | jonni | R&D certificate |
12:50.55 | rigo | I have a friend who has done a script to change mac every 10min so that you don't need a subscription at CDG Airport ... |
12:50.58 | pawky | I am all ears in how you succeeded to change the IMEI :-D |
12:51.13 | pawky | if you could do that, I suppose you could also change it to whatever :-) |
12:51.29 | rigo | hey, I wouldn't publish that, because IMEI is a security in case of stolen phones |
12:51.37 | rigo | AFAIK |
12:51.37 | pawky | then Nokia phones could be a cheap alternative in the long run ;-) |
12:51.47 | jonni | heh, sorry wont give out details... but might raise internal bug report :) |
12:51.57 | pawky | come on... don't be shy :-) |
12:52.15 | pawky | I thought it was burned into a ROM... |
12:52.45 | rigo | interesting economic model: By making IMEI changeable, phones are stolen more often, thus people will by new phones from insurance |
12:52.48 | jonni | pawky: heh, and there was a side effect that phone doesnt boot and is not flashable before you do some revocy actions :) |
12:53.14 | jonni | so basicly it causes a brick if normal people would try it |
12:53.34 | pawky | yeah.. 00000 would... but how about putting another IMEI there? :-) |
12:54.17 | jonni | not even trying, I have no interest to test that further, it was just accident when I tried to do something else :) |
12:54.21 | pawky | if you succeed to get it to be 0000, i assume either you just made it none readable, or its in the flash :-) |
12:55.13 | jonni | just noticed that when I did accli -I and it returned bunch of zeroes as imei. |
12:56.38 | pawky | hmm.. a new world opens up... suddenly its not as obvious any more wether an IMEI is enough proof if someone has been at a specific spot at a specific time any more :-) |
12:56.43 | pawky | very interesting... ;-) |
12:57.32 | jonni | I didnt make any calls, so it still might be that basebands reports right imei to the world. |
12:58.16 | jonni | most likely accli just gets imei from some other world readable place |
12:58.39 | flux | pawky, I think some old certain version of a Nokia phone was popular among certain people for its mutable IMEI.. |
12:58.51 | flux | perhaps other reasons as well |
12:58.57 | flux | or only :-) |
13:00.51 | *** join/#harmattan etrunko (~etrunko@201.53.205.85) |
13:23.03 | *** join/#harmattan tbf (~mathias@p5B3D5983.dip.t-dialin.net) |
13:23.27 | alterego | Anyone know how to properly cope with switching in/out of an application that uses a QML ShaderEffectItem? |
13:23.34 | alterego | It loses the GL context and can't get it back. |
13:24.02 | tomma | make it not to luse gl context |
13:24.08 | alterego | Erm .. |
13:24.12 | tomma | lose |
13:24.13 | alterego | Then you can't use shader items .. |
13:25.31 | tomma | for example with quick 3d you need to set QGlWidget as viewport |
13:25.45 | alterego | Hmm, |
13:32.04 | *** join/#harmattan mardy (~mardy@91-158-4-104.elisa-laajakaista.fi) |
13:35.00 | *** join/#harmattan hardaker (~hardaker@dhcp-116b.meeting.ietf.org) |
13:35.49 | *** join/#harmattan risca (~risca@wi-secure-2252.cc.umanitoba.ca) |
13:47.46 | *** part/#harmattan motogeek (8110b24e@gateway/web/freenode/ip.129.16.178.78) |
14:03.18 | *** part/#harmattan eg81 (~eg81@storm.fbsd.lt) |
14:05.13 | *** join/#harmattan M4rtinK (~M4rtinK@ip-89-102-207-166.net.upcbroadband.cz) |
14:07.20 | *** join/#harmattan sp3001 (~tt@cs78207043.pp.htv.fi) |
14:13.35 | macmaN | sup peep |
14:13.39 | macmaN | peeps* |
14:13.52 | macmaN | is there an internet access point shortcut app available yet? |
14:14.01 | macmaN | id like to get connected to my 3G with single-click |
14:14.46 | macmaN | wait damn |
14:23.40 | *** join/#harmattan jluisn (~quassel@187.115.172.24) |
14:40.59 | *** join/#harmattan jluisn (~quassel@187.115.172.24) |
14:52.12 | *** join/#harmattan bef0rd (~fernand0@unaffiliated/beford) |
