**** BEGIN LOGGING AT Thu Sep 22 02:59:57 2011 Sep 22 06:14:04 luke-jr: ?? recorder, both channels? Sep 22 06:14:29 luke-jr: which both channels? Sep 22 06:15:11 DocScrutinizer: in a call Sep 22 06:15:24 aaaah, of course, yes Sep 22 06:15:33 applying for a webdeveloper job with nokia's mobile division, bad move? Sep 22 06:15:52 I don't even know why they need a web developer. Didn't they kill ovi? Sep 22 06:17:04 luke-jr: at least last time I checked I think it did Sep 22 06:21:24 http://www.theregister.co.uk/2011/09/21/secure_boot_firmware_linux_exclusion_fears/ Sep 22 06:25:24 ruskie: simple answer: don't buy it Sep 22 06:25:56 DocScrutinizer: don't buy computers? Sep 22 06:25:58 simple answer for N9+aegis: don't buy it Sep 22 06:26:15 DocScrutinizer: don't "convert" anyone to Linux ever again? Sep 22 06:27:31 luke-jr: I "convert to linux" my clients prior to them buying their hardware, and I tell them what hardware to buy Sep 22 06:27:40 DocScrutinizer, did you actually read the article? Sep 22 06:28:14 no, I gather it's a friggin PC with Fritzchip and locked bootloader Sep 22 06:28:34 aka Bios Sep 22 06:29:40 DocScrutinizer, no Sep 22 06:29:54 I've not heard of any technology to retroactively kill PCs that allow boting via Grub Sep 22 06:30:01 DocScrutinizer, it's M$ trying to push trusted computing inte UEFI as mandatory Sep 22 06:30:04 with them holding the keys Sep 22 06:30:27 so why "No"? That's exactly what I said Sep 22 06:31:46 and btw that's exactly what Nokia did with Aegis Sep 22 06:34:29 and M$ is trying to push TC since errr >10 years now? Sep 22 06:36:27 and the answer of any reasonable hw office in any large company been exactly like mine: Don't buy it, we want to be in control of our hw, not to delegate control to friggin $random-manufacturer Sep 22 06:36:57 on a related topic: Sep 22 06:36:59 ~aegis Sep 22 06:36:59 methinks aegis is http://www.developer.nokia.com/Community/Wiki/Harmattan:Developer_Library/Developing_for_Harmattan/Harmattan_security/Security_guide , or "The purpose of this framework is: ... to make sure that the platform meets the requirements set by third party software that requires a safe execution environment.", or http://en.wikipedia.org/wiki/Trusted_Computing#Criticism, or http://en.qi-hardware.com/w/images/1/10/ME_382_LockedUpTechnology2.gif Sep 22 06:41:35 DocScrutinizer: so you see no interest in bringing average Joe Desktop User to Linux? Sep 22 06:41:58 luke-jr: sorry, your question makes no sense to me Sep 22 06:42:24 DocScrutinizer: you know, the guy who bought his PC at BestBuy and didn't know Linux existed until he met you Sep 22 06:42:48 who wants to give it a try, but OOPS-- it's impossible because his PC will never run anything but Windows Sep 22 06:42:50 too bad for him I have to tell him he bought junk Sep 22 06:43:00 and he'll go on using Windows Sep 22 06:43:09 :shrug: Sep 22 06:43:13 along with the rest of the world who will never change because they will never have a choice Sep 22 06:43:25 not everyone can build computers Sep 22 06:44:01 could be worse, he could have bought an N9 and be interested in true linux, and I had a real hard afternood to explain to him why HARM with aegis isn't true linux Sep 22 06:44:13 and no PC manuf is going to give up Windows OEM just so people can use Linux, so long as Windows has the marketshare it does Sep 22 06:44:38 DocScrutinizer: the handheld market has never been truly free Sep 22 06:44:45 the desktop market has Sep 22 06:45:32 well, I think I said everything that's relevant to explain my take on that. Why don't we have TC in all computers since 10 years? Sep 22 06:50:40 DocScrutinizer: at least TC could be disabled Sep 22 06:51:04 as to why-- because people made a fuss Sep 22 06:51:16 if people don't make a fuss because "oh, it'll never happen", it WILL happen Sep 22 06:51:23 BS, what's the difference between TC and the shit ruskie explained this new M$ initiative plans to do? Sep 22 06:52:12 DocScrutinizer, M$ and vendors control the keys and say what is allowed and isn't allowed... there is no disabling... they say what is and isn't allowed to run Sep 22 06:52:37 it's just initiative #736 of M$ et al to force TC into the market Sep 22 06:53:05 ruskie: so why you're teaching *me* about that? Sep 22 06:55:28 your IBM or Intl laptop is exactly such a machine, afaik they all have TPM aka fritzchip since years, just nobody want to use it, and if they dare to ship it with a BIOS that forces TPM into efect and can't get replaced by another BIOS that allows to run the system with fritzchip killed, no major company will allow to use that hardware for their business Sep 22 06:57:46 so maybe major hw / mainboard manufs will support it in their BIOS in future, but if they don't want to lose the business sector they want to make clear there's a way to install a BIOS that allows to switch off the TC crap Sep 22 06:59:49 and M$ maybe will ship a windows that needs mandatory TC but they won't be able to sell that "home version" to business sector, so they won't stop producing windows versions that run without fritzchip, and you see what that implies for the mainboard manufs in turn Sep 22 07:02:51 hell, there are even FOSS BIOS implementations around, don't you know? Sep 22 07:04:59 this is all assuming flashing tools won't be blacklisted Sep 22 07:05:37 no it is assuming industry will refuse to buy hw that comes with flashing tools "blacklisted" Sep 22 07:07:00 try to blacklist my JTAG or EPROM flasher Sep 22 07:07:09 ;-) Sep 22 07:08:15 though that's bad enough for big business to reject the hw, if there's no way to reflash *arbitrary* BIOS without special hardware flashers Sep 22 07:10:19 fwiw, tpm modules are frequently used for proper beneficial reasons, just not that often in desktops. Sep 22 07:10:38 I really don't know why you worry about PCs and laptops where big business will care about TC never achieving world dominion, while you don't say a work about meego HARM and aegis, where Nokia already shipped a device that has all the shit in place and working just fine Sep 22 07:11:20 s/a work/a word/ Sep 22 07:11:21 DocScrutinizer meant: I really don't know why you worry about PCs and laptops where big business will care about TC never achieving world dominion, while you don't say a word about meego HARM and aegis, where Nokia already shipped a device that has all the shit in place and wo... Sep 22 07:12:18 just because meego allegedly is linux and not winP7? duh! Sep 22 07:14:43 DocScrutinizer, no because mobile devices have always been f... up Sep 22 07:14:45 rumour has it the HARM-beta2 firmware now actually allows you to flash your alternative "true linux", but that's yet to get confirmed. Beta1 didn't, it was a locked down hardware+firmware system exactly like the ones you moan about some posts up, for "real PCs" Sep 22 07:14:57 ruskie: that's BS Sep 22 07:15:11 N900 is as open as it gets, with respect to that Sep 22 07:15:22 there are exceptions Sep 22 07:15:32 meh Sep 22 07:16:17 I detect selective blindness and won't continue this convo until you do sth about it Sep 22 07:17:03 well you seem to have the same issue... "don't buy" aka ignore that those things exist Sep 22 07:17:21 bullshit Sep 22 07:18:15 and frankly until the n9 is out I won't really be able to comment on it since other than the stuff that's been reported about n950 can't really say anything Sep 22 07:18:27 * DocScrutinizer throws a can with paint and a brush at ruskie, so he can paint some banners for his 1-man-demo in front of M$-headquarters Sep 22 07:18:46 haha Sep 22 07:18:55 I don't like anyone doing this Sep 22 07:19:04 not just m$ Sep 22 07:19:51 so you're accusing *ME* to *ignore* TC madness? WTF?! Sep 22 07:19:58 ~factinfo aegis Sep 22 07:19:58 aegis -- created by DocScrutinizer <~halley@openmoko/engineers/joerg> at Mon Jul 4 01:10:47 2011 (80 days); last modified at Sun Aug 7 12:42:40 2011 by DocScrutinizer!~halley@openmoko/engineers/joerg; it has been requested 39 times, last by DocScrutinizer, 42m 59s ago. Sep 22 07:20:55 ruskie: please get another cup of coffe, then come back with this topic in a few hours when your mind finally awakened Sep 22 07:21:31 so why aren't you doing something with your JTAG and EPROM flasher to get rid of aegis? Sep 22 07:21:32 oo Sep 22 07:21:48 and no I don't drink coffee but true.. it is a bit early for my brain Sep 22 07:22:18 becuase there's no FOSS xloader with proper signature matching that of Nokia, fool! Sep 22 07:22:54 hello Sep 22 07:22:58 and I'm the one bitching most about aegis being BS Sep 22 07:23:16 DocScrutinizer, probably because you're the ony trying to work around it the most Sep 22 07:23:23 so please stop annoying and blaming me, while you do exactly NUTTIN Sep 22 07:24:05 except moaning about TC in PCs while you ignore TC in our beloved phones Sep 22 07:42:14 ruskie: there are chanlogs of #harmattan, and there's a whole forum about meego(-harmattan), esp with that thread: http://forum.meego.com/showthread.php?t=4575 - you're free to inform yourself and contribute there before it's too late Sep 22 07:42:23 .зфке Sep 22 07:42:28 duh. sorry. Sep 22 08:49:23 DocScrutinizer, interesting thread Sep 22 08:59:04 Wow. Aegis won't even allow you to read the kernel logs? Talk about impossible development... Sep 22 09:03:23 ErwinJunge: that's ot the point though. Aegis will forbid you doing whatever *NOKIA* feels you shouldn't do (or simply can't think of why you'd ever want to do that), so you're completely under the random whim of those who control aegis config, and there's no way to regain full control of your system. THAT is the crux of all TC (and aegis is a true TC implementation), not the question if this TC is configured in a way it allows you to do X Sep 22 09:03:24 or forbids Y. Sep 22 09:04:55 after all Nokia can change the policies any day, 3 times a day if they like to Sep 22 09:05:09 Scary stuff, this move to TC from all sides. Sep 22 09:05:36 I can build my own pc, but on the laptop and mobile front it's starting to look very 1984ish... Sep 22 09:07:50 "Trusted computing" is an euphemisms for this kind of stuff imo Sep 22 09:08:11 Should be called "crippled" or "locked down" Sep 22 09:08:49 yes Sep 22 09:08:52 did you see the youtube amiconn Sep 22 09:09:02 Trustless Computing Sep 22 09:09:14 no Sep 22 09:09:31 you should it is excellent Sep 22 09:09:58 http://www.youtube.com/watch?v=UnXU7z2_6Jg Sep 22 09:10:05 ++++++++++ Sep 22 09:10:21 the "trust is mutual"? Sep 22 09:12:11 * Sicelo has just been able to connect his cdma modem through h-e-n. time for ppp scripts Sep 22 09:12:46 yeah, that one. Posted that a lot, it's exactly to the point though not very deep Sep 22 09:13:30 Sicelo: :-D Alas we probably won't be able to bring h-e-n to N9, thanks