15:02.08 | *** join/#harmattan rm_work (~rm_you@2605:2700:0:3::4713:9326) |
15:02.08 | *** join/#harmattan rm_work (~rm_you@Maemo/community/cssu/rm-you) |
15:05.57 | *** join/#harmattan djszapi (~lpapp@kde/developer/lpapp) |
15:06.33 | itsnotabigtruck | x29a: i don't think you need very special permissions for wifi scanning |
15:06.35 | *** part/#harmattan djszapi (~lpapp@kde/developer/lpapp) |
15:07.10 | itsnotabigtruck | just make sure you identify and assert all the permissions you need |
15:07.35 | itsnotabigtruck | e.g. iktwo released a wlan scanner that didn't work due to ignoring aegis permissions entirely |
15:10.05 | *** join/#harmattan leinir (~leinir@212-149-223-11.bb.dnainternet.fi) |
15:10.05 | *** join/#harmattan leinir (~leinir@amarok/usability/leinir) |
15:10.42 | *** join/#harmattan faenil (~faenil@131.114.10.238) |
15:13.44 | *** join/#harmattan arcean (~Arcean@aacx210.neoplus.adsl.tpnet.pl) |
15:13.52 | itsnotabigtruck | btw has anyone seen ajalkane around |
15:14.26 | itsnotabigtruck | looks like last time he was here was a few days ago |
15:16.09 | bef0rd | ~seen ajalkane |
15:16.21 | infobot | ajalkane <~ajalkane@a88-115-212-112.elisa-laajakaista.fi> was last seen on IRC in channel #harmattan, 2d 16h 59m 42s ago, saying: 'With these nuggets of wisdom, I depart to sleep'. |
15:16.21 | bef0rd | slaps infobot |
15:20.06 | Sazpaimon | in R&D mode, the charging indicator blinks rapidly |
15:20.22 | Sazpaimon | is that like, disk activity? |
15:20.39 | Sazpaimon | same with the red LED around the flash |
15:24.19 | itsnotabigtruck | http://i.imgur.com/P5Yfz.png |
15:24.26 | itsnotabigtruck | that's metal bands per capita |
15:24.33 | itsnotabigtruck | " |
15:24.45 | itsnotabigtruck | Scandinavia is pretty fucking metal. (i.imgur.com)" |
15:46.42 | *** join/#harmattan tomyri (~tomi@dsl-trebrasgw2-fe94de00-64.dhcp.inet.fi) |
15:47.51 | *** join/#harmattan NIN101 (~NIN@206.253.166.69) |
15:52.30 | Corsac | mhmh, is Elliot Walk around? |
16:21.13 | *** join/#harmattan cvaldemar (ftt@1385167366.dhcp.dbnet.dk) |
16:26.20 | *** join/#harmattan Anssi138 (~ae@a88-113-110-44.elisa-laajakaista.fi) |
16:43.00 | *** join/#harmattan piggz (~piggz@host-2-100-150-120.as13285.net) |
16:43.07 | *** join/#harmattan jaywink (~jaywink@cs181137044.pp.htv.fi) |
16:43.13 | *** join/#harmattan hardaker (~hardaker@ATuileries-153-1-47-148.w83-202.abo.wanadoo.fr) |
16:54.08 | *** join/#harmattan jreznik (~jreznik@36.173.broadband6.iol.cz) |
17:00.39 | *** join/#harmattan risca (~risca@wi-secure-2901.cc.umanitoba.ca) |
17:00.50 | *** join/#harmattan lucido (~krisztian@183.89.58.186) |
17:04.57 | *** join/#harmattan tgalal (~tarekg@p54BEAD28.dip.t-dialin.net) |
17:13.19 | Sazpaimon | tgalal, you should troll the whatsapp beggers by saying "every time someone asks for an update, the project will get delayed a week" |
17:13.24 | Sazpaimon | just saying |
17:24.05 | *** join/#harmattan e-yes__ (~e-yes@94.45.165.159) |
17:24.24 | *** join/#harmattan nwoki (~nwoki@host115-30-dynamic.117-80-r.retail.telecomitalia.it) |
17:24.24 | *** join/#harmattan nwoki (~nwoki@unaffiliated/nwoki) |
17:46.26 | *** join/#harmattan piggz (~piggz@host-2-100-150-120.as13285.net) |
17:52.04 | *** join/#harmattan jluisn (~quassel@187.115.172.24) |
17:52.50 | Sazpaimon | e-yes, did you do anything different with the dualboot binary youre distributing other than change CONFIG_LOCALVERSION to add the timestamp? |
17:53.08 | Sazpaimon | and is it the same as nitdroid-n9-2.6.32_draft3 |
17:55.33 | *** join/#harmattan rigo (~rigo@ANancy-551-1-68-181.w86-204.abo.wanadoo.fr) |
17:55.56 | *** join/#harmattan e-yes_ (~e-yes@213.5.73.38) |
17:56.21 | Sazpaimon | e-yes_, you get my last message? |
18:05.17 | e-yes_ | Sazpaimon, it's one of builds from draft3 branch |
18:05.57 | e-yes_ | Sazpaimon, why are you asking? |