Aegis Sep 22 09:13:39 i ended up making my own Y-cable. Sep 22 09:13:52 yeah, bad Sep 22 09:14:19 DocScrutinizer: it is one of the best propaganda videos ever in the modern age Sep 22 09:14:23 (helps that it is true) Sep 22 09:14:27 one of the reasons why i bought my N900 2 weeks after N9 release Sep 22 09:14:38 belsatsar, great video! Sep 22 09:15:00 the video makes a key point at 1:30 though, TC itself isnt a dirty word, just totalitarian implementations of it Sep 22 09:15:02 http://maxborgesagency.com/press/aoc-unveils-16-inch-portable-usb-monitor-the-must-have-laptop-accessory/ --> How likely is it that this would work with h-e-n and a y-cable? Sep 22 09:15:02 and it's so german too... belief/believe Sep 22 09:16:02 ErwinJunge: just processing the video would take a large chunk of a handheld's cpu Sep 22 09:16:36 mini-hdmi is the answer for external displays Sep 22 09:19:10 belsatsar: Hm... but could it work? I've had this idea of running an entire desktop of the phone for a while, this is the missing piece :) kb/mouse is easy. I'm not talking about complicated stuff, just a plain 2d desktop, browser and a programming editor. Sep 22 09:21:05 ErwinJunge: way too heavy Sep 22 09:21:28 well, maybe borderline Sep 22 09:21:37 have you used vnc? Sep 22 09:22:02 In the past, yes. Not on the phone though. Sep 22 09:22:21 it will give you an idea of the performance you can expect Sep 22 09:22:26 vnc over usb Sep 22 09:23:54 I'd expect vnc to be quite a bit more intensive than just sending images to a monitor. I'd also needs to handle encryption. Sep 22 09:24:08 At least, I hope vnc does encryption, haven't used it in ages. Sep 22 09:27:04 vnc traffic isnt generally encrypted by default Sep 22 09:27:23 ErwinJunge: you can tunel vnc through ssh Sep 22 09:28:04 edheldil: That seems a bit pointless. If you're already tunneling stuff through ssh, why do you need vnc? Just tunnel the app itself. Sep 22 09:28:17 http://www.youtube.com/watch?v=Gd4s3GtONqY This is very good! Sep 22 09:28:40 by the same author as the anti tpm video mece Sep 22 09:28:56 ErwinJunge: how are you going to get a windows desktop over ssh? Sep 22 09:29:03 for example. Sep 22 09:29:51 nid0: we know Sep 22 09:30:08 nid0: Never have that issue, luckily ;) Anyways, to wrap up this discussion: I'll probably end up getting on of these screens for my laptop anyways, so I'll try it with the phone then :) Sep 22 09:30:18 ErwinJunge: also we use it for consoles of virtual hosts Sep 22 09:30:31 ErwinJunge: i run an archos 70 tablet as my side monitor Sep 22 09:30:42 i use 'synergy' to controll it with my laptop keyboard/mouse Sep 22 09:30:56 belsatsar, thanks Sep 22 09:31:29 belsatsar: Yeah, synergy is awesome. I've regularly used a second laptop as second screen. The usb screen seems like a more elegant solution though. Sep 22 09:33:14 if i sucked less i'd have meego running on the archos by now Sep 22 10:04:20 DocScrutinizer, also I don't see bigbusiness having a problem with this... infact I would think it's a benefit for them... no way for anyone to boot anything other than a company approved thing(which is sadly in most cases the whatever version of windows)... and I'm sure m$ will let them lock ... Sep 22 10:04:25 ... the group policy down as well... frankly I see it as their wet dream Sep 22 10:05:37 DocScrutinizer, but yeah I agree that all TP is bad be it from nokia or m$ or intel or anyone else that wants to push it Sep 22 10:10:13 except for when its not Sep 22 10:10:30 nid0, no case for when it's not Sep 22 10:10:43 there is no non-broken way to implement it Sep 22 10:11:06 sure there are, you not knowing what useful implementations TC has doesnt mean they dont exist Sep 22 10:11:23 so enlighten me Sep 22 10:11:47 self-encrypting drives and many full-disk encryption methods for example rely on and work properly thanks to TC Sep 22 10:13:51 nid0, frankly I don't trust those technologies to encrypt non-critical information Sep 22 10:14:12 ruskie: you're plain wrong on that. Big Business isn't interested in becoming slave of M$ Sep 22 10:15:08 i'd like to see what possible argument can be given to suggest that the ability to securely encrypt an entire drive in hardware with no performance loss can possibly be a bad thing, when its use is entirely down to the system's admin. Sep 22 10:16:25 nid0, who has the keys to decrypt it... you? the manufacturer? third party? Sep 22 10:16:44 theyre stored within the tpm, which is the entire point Sep 22 10:16:51 drive taken out of computer, drive no worky any more Sep 22 10:16:52 DocScrutinizer, then why do they keep buying windows systems? Sep 22 10:17:07 nid0, ahh you just made another good bad point Sep 22 10:17:37 and most implementations allow you to retain your own recovery key separate to the main key stored in the tpm if you wish Sep 22 10:17:48 big evil bitlocker from big evil MS being a good example Sep 22 10:19:47 as for "big evil" I've long given up on that Sep 22 10:24:26 nid0: use of TC *never* is "entirely to the sysadmin" - the whole point of TC is about you don't have access to the root cert. Otherwise it wouldn't be the concept of TC and could be achieved by other means since decades Sep 22 10:25:42 TC *means* there is a well "hidden" public key called root cert in your machine, and you don't posess the private key to sign kernels, bootloaders, apps, whatnot Sep 22 10:25:47 i'd