18:08.58 | *** join/#harmattan jluisn (~quassel@187.115.172.24) |
18:10.35 | Sazpaimon | e-yes_, was trying to get it to build |
18:11.01 | Sazpaimon | i couldnt get it to boot, but then finally noticed that CONFIG_LOCALVERSION was set to just -dfl61 |
18:11.03 | *** join/#harmattan piggz (~piggz@host-2-100-150-120.as13285.net) |
18:11.26 | Sazpaimon | setting it to -dfl61-20115101 made it work, since thats what /lib/modules was expecting |
18:11.53 | e-yes_ | root@android:/ # uname -a |
18:11.53 | e-yes_ | Linux localhost 2.6.32.48-dfl61-20115101 #6 PREEMPT Sat Mar 17 23:09:26 MSK 2012 armv7l GNU/Linux |
18:12.01 | Sazpaimon | yeah |
18:12.27 | Sazpaimon | but doing just make zImage with the nitdroid defconfig gave me 2.6.32.48-dfl61 |
18:14.15 | e-yes_ | yeah, make tries to take localversion by parsing ../../changelog.Debian |
18:14.27 | Sazpaimon | ah |
18:14.36 | e-yes_ | http://pastebin.com/GcJpWGHC |
18:14.59 | Sazpaimon | yeah |
18:15.08 | Sazpaimon | just cp debian/changelog to ../../changelog.Debian |
18:15.14 | Sazpaimon | I'll remember that next time |
18:16.10 | Sazpaimon | anyway, I added some patches from nemo to attempt to get it to boot with sillyboot, but its just shutting down... |
18:16.22 | Sazpaimon | an strace isnt helping, it just gives me an empty strace log |
18:16.39 | e-yes_ | it==nitdroid? |
18:16.53 | Sazpaimon | no, nemo |
18:17.31 | Sazpaimon | trying to build a kernel that supports nitdroid, harmattan and nemo |
18:17.52 | Sazpaimon | strange that nemo's init isnt even doing anything |
18:18.03 | e-yes_ | ah. btw, how functional nemo is? is it something i have to try? or may be it's on some early development stage? |
18:18.32 | e-yes_ | btw, try to add "2>&1" before redirecting strace's output |
18:18.35 | Sazpaimon | i havent gotten a lot of use out of it |
18:18.51 | tehdely | i find that strace works better if i pronounce it like it was italian |
18:18.58 | tehdely | estratchay |
18:19.00 | Sazpaimon | im just doing exec /usr/bin/strace -o /init.strace.log -f -s 128 /usr/sbin/chroot /mnt/$(printf "%s" $os |cut -d'|' -f2) $(printf "%s" $os |cut -d'|' -f3) |
18:19.23 | Sazpaimon | those printtfs are the mountpoint and init script of the selected os |
18:19.38 | Sazpaimon | it works for nitdroid, it populates the init.strace.log file just fine |
18:19.48 | Sazpaimon | nemo, though, just gives me an empty file |
18:20.56 | Sazpaimon | as far as nemo's usability, its not bad |
18:22.37 | Sazpaimon | but yeah, i'll append > log 2>&1 to that entire command |
18:22.43 | Sazpaimon | might help |
18:26.34 | Sazpaimon | also 0 bytes |
18:26.41 | Sazpaimon | really weird |
18:40.49 | *** join/#harmattan jluisn (~quassel@187.115.172.24) |
18:44.54 | *** join/#harmattan djszapi (~lpapp@kde/developer/lpapp) |
18:45.10 | *** part/#harmattan djszapi (~lpapp@kde/developer/lpapp) |
18:46.07 | *** join/#harmattan jluisn (~quassel@187.115.172.24) |
18:49.30 | *** join/#harmattan M4rtinK (~M4rtinK@ip-89-102-207-166.net.upcbroadband.cz) |
18:57.27 | *** join/#harmattan jluisn (~quassel@187.115.172.24) |
18:58.46 | *** join/#harmattan jreznik (~jreznik@36.173.broadband6.iol.cz) |
19:09.41 | *** join/#harmattan gabriel9 (~gabriel9@31.223.217.37) |
19:19.15 | *** join/#harmattan tomyri (~tomi@dsl-trebrasgw2-fe94de00-64.dhcp.inet.fi) |
19:30.42 | *** join/#harmattan bindi (~bindi@f430.ip15.netikka.fi) |
19:33.01 | *** join/#harmattan [XeN] (~XenGi@cpe-001a4ff1d981.ip-pool.rftonline.net) |
19:40.12 | *** join/#harmattan hardaker (~hardaker@ATuileries-153-1-47-148.w83-202.abo.wanadoo.fr) |
19:42.27 | bindi | I would kill for an harmattan OS on a device like.. say.. my galaxy nexus |
19:49.20 | Sazpaimon | bindi, then do it |
19:49.32 | bindi | can't :p |
19:49.45 | Sazpaimon | can't what? kill for it? |
19:49.49 | bindi | lol |
19:50.22 | *** join/#harmattan blueslee (~blueslee@ip-109-90-73-55.unitymediagroup.de) |