be interested to hear more detail on that. You the sysadmin can choose to encrypt the drive using TPM, encrypt it using a different method not using TPM, or not encrypt it. what of that is not down to the sysadmin? Sep 22 10:26:53 the root cert is not down to the sysadmin. You can NOT move the cryped drive to any other machine and reinstall it there and recover your data Sep 22 10:27:21 Depends on the implementation Sep 22 10:27:27 as you don't own the key Sep 22 10:27:33 no, you cant do that with self-encrypting drives, because the whole entire point of self-encrypting drives is that they only work and only can work in the computer and connected to the tpm module through which you encrypted them. Sep 22 10:27:37 that's the entire point of using it Sep 22 10:27:57 SpeedEvil: BS. If it were not like that, it was a simple cryptfs like we know since decades Sep 22 10:28:01 whereas in the case of bitlocker for example, you can generate and own a recovery key even while using tpm encryption so that you CAN decrypt the drive elsewhere Sep 22 10:28:14 just like most software-based tpm encryption methods Sep 22 10:29:08 nid0: if you decide to use such a scheme then prepare for getting fired whenever your machine breaks and you can't recover the perfectly sane but crypted data from drive Sep 22 10:29:13 and yes, you can use cryptfs or other entirely software-based alternatives, if you dont want to use tpm and take a performance hit for doing so Sep 22 10:30:23 DocScrutinizer many businesses do, its the whole reason SED drives are sold. Sep 22 10:30:28 nid0: you're so completely and entirely wrong, speed of encryption has absolutely NOTHING to do with TPM Sep 22 10:30:41 and these same businesses are also sane enough to have redundant data copies. Sep 22 10:31:17 TPM actually is a pretty slow coprocessor that can not handle any sane encryption datarate Sep 22 10:32:44 DocScrutinizer indirectly it does and i'm entirely right thanks. using TPM self-encrypting drives carry out the encryption process onboard the disk's own processor and typically suffer from effectively zero performance loss Sep 22 10:33:48 so what? how's the SATA interface supposed to access the TPM that usually sits somewhere completely different on your system? Sep 22 10:34:30 hardware encryption on-drive is completely unrelated to TPM Sep 22 10:34:57 there's a piece of SOFTWARE to moderate between drive and TPM Sep 22 10:35:00 how is it possibly unrelated Sep 22 10:36:29 same software can work perfectly sane for encryption without any TPM existing on your machine at all, it's just the question of storing the key elsewhere then Sep 22 10:37:09 the drive and its cryp processor won't care nor even notice the difference Sep 22 10:37:47 and we're back to square one of the fundamental first benefit of self-encrypting drives as I said up there. Sep 22 10:37:51 honestly a *very* poor example of a valid usecase for TPM/TC Sep 22 10:38:46 no, its a very poor example in your eyes because your counter-argument is "well you *could* do it a different way", it doesnt change the fact that it's a useful use-case of tpm without the disadvantage of your alternative Sep 22 10:39:27 there are USB dongles and even SIM cards similar to TPM, and they vcan do exactly all the things you can do with an on-board TPM, just you can unplug them and you own the root cert Sep 22 10:40:03 nid0: my alternative has which disadvantage exactly now? Sep 22 10:40:13 and when you want to ensure that drive X can only possibly work in server X, rather than servers Y and Z? Sep 22 10:40:41 then your concerns are rather weird Sep 22 10:41:11 if the key is stored elsewhere, its retrievable or reusable. the day tpm modules can be broken to recover the keys then sure, the use of SED becomes nonexistant, but to my knowledge that hasnt happened. Sep 22 10:41:15 as anybody opening up the server and just stealing the drive is a very strange thief for sure Sep 22 10:41:55 DocScrutinizer: preventing that potential data loss is basically the whole point of self-encrypting drives Sep 22 10:42:12 eh?? Sep 22 10:43:18 data loss == your server TPM (or mainboard) breaks: data loss as drive can't get decrypted any more. As not even in your steel locker you got a copy of the key Sep 22 10:43:43 no, but luckily you're also not an idiot and have redundant copies of the data. Sep 22 10:43:48 data leakage == somebody steals server, or SAN, or just the drive Sep 22 10:43:50 also encrypted. Sep 22 10:44:20 just the drive won't work with TPM Sep 22 10:45:06 but honestly who's going to unmount the physical drive to steal it, instead of stealing the whole server or SAN Sep 22 10:46:39 not many people, but the potential is still there so it's a base that needs to be covered if at all possible, and TPM self-encrypted drives make it very straightforward to cover. whipping a few drives out of a system is also rather easier than carting off a rack-sized SAN Sep 22 10:46:46 and still there are PCI cards with a crypto module like a TPM that are also mounted inside the server and can't get simply unplugged without opening the case. But those cards have no vendor root cert, unlike TPM Sep 22 10:47:47 honestly your usecase is bizarre, to be polite Sep 22 10:49:11 well, its the reason self-encrypting drives exist, and I can assure you it's a use-case many businesses take into account, whether you can see the benefit or not Sep 22 10:50:12 the end result, however, still remains that whether you see the benefit of locking drive<>server the functionality exists through TPM, and TPM makes it very straightforward to both implement and manage, and the inherant use of TPM for the process adds no downside Sep 22 10:51:33 sure, there are a zillion weird "solutions" out there for a zillion of made up "problems". I'll sell a /dev/null-cleaner that shredders all the data that heaps up in /dev/null. I bet there are many businesses out there that take it into account Sep 22 10:52:53 and I already have shown you 2 alternative solutions to "lock drive to server" that don't need TPM and have *no* downsides you told me about yet Sep 22 10:53:55 1) use a mere sw-based TPM emulation, as drive can't talk to TPM anyway. 