19:50.42 | Sazpaimon | you wouldnt need to kill for it, maybe just hold someone at gunpoint |
19:50.55 | *** join/#harmattan risca (~risca@wi-secure-4931.cc.umanitoba.ca) |
20:06.13 | rigo | bindi, do you have an N9? |
20:06.20 | bindi | sure |
20:06.30 | bindi | well, my mum does :D |
20:06.58 | rigo | so much slower that you dream harmattan on something like galaxy? |
20:07.25 | bindi | i just like the UI |
20:07.28 | itsnotabigtruck | bindi: or you could wait for n9s to get a little cheaper and just buy one |
20:07.30 | bindi | or UX or w/e you call it |
20:07.34 | *** join/#harmattan tbf (~mathias@p5B3D5983.dip.t-dialin.net) |
20:07.46 | bindi | itsnotabigtruck: nah, already got the galaxy nexus, i'll stick to it hardware-wise and all that :P |
20:09.07 | Sazpaimon | alright, got busybox telnetd working |
20:09.23 | Sazpaimon | now to figure out why nemo isnt booting |
20:13.31 | *** join/#harmattan tarantism (~tarantism@cpc1-cmbg4-0-0-cust285.5-4.cable.virginmedia.com) |
20:18.10 | Sazpaimon | or telnet can immediately close the connection, sure that works too |
20:21.26 | *** join/#harmattan blueslee (~blueslee@ip-109-90-73-55.unitymediagroup.de) |
20:23.00 | *** join/#harmattan luke-jr (~luke-jr@2001:470:5:265:222:4dff:fe50:4c49) |
20:31.13 | *** join/#harmattan teleshoes (~teleshoes@pool-74-108-147-150.nycmny.fios.verizon.net) |
20:31.17 | teleshoes | hey |
20:31.44 | teleshoes | does anybody know where "Turn display on by double tapping" is? |
20:31.55 | teleshoes | is it a gconf? |
20:32.40 | itsnotabigtruck | it must be |
20:32.53 | teleshoes | i certainly hope so, but i missed it somehow |
20:38.56 | *** join/#harmattan tarantism (~tarantism@cpc1-cmbg4-0-0-cust285.5-4.cable.virginmedia.com) |
20:39.07 | teleshoes | hey, where is the gconf on the filesystem on dis ting anyway? |
20:44.19 | frals | gconftool-2 -R / not good enough? |
20:46.04 | teleshoes | i wanted to find the schemas |
20:46.06 | teleshoes | found em |
20:46.14 | teleshoes | /usr/share/gconf/schemas |
20:46.24 | teleshoes | but yea, itd be nice to actually have my values be greppable |
20:46.29 | teleshoes | a la ~/.gconf |
20:46.32 | teleshoes | on debian systems |
20:46.40 | teleshoes | %gconf.xml |
20:47.19 | teleshoes | i guess 'gconftool-2 -R /' is better anyway |
20:47.20 | teleshoes | thanks |
20:50.10 | *** join/#harmattan djszapi (~lpapp@kde/developer/lpapp) |
20:50.15 | djszapi | bef0rd: hey :) |
20:50.26 | djszapi | what partitioning backend do you have on Mac ? |
20:54.06 | bef0rd | djszapi, partitioning backend? not sure what is that, I'm using the same defualt partitioning scheme GPT I believe |
20:54.45 | djszapi | bef0rd: we have libparted and udisks on linux |
20:59.32 | djszapi | bef0rd: does any of those present on Mac ? |
20:59.42 | djszapi | bef0rd: for instance, if you would like to build a qt based partitioner ? |
20:59.53 | bef0rd | yea, I've no idea |
20:59.55 | bef0rd | sorry |
20:59.55 | bef0rd | xD |
21:00.02 | bef0rd | :D |
21:00.11 | djszapi | bef0rd: I mean cannot you check with the package mangaer ? |
21:00.12 | djszapi | manager* |
21:00.22 | bef0rd | there is no package manager in OSC |
21:00.24 | bef0rd | OS x |
21:01.07 | djszapi | o_O |
21:01.13 | bef0rd | :D |
21:01.31 | bef0rd | not officially, you can use external to get opensource stuff |
21:01.37 | bef0rd | like homebrew, macports, fink |
21:01.45 | djszapi | so you browse the mac ports etc manually ? |
21:01.51 | djszapi | yes, exactly. |
21:01.56 | djszapi | wanted to mention homebrew, fink and friends. |
21:02.04 | djszapi | are any of these partition libraries available in those ? |
21:02.12 | bef0rd | ah ok, let me see |
21:07.36 | bef0rd | libparted and udisk is not available on homebrew |
21:07.39 | *** join/#harmattan befr0d (~beford@186.85.3.28) |
21:10.39 | bef0rd | <PROTECTED> |