2) use a "TPM" on a PCI card that you own and control completely Sep 22 10:54:08 so contact the disk manufactures and tell them to redesign the way their SED process works. until that happens, presenting nonexistant "do it another way" solutions are meaningless. Sep 22 10:54:22 BS Sep 22 10:54:29 youll also need to contact SAN manufactures about including those PCI cards. Sep 22 10:55:15 meh, I give a shit about SAN as I won't run a linux on that SAN where I'd be concerned about any TPM built in Sep 22 10:56:30 so you're free to use TPM on any platform you like, for whatever reason you think is appropriate, but please don't say mainboards need a TPM soldered to them and equipped with a manufacturer root cert as that'S the only way to have proper crypted drives Sep 22 10:57:03 it evidently isn't Sep 22 10:58:12 I never said anything of the sort, its you and ruskie that decided that there's absolutely no possible concievable beneficial use to TPM, and I presented a really straightforward one, used very commonly. you running in circles around "cant see the use-case" doesnt change that fact one bit Sep 22 10:59:53 Gentlemen, gentlemen, let us just all shake hands and say "hardware copy protection sucks" Sep 22 11:00:47 yeah, you're right. You showed that there's a valid usecase of locking a drive to a TPM, and that is: lock the drive to the TPM. As for any other more general description of the usecase I offered alternatives Sep 22 11:00:51 * RST38h hands out lollipops shaped as MPAA CEO's penis Sep 22 11:01:49 obviously you can not lock a drive to a TPM that's not there Sep 22 11:02:27 so you're right, and I still think that's no reason anybody would need to get a TPM Sep 22 11:02:47 most drives come with their own copy protection features nowadays Sep 22 11:03:10 RST38h: that's what we talked about Sep 22 11:03:13 these are just not being used for the lack of real world applications Sep 22 11:03:21 RST38h: yeah thats SED, which uses TPM Sep 22 11:03:24 nid0 claimed it was relying on a TPM Sep 22 11:04:34 nid0 also said your (and my) denial of real usecases was just due to our blindness of seeing them Sep 22 11:05:37 as thieves usually dismantle servers to unscrew the drives to steal just the drive, rather than just grabbing the whole server and run Sep 22 11:06:26 and that same thieves were even not able to grab the whole server rather than just the drive, so the drive dongling to server mainboard was a valid theft protection measure Sep 22 11:09:41 while dongling the same drive to a key fetched from a remote server wouldn't solve the problem, unlike local soldered-to-board TPM which allegedly does Sep 22 11:12:44 especially sane a setup for raid arrays, where the increased reliability by array is more than compensated by the single point of failure TPM which even doesn't have any recovery path whatsoever Sep 22 11:14:56 (recovery path of course depending on implementation, you of course can use TPM to store your own key that you got a copy of in your steel locker) Sep 22 11:15:50 any real benefits are just a vehicle to shovel TPM and DRM down your throat Sep 22 11:16:06 but then the additional "benefit" of TPM is still debatable as you could store the key elsewhere, and probably that "elsewhere" was a better choice Sep 22 11:16:33 s/real/made to believe/ and I'm with you Sep 22 11:18:04 TPM/TC is not about user security, it's not designed for that. It's about security from user, by concept Sep 22 11:19:28 as "security from user" (aka DRM etc) is the only real benefit of TPM - everything else can get accomplished without TPM already, and has been Sep 22 11:20:46 actually, as soon as you start thinking about encryption TPM is awesome _for_ user security Sep 22 11:20:58 meh Sep 22 11:20:59 but yes, the way it's used in 99% of cases by corporations, it's protection from user. Sep 22 11:21:32 all that TPM does is verify a challenge-response chat for a manufacturer or user key Sep 22 11:21:56 yes, and? Sep 22 11:22:55 you don't need challenge-response obfuscation of the key, on a system that is vulnerable to malware Sep 22 11:23:38 without a full TC implementation the malware doesn't need the key, it just gets access to the secured data by system means Sep 22 11:23:51 eh? Sep 22 11:24:42 what would challenge-response help when anybody is stealing the server with encrypted drive? Nuttin, as the drive gets unlocked anyway Sep 22 11:24:56 Woah? Sep 22 11:25:11 Dude, with FDE, you can take away the disk and try to mount it somewhere else, encrypted is encrypted. Sep 22 11:25:21 It won't magically disappear because the