21:10.42 | bef0rd | http://developer.apple.com/library/mac/#documentation/Darwin/Reference/ManPages/man8/diskmanagementd.8.html |
21:12.51 | *** join/#harmattan beford_ (~beford@186.85.3.28) |
21:28.45 | djszapi | bef0rd: thanks. |
21:40.29 | itsnotabigtruck | what's up with newsy and panorama not being accessible from ovistoreclient :/ |
21:40.51 | itsnotabigtruck | a regular user is certainly not going to know the backdoor way to download a deb, and then how to install it from the terminal |
21:42.20 | itsnotabigtruck | http://store.ovi.com/content/45975?clickSource=homepage&pos=27 < $2 for that? wallpaper/ringtone vendors are absolute scum |
21:43.12 | bef0rd | yea, and not everybody is allowed to sell backgrounds imagine if that was the case |
21:43.18 | itsnotabigtruck | so is nokia's ovi operation for both allowing that sort of business, and granting such vendors a monopoly (unlike apps, you have to do a special registration process, and be an actual corporation with substantial liability insurance) |
21:43.37 | itsnotabigtruck | yeah |
21:44.43 | franz` | good thing microsoft won't let that happen on the windows marketplace right? right?? |
21:45.25 | itsnotabigtruck | franz`: well, i thought wp marketplace was for apps and apps only |
21:45.31 | *** join/#harmattan niqt (~quassel@host66-35-dynamic.23-79-r.retail.telecomitalia.it) |
21:45.35 | itsnotabigtruck | so, so far they aren't letting that happen then |
21:46.34 | itsnotabigtruck | microsoft is distinctly trying to distinguish itself from some of the other vendors that cuddle too closely with carriers and incumbents and deliver inferior products for it |
21:47.28 | itsnotabigtruck | bef0rd franz` bindi frals rigo: if any of you are still around |
21:47.48 | bef0rd | hi |
21:47.51 | itsnotabigtruck | what do you think about the best approach for a trusted execution utility for inception |
21:47.57 | itsnotabigtruck | that is, sudo for aegis |
21:48.05 | itsnotabigtruck | (or su, or newrole, or whatever) |
21:49.01 | franz` | sudo gaincap CAP:whatever /path/to/exec |
21:49.04 | itsnotabigtruck | i was tossing an idea around in my head for some mechanism for defining which credentials a particular user is allowed to assert |
21:49.31 | itsnotabigtruck | like, root password = any capability, developer password = dev capabilities, etc. |
21:49.39 | itsnotabigtruck | but it could be reconfigured |
21:49.42 | franz` | oh that'd be nice |
21:49.44 | itsnotabigtruck | but that's a lot of complexity |
21:50.05 | itsnotabigtruck | also, forking sudo would add a lot of unwanted complexity, though the basic sudo concept could easily be emulated |
21:50.29 | itsnotabigtruck | that is, drop a token to allow multiple password-free invocations in a row |
21:51.20 | franz` | how did fremantle handle messing with sudo? (for 'sudo gainroot') |
21:51.26 | itsnotabigtruck | for the sake of comparison, with selinux you have a) newrole - like su but for selinux roles |
21:51.55 | itsnotabigtruck | b) sudo has selinux support built in, which allows you to change roles along with regular sudo operation if you set that in your sudoers file |
21:52.00 | franz` | oh |
21:52.08 | itsnotabigtruck | so sudo foo would a) become root, b) change to sysadm_r |
21:52.34 | itsnotabigtruck | but selinux already has that roles concept built in, aegis doesn't |
21:53.19 | itsnotabigtruck | so there's no existing concept that allows for bundling together credentials into roles, or whatnot |
21:53.54 | franz` | can't you piggyback onto those aegis.manifest files? |
21:55.23 | itsnotabigtruck | franz`: in what way? |
21:56.09 | franz` | aegisload /path/to/aegis.manifest, and it reads what caps a certain exec needs? |
21:56.14 | itsnotabigtruck | also regarding your original example, there's 33 linux capabilities |
21:56.20 | itsnotabigtruck | no one wants to list all of them on the command line :p |
21:56.21 | franz` | oh :P |