TPM isn't there anymore Sep 22 11:26:03 hi guys Sep 22 11:26:23 and if you got some malware on the server that would possibly steal the key so you could run away with the key and drive (without the server) then it's similarly nonsensical as that key-stealing ,alware as well could access the data on crypted drive rather than stealing the key Sep 22 11:26:28 so I've installed kernel-power48 via fapman and now my phone doesnt boot with it nor with -47 Sep 22 11:26:56 The TPM provides you with a challenge, and the user provides the response (either through synch OTP, asynch OTP, or even UP auth), if correct, the TPM provides that access to the HD which unlocks a session key, and grants access to the HD Sep 22 11:27:14 No key is ever leaving the TPM/HD. Sep 22 11:27:29 It doesn't even go to RAM or CPU registers Sep 22 11:27:36 I know Sep 22 11:27:44 I lost you Sep 22 11:28:55 store the key in plain text on the server (e.g. in cmos-clock) and there's no difference regarding security, as either way a malware needs to run on the server to steal the key, and that same malware can steal the data as well Sep 22 11:29:59 unless yur server has a full fledged TC implementation which would deny access of the malware to either of both ;-) Sep 22 11:30:42 so where's the big benefit of TPM? Sep 22 11:32:31 http://www.youtube.com/watch?v=hs5_jB46xQE "We do the Pokey Pokey cause we're somehow all alowed... That's what it's all about." [TSA spoof] Sep 22 11:32:44 actually storing the key to unlock the drive on a remote filesystem will *really* provide some theft protection for encrypted data on a drive Sep 22 11:34:09 and then they sieze your isp records Sep 22 12:09:58 I updated my phone to pr1.3 but I could not install previous applications :-( I need php also call recorder . I add all catalogs Sep 22 12:12:49 http://www.img4up.com/up2/96126258218436113877.png http://www.img4up.com/up2/40442557715121465604.png http://www.img4up.com/up2/86382008153910886351.png Sep 22 12:14:42 http://codepad.org/MGhp4FPR Sep 22 12:16:21 http://codepad.org/dUjVSUgs Sep 22 12:19:39 no solutions ? or same problem ? Sep 22 12:21:21 the best contact person is the package maintainer mintux Sep 22 12:21:42 with open source you can contact the person directly Sep 22 12:21:49 hmm Sep 22 12:22:07 not as with commercial software where we are conditioned to not call or interrupt them Sep 22 12:42:56 Attention metal thieves: Buy BT, get 75 MILLION miles of copper Sep 22 12:42:59 Hehe Sep 22 12:47:47 lol Sep 22 12:55:28 Hi *, I am reading around on how to get rid of the camera stutter when recording videos. No obvious solution so far - did I miss something? Sep 22 13:19:46 ok, note to self: changing the governor to userspace makes a difference Sep 22 13:23:31 Governer to userspace I think menas that it's off Sep 22 13:23:37 and at full speed all the time Sep 22 13:24:04 This will have an impact on battery life, but if you only turned it on while the camera was active... Sep 22 13:28:13 SpeedEvil: good point. thx Sep 22 13:35:54 has someone written a program that warns me, if a process hogs significant amount of cpu during a certain time period? Sep 22 13:36:52 in fact, there is one built in, the sound that comes when the battery is nearing zero charge, but I'd like to get a heads-up ;) Sep 22 14:20:48 jhb: first instance I never ever experienced camera stutter on video recording Sep 22 14:22:13 so I suspect it's one of your "optimizations" I assume you did - judging by yur suggested "solution" of changing governor - that actually causes the problem to begin with Sep 22 14:22:38 DocScrutinizer: I think (not sure, of course) that I had it from the beginning Sep 22 14:22:53 DocScrutinizer: but of course, I run quite a fiddled with setup Sep 22 14:23:20 DocScrutinizer: maybe one day I do a backup, flash, test, and roll back Sep 22 14:24:24 I'd honestly suggest to do a decent full backup (suggesting backupmenu for that), then reflash to stock, NOT restore any customizations or apps, and test camera with that system under same conditions that usually reveal stutter Sep 22 14:24:32 hehe Sep 22 14:24:42 :-) Sep 22 14:25:16 I haven't tried cssu yet, so maybe I can add another test while I am at it :-) Sep 22 14:26:06 maybe, but CSSU actually has an alternative camera GUI that may make for further complications Sep 22 14:26:33 I've actually not tested that one yet Sep 22 14:26:58 can one use the the old camera-ui in cssu? Sep 22 14:27:00 it's supposed to use same backend but you never know Sep 22 14:27:33 yes, you can use old camera-ui (I've been told) - just a matter if forced install of the stock app Sep 22 14:28:38 apt-get install camera-ui= or sth like that Sep 22 14:28:49 ask MohammadAG Sep 22 14:29:02 does fcam record videos? Sep 22 14:29:11 not afaik Sep 22 14:29:48 but then I never used fcam for any extended period of time Sep 22 14:30:41 i haven't used fcam either. Mmm, need to find some time to play around with the cssu Sep 22 16:13:42 has something changed in facebook login in Maemo? I have nokia n900 and from a few days it is not able to connect to this account. Sep 22 17:07:08 farewell, lcuk :-( Sep 22 17:26:31 sometimes, the virtual keyboard stops working, how can I restart it without rebooting? Sep 22 18:25:36 err, sometimes sliding out and back in hwkbd helped here Sep 22 18:29:44 other than that, I'm not sure. Maybe modprobe -r