21:56.58 | itsnotabigtruck | also, if the process had an aegis manifest that asserted the needed capabilities, this program wouldn't be needed |
21:57.25 | itsnotabigtruck | in general this is for running system utilities with elevated capabilities |
21:57.49 | itsnotabigtruck | especially cap::sys_admin, cap::dac_override, tcb |
21:57.58 | itsnotabigtruck | that wouldn't normally run with them |
21:59.50 | franz` | how about files with predefined capability lists? |
22:00.23 | franz` | aegisetc chown etc |
22:00.33 | itsnotabigtruck | hmm |
22:00.40 | franz` | would look in... I don't know, /usr/share/aegismanifests/chown.manifest |
22:01.03 | franz` | add a couple for the most common tasks |
22:01.25 | itsnotabigtruck | franz`: why not just assert everything though for root tasks |
22:01.29 | itsnotabigtruck | well, one reason is the source check |
22:01.56 | itsnotabigtruck | i'm wondering if there's a better way to deal with that than having people manually install aegisctl and run it directly every boot |
22:02.46 | itsnotabigtruck | it's a shame very few things use inherit policies (which subset the inherited credentials instead of adding new ones) |
22:02.47 | franz` | a daemon that checks with your endno.de server for a list of execs and their needed privileges (haha no there'd be so much drama) |
22:02.54 | itsnotabigtruck | lol |
22:03.26 | itsnotabigtruck | if aegis was based around inherit policies and not add/set policies it would be so much more secure |
22:05.48 | itsnotabigtruck | anyway...the role based approach is growing on me |
22:07.29 | itsnotabigtruck | still not sure about how to make it usable though |
22:08.59 | itsnotabigtruck | also, it's highly unfortunate that the n9 doesn't have pam |
22:09.43 | franz` | isn't that a kernel module? |
22:10.04 | franz` | oh maybe not nvm |
22:10.21 | itsnotabigtruck | nah, it's a user-mode framework for managing user accounts |
22:10.40 | itsnotabigtruck | the n9 does it old school with crypt'd passwords in /etc/passwd, world readable |
22:12.03 | franz` | whoa, really? not even an /etc/shadow? |
22:12.08 | franz` | lol nokia |
22:12.12 | itsnotabigtruck | yup |
22:13.02 | itsnotabigtruck | that might be one thing to fix in a CSSU-type thing |
22:13.12 | itsnotabigtruck | retrofit coreutils/etc., pam, and so on |
22:13.40 | itsnotabigtruck | make it more like a real *nix system |
22:15.23 | *** join/#harmattan smokex|away (smokex@199.127.225.125) |
22:17.12 | aquarius | I've been trying to compile a phonegap app for my n9 using qt creator. I've set up scratchbox and pointed QtCreator at it following the instructions on the nokia site, but my app says that it's not a harmattan build, because MEEGO_VERSION_MAJOR isn't defined. Does this suggest I'm doing something wrong? |
22:17.44 | itsnotabigtruck | aquarius: i think that's defined in some qt header file |
22:17.55 | itsnotabigtruck | qplatformdefs.h |
22:18.05 | aquarius | itsnotabigtruck, yeah, that's what worries me, because it suggests that I'm not doing the compilation right. |
22:18.35 | itsnotabigtruck | aquarius: hmm, there's a page on the nokia site suggesting defining them explicitly in the pro file |
22:18.43 | itsnotabigtruck | i.e. as compiler flags |
22:18.46 | aquarius | hrm hrm. |
22:18.47 | itsnotabigtruck | http://harmattan-dev.nokia.com/docs/library/html/guide/html/Developer_Library_Reference_documentation_Porting_applications_to_Harmattan.html |
22:19.02 | aquarius | I wish the PhoneGap for Qt people hung out in here :( |
22:20.34 | itsnotabigtruck | how about this |
22:20.54 | itsnotabigtruck | inceptdo program args -> prompts for current user's password and asserts credentials enabled for current user |
22:21.07 | itsnotabigtruck | inceptdo @root program args -> prompts for root's password and asserts credentials enabled for root |