uinput; modprobe uinput ? Could be completely unrelated as well Sep 22 18:30:30 anyway ->description: User level driver support for input subsystem Sep 22 18:30:41 (modinfo uinput) Sep 22 18:32:18 yes unrelated Sep 22 18:32:51 vkbd wouldn't go through kernel other than that touchscreen goes via kernel Sep 22 18:33:04 indeed Sep 22 18:33:33 so maybe killall hildon-desktop? Sep 22 18:33:41 prolly also useless Sep 22 18:36:27 Sliding in and out (that sounds so dirty) the hwkbd has helped for both (the rare-ish) "hwkbd stopped working" and "vkbd stopped working" issues here. Sep 22 18:45:33 sliding hwkbd did not help me, rebooting -actually several times- help :-/ Sep 22 18:46:21 err then there's something messed up a bit more than just slightly Sep 22 18:47:44 ohwell, that are the results of kernel coders not caring about reentrant code, proper mutex usage, and races Sep 22 18:48:34 vkbd doesnt use kernel Sep 22 18:48:46 right, again Sep 22 18:48:51 nevertheless Sep 22 18:48:57 other than that vkbd obviously reacts to touchscreen, and if touchscreen works then the kernel components work Sep 22 18:49:42 I'd however check if the slider position is detected correctly Sep 22 18:49:53 gets updated in output of 'dmesg' Sep 22 18:49:56 you can have races and reentrance issues in x components as well, and I dunno how vkbd is plumbed to the system at all Sep 22 18:50:37 hildon-input-method? :P Sep 22 18:50:45 :nod: Sep 22 18:51:07 not exactly kernel maybe, but rather low in the whole stack nevertheless Sep 22 18:51:26 after all hwkbd and vkbd need to interact Sep 22 18:51:45 one way or another Sep 22 18:52:17 roughly it sits between X and apps that support input methods, filtering stuff Sep 22 18:52:30 o.O Sep 22 18:52:50 * DocScrutinizer hates the whole input stuff - too many layers Sep 22 18:52:58 If you ran, say, plain x-terminal, then you'd notice that Symbols menu didn't work, and that you have to keep blue arrow pressed Sep 22 18:54:37 * DocScrutinizer waves and heads off for dinner, nah wait a last glance at that thread... Sep 22 18:57:27 hey guys :) Sep 22 18:57:42 DocScrutinizer, HIM is like voodoo. Sep 22 19:04:38 yoh Sep 22 19:05:24 anyway, clicked my thanks buttons on http://forum.meego.com/showthread.php?t=4575, now off for dinner Sep 22 19:14:36 DocScrutinizer, I clicked too... Sep 22 19:20:05 oh hey Sep 22 19:20:20 half a page down in the forum topic list I find that I wouldn't be able to read email on N9 :P Sep 22 19:20:26 because of aegis! Sep 22 19:21:27 ShadowJK, wtf? Sep 22 19:21:36 modprobe tun Sep 22 19:21:39 doesn't work Sep 22 19:21:41 :P Sep 22 19:21:51 so I can't access vpn Sep 22 19:22:03 so I can't get to the mailserver Sep 22 19:23:06 wooowooo Sep 22 19:23:15 N810 was the first portable device I had that could read my email :) Sep 22 19:23:28 I guess N900 might be the last :( Sep 22 19:23:40 although android devices aren't as locked down usually i guess? Sep 22 19:23:47 Well, it's all a little academic anyway. Sep 22 19:23:54 omg Sep 22 19:24:03 :P Sep 22 19:24:45 I haven't really been following it, but from the press media in .fi it looks like it'll be impossible to buy an N9 anyways Sep 22 19:24:46 i don't get the aegis problem. Isn't there a switch in the control panel to turn aegis off? Sep 22 19:26:13 Apparently not? Sep 22 19:26:16 Not one that works anyway? Sep 22 19:27:19 * ShadowJK wonders if the GPS bug from Maemo5 that I fixed has been also fixed in Harmattan, or if I have to crack aegis and then fix it before my bluetooth gps works :P Sep 22 19:29:04 ShadowJK: wich bug? Sep 22 19:30:31 wtf is aegis Sep 22 19:30:45 bug 11354 Sep 22 19:30:47 04Bug https://bugs.maemo.org/11354 gypsy-daemon can not parse GPRMC message from external GPS receiver Sep 22 19:30:57 ~aegis Sep 22 19:30:57 i guess aegis is http://www.developer.nokia.com/Community/Wiki/Harmattan:Developer_Library/Developing_for_Harmattan/Harmattan_security/Security_guide , or "The purpose of this framework is: ... to make sure that the platform meets the requirements set by third party software that requires a safe execution environment.", or http://en.wikipedia.org/wiki/Trusted_Computing#Criticism, or http://en.qi-hardware.com/w/images/1/10/ME_382_LockedUpTechnology2.gif Sep 22 19:33:56 kerio, aegis makes your phone into a featurephone+apps :P Sep 22 19:35:13 cool story, nokia Sep 22 19:46:14 you know what Sep 22 19:46:20 that N8 is quite decent phone Sep 22 19:46:28 and battery lasts for more than a day Sep 22 19:47:01 it has a lot of stuff that n900 lacks Sep 22 19:47:10 but lot of stuff isn't there as well Sep 22 19:49:19 well it kinda does nothing Sep 22 19:49:22 except calls and texts? Sep 22 19:50:18 nokia maps Sep 22 19:50:20 gps Sep 22 19:50:25 fm transmitter Sep 22 19:50:36 and everything seems to be faster Sep 22 19:50:40 compass Sep 22 19:50:50 xenon flash Sep 22 19:53:58 I wish someone would come up with a media player Sep 22 19:55:13 like, one that does away with the traditional of only having 1 of these features present: ability to find your god damn songs, format support, format acceleration Sep 22 19:55:24 maemo5 media player has the third :P Sep 22 19:56:17 the "internet radio" thing is so unreliable I just copy URLs to x-terminal and play them with MPlayer.. Sep 22 19:57:30 Come to think of it, most of the things I use x-term and "classic" linux apps for is things that while present just don't work :/ Sep 22 20:36:09 ShadowJK: thing is, n8 is a good hardware Sep 22 20:36:24 ShadowJK: OS is limited Sep 22 20:36:37 ya Sep 22 20:36:41 but on n900 os was not limited Sep 22 20:36:55 and there wasn't so many good apps as well Sep 22 20:43:35 and n8 only shows how bad linux/maemo power management was Sep 22 20:49:30 well Sep 22 20:49:48 All the symbian phones I had only had more battery life because they were incapable of doing the things I do on maemo :P Sep 22 20:50:10 My Nokia E75 has about same battery life as my N900 when doing the same things Sep 22 20:50:52 But I have to really force myself with the E75. The browser makes me want to think "FUCK IT" and give up, which obviously saves battery life :) Sep 22 20:51:36 My spare N900 gets about same battery life as my E75 when they both sit on table doing nothing Sep 22 20:58:40 of course, N8 has cpu from N810 or something :-) Sep 22 20:58:44 overclocked a bit Sep 22 21:35:26 has someone account on Facebook? I used it on nokia n900 but some days ago there is always "network error" - was something changed? Sep 22 21:36:15 account is at: name@chat.facebook.com Sep 22 21:36:49 and password - nothing else can be setuped Sep 22 21:38:16 javispedro: would you "unlock my HARM"? Sep 22 22:48:10 anyone want to send/sell me a slide assy for my N900 Sep 22 22:48:34 the wire where the LCD plugs into is torn Sep 22 22:48:40 so now the whole part is pretty much useless Sep 22 22:49:59 you can buy that part Sep 22 22:50:31 Sc0rpius, but replacing it on a flex assy? Sep 22 22:50:45 im pretty sure its glued onto that part in a clean environment Sep 22 22:50:52 http://www.ebay.com/itm/CAMERA-FLEX-RIBBON-CABLE-REPAIR-Fits-NOKIA-N900-PARTS-/300594778874?pt=PDA_Accessories&hash=item45fcd852fa Sep 22 22:50:55 you mean that cable? Sep 22 22:50:57 so removing the already existing one and replacing it wouldnt be simple Sep 22 22:51:07 that's the whole flex cable that goes to LCD, keyboard and camera Sep 22 22:51:11 that's the one Sep 22 22:51:18 it's VERY simple to replace Sep 22 22:51:23 it's three sockets Sep 22 22:51:24 even the service manual says to discard it when you remove it though Sep 22 22:51:39 http://www.ebay.com/itm/Nokia-N900-Flex-Cable-Keyboard-Camera-Repair-Part-/290494971699?pt=LH_DefaultDomain_0&hash=item43a2d97f33 Sep 22 22:51:41 that one has the tools! Sep 22 22:51:54 anyway, browse eBay for a little, you'll find a good deal for the cable Sep 22 22:52:05 how does one replace it Sep 22 22:52:06 and there are YouTube videos to disassemble the N900 Sep 22 22:52:15 mine is already dissasembled Sep 22 22:52:23 browse YouTube there are several videos for replacing that cable Sep 22 22:52:44 do they all come with the front camera attached Sep 22 22:53:27 I wonder if you need that one or the one that comes with the LCD screen Sep 22 22:53:36 http://www.ebay.com/itm/Nokia-N900-Replacement-LCD-Touch-Screen-Repair-Part-/380289777730?pt=LH_DefaultDomain_0&hash=item588b098042 Sep 22 22:53:37 that one Sep 22 22:53:51 that only comes with the microphone Sep 22 22:54:04 it just has holes for the camera Sep 22 22:54:32 the thing is, the part exists Sep 22 22:54:40 I had to replace my keyboard :/ Sep 22 22:55:01 this one doesn't look as gorgeous as the original Nokia one but at least it works Sep 22 22:55:14 I cant find anything on youtube for N900 and flex cable Sep 22 22:56:04 http://www.parts4repair.com/products/Nokia-N900-Flat-Flex-Cable-Ribbon-With-Front-Camera.html this one looks like the original nokia part Sep 22 22:58:57 looks like it just uses tape Sep 22 22:59:01 not glue Sep 22 22:59:19 so the extra tools arnet needed Sep 22 22:59:26 since my N900 is already dismantled Sep 22 22:59:39 i had to replace the digitizer and LCD Sep 22 22:59:57 and the numerous unplugging and plugging back in strained the flex cable plug for it too much Sep 22 23:01:32 alright then, done Sep 22 23:01:48 there's USA seller so i wont have to wait 3 weeks for shipping Sep 22 23:49:20 Sazpaimon: (the numerous unplugging and plugging back in strained the flex cable plug) did I really miss it to tell you to take care about the plug on FPC? Sep 22 23:51:58 it's a known weak part, has a hard plug soldered to a flex cable, and backed up with another more rigid PCB tha even has traces and solder joints to the flex cable. A little bit of bending and those solder joints break Sep 22 23:55:34 DocScrutinizer, too late now Sep 22 23:55:41 $30 later Sep 22 23:55:49 and another week of waiting Sep 23 00:23:57 but yeah, this flex cable is probably the thinniest, most flimsy thing ive ever handled Sep 23 01:21:01 It'a that time again! Sep 23 02:00:32 apparently it says my package was shipped Sep 23 02:00:41 even though I orderd it a couple hours ago Sep 23 02:00:45 and its shipping from the US Sep 23 02:00:52 via usps Sep 23 02:00:58 not sure how that works Sep 23 02:03:17 it probably just means they posted it Sep 23 02:28:09 Or just that it has been packaged and given shipping label with tracking number (post offices would supply these in advance) and electronicly registered for USPS and scheduled for pickup by USPS Sep 23 02:28:13 or something like that Sep 23 02:35:32 yeah Sep 23 02:36:37 http://www.youtube.com/watch?v=x4k6HWcf6jM Sep 23 02:56:04 Is there a way to take a screenshot on the N900 via a shell command, rather than cntrl-shift-P ? **** ENDING LOGGING AT Fri Sep 23 02:59:56 2011