22:21.27 | itsnotabigtruck | credential-user mapping controlled from a central config file |
22:21.42 | itsnotabigtruck | (should the config file be tcb-protected or not?) |
22:21.44 | itsnotabigtruck | franz`^ |
22:23.33 | franz` | sounds nice |
22:23.49 | franz` | and yeah protect it, don't want random execs tampering with it |
22:23.52 | itsnotabigtruck | also inceptdo isn't a final name, need to settle on something |
22:24.12 | itsnotabigtruck | but most users will grant root all access, and then any process can mutate /etc/passwd and change the root password |
22:24.17 | itsnotabigtruck | without tcb access |
22:24.31 | itsnotabigtruck | rendering protecting /etc/inceptdoers or whatnot moot |
22:25.19 | itsnotabigtruck | also, the system has lots of vulnerabilities, an evil program could re-exploit the system, or simply replace inception's package |
22:25.52 | franz` | so you're saying it's pretty much not worth trying to protect it? |
22:25.55 | itsnotabigtruck | though i'm thinking about mitigations for that 2nd part |
22:26.23 | itsnotabigtruck | more or less, though i'm not sure |
22:26.33 | itsnotabigtruck | i mean, i don't want to make the system any less secure, but it's pretty damn insecure to begin with |
22:27.28 | franz` | lol |
22:28.16 | itsnotabigtruck | also as it stands inception works ok on open mode, i wonder what the implications of trying to tcb-protect files on open mode would be |
22:28.44 | itsnotabigtruck | dpkg doesn't bother trying to tcb-protect aegis files when in open mode |
22:35.30 | *** join/#harmattan teleshoes (~teleshoes@pool-74-108-147-150.nycmny.fios.verizon.net) |
22:45.57 | *** join/#harmattan nwoki (~nwoki@unaffiliated/nwoki) |
22:49.30 | DocScrutinizer | idly wonders why the hell not a *single* random exec tampered with any file owned by root and properly chmod'ed, on my PC |
22:50.26 | DocScrutinizer | nononono, I don't expect anybody to answer. It was rhetorical and sarcastic |
22:50.37 | itsnotabigtruck | lol |
22:51.01 | itsnotabigtruck | well, the difference is that your normal linmux system doesn't have any levels of access beyond root |
22:52.49 | DocScrutinizer | pff |
22:53.23 | DocScrutinizer | it has user matrix, user supervisor, user dom0 |
22:53.34 | DocScrutinizer | and user God |
22:57.32 | DocScrutinizer | wonders what those "levels of access beyond root" might be on HARM |
22:58.18 | SpeedEvil | root with all permissions from aegis |
22:58.43 | DocScrutinizer | unless of course you mean HARM abandoned root in favour of a weird halfarsed concept |
22:59.12 | DocScrutinizer | root with X is not *beyond* root |
22:59.28 | itsnotabigtruck | root with no capabilities < root with some capabilities < root with all capabilities < root with tcb |
22:59.30 | itsnotabigtruck | of course it is |
22:59.52 | DocScrutinizer | so root with tcb is not root then? |
22:59.55 | DocScrutinizer | UHUH |
23:00.15 | SpeedEvil | for a while had an ordinary user called root. |
23:00.23 | *** join/#harmattan nwoki_ (~nwoki@host115-30-dynamic.117-80-r.retail.telecomitalia.it) |
23:00.43 | DocScrutinizer | for a while has ordinary users with UID 0 ;-P |
23:00.44 | *** join/#harmattan nwoki_ (~nwoki@host115-30-dynamic.117-80-r.retail.telecomitalia.it) |
23:01.12 | itsnotabigtruck | DocScrutinizer: well, if we define "root" as "having uid=0", root with tcb is a strict superset of root |
23:01.15 | DocScrutinizer | most easy way to crack a system when you have nothing but a hex diskeditor |
23:01.19 | itsnotabigtruck | so it is root, but it's more than root |
23:02.04 | DocScrutinizer | and if I define HARM as BS, then everything aegis related is nonsense to discuss |
23:02.59 | itsnotabigtruck | and if you admit the possibility of having uid=0 but being deprivileged, then having the ability to modify a file and obtain those privileges is a security gap |
23:03.04 | itsnotabigtruck | damn ssh lag, i'm literally sitting here watching my text input go into the box |
23:03.44 | *** join/#harmattan nwoki (~nwoki@unaffiliated/nwoki) |
23:03.54 | DocScrutinizer | >>protect it, don't want random execs tampering with it<< c'mon! BWAHAHA |
23:04.34 | DocScrutinizer | THINK about it! |
23:05.22 | DocScrutinizer | you're saying a file needs additional protection because there are root instances that don't have all privileges? sound rationale! |
23:07.06 | itsnotabigtruck | DocScrutinizer: well, were this a selinux system you wouldn't let a program running as uid=0 but user_r mess with the systemwise selinux policy |
23:07.49 | itsnotabigtruck | this type of scenario exists with EVERY mac architecture |
23:08.05 | DocScrutinizer | and if this were a wiener saussage, it couldn't get used to drill for oil |
23:08.21 | DocScrutinizer | meh |
23:09.41 | DocScrutinizer | I mean it's only *your* fault if you think it's a good idea to run arbitrary programs with UID=0 |
23:09.50 | itsnotabigtruck | DocScrutinizer: ood thing i'm not comparing this to a sausage, i'm comparing it to another system with similar goals |
23:09.56 | itsnotabigtruck | well, not quite, aegis is sort of a weird example of a mac system, but it's the same general concept no doubt |
23:10.32 | DocScrutinizer | and you suppose this sentence is related to my last post how? |
23:11.37 | DocScrutinizer | are you suggesting aegis got invented to allow running everything as root, just like on crappy managed windoze systems? |
23:12.01 | DocScrutinizer | I don't see any sense in this discussion |
23:14.56 | itsnotabigtruck | DocScrutinizer: no, but there'sa lot of crap that probably shouldn't be run as root but is |
23:15.39 | itsnotabigtruck | ugh, this lag is extreme, i don't now what's going on |
23:17.27 | DocScrutinizer | mhm, yeah. And if we have such a great thing like aegis, we finally got the ultimate solution to this |
23:18.28 | itsnotabigtruck | DocScrutinizer: we all know how much you like aegis but being bitter about it all the time is doing absolutely nothing good |
23:18.52 | DocScrutinizer | actually in 30 years on dozens of OS, on 1000s of systems, I *never* encuntered a single problem where I'd have thought "I wish there was a thing like aegis to solve this properly" |
23:19.20 | DocScrutinizer | I'm not bitter at all, I'm ROTFL about it |
23:19.48 | DocScrutinizer | and about the ideas that it gives users, regarding "security" |
23:20.04 | itsnotabigtruck | especially because it's already there, it's not like nokia is taking it out at this point, and it's probably going the same route as harmattan now that the n9 isn't to have a successor |
23:21.19 | itsnotabigtruck | and you'd think something like that if oneof your servers got owned and gave an attacker all access |
23:21.34 | itsnotabigtruck | aegis is misimplemented for numerous reasons but you seem to just hate security |
23:22.01 | itsnotabigtruck | well, hate non-conventional security models |
23:22.42 | itsnotabigtruck | since a lot of the things you bring up are things that are just stuff you have to deal with on any system that goes beyond root / not root |
23:24.39 | DocScrutinizer | go beyond God |
23:24.41 | DocScrutinizer | BS |
23:25.07 | DocScrutinizer | invent a kinky system concept, then come up with a kinky solution for it |
23:25.46 | DocScrutinizer | actaully I'd be bitter if I had spent money for that crap, but I only wasted my time, and that I'm free to stop right here and now |
23:30.02 | itsnotabigtruck | DocScrutinizer: more like - go between peasant and god |
23:30.40 | itsnotabigtruck | all or nothing just isn't that great of a solution |
23:35.50 | DocScrutinizer | and a Wiener actually is no good drilling tool for mineral oil exploration |
23:46.01 | Sazpaimon | anyone with experience with nemo mobile around here? #nemomobile is pretty dead around thid time |