**** BEGIN LOGGING AT Mon Sep 01 02:59:58 2014 Sep 01 04:48:15 the maemo5 SDK link here is dead: http://maemo.org/development/sdks/ Sep 01 04:48:40 should I be using deb http://scratchbox.org/debian/ hathor main Sep 01 04:48:55 or http://repository.maemo.org/ fremantle/sdk free non-free Sep 01 04:49:00 or something else? Sep 01 04:49:26 I see scratchbox2 is in debian, but I assume that won;t work without some tweakage? Sep 01 06:51:11 wookey_: see /topic Sep 01 06:57:40 the topic takes me to http://maemo.org/intro/, which links to the the SDK page I posted above, which has a dead link to nokia site. So I don;t see how that helps? Sep 01 06:59:28 ~sb Sep 01 06:59:29 i heard scratchbox is a cross-compiling system that uses binfmt_misc, rpc calls, and an nfs mount to make a cross-build appear to be 100% native, and is found at http://www.scratchbox.org/, hosted by maemo now. Also at http://maemo.merlin1991.at/files/SB Sep 01 06:59:43 wookey_: he meant that ^^ Sep 01 07:01:14 cheers Sep 01 15:47:57 ~poettering Sep 01 15:47:58 'sth is poettering' means it acts invasive, possessive, destructive, and generally in an egocentric exacerbating negative way. ``this cancer is extremely poettering'', or you look here for Linus' notion on what's poettering: http://lkml.iu.edu/hypermail/linux/kernel/1404.0/01331.html, or http://lkml.iu.edu/hypermail/linux/kernel/1404.0/01488.html Sep 01 15:48:17 DocScrutinizer05: you can add this link: http://0pointer.net/blog/revisiting-how-we-put-together-linux-systems.html Sep 01 15:50:26 do you know how much some bounty hunter in germany cost? Sep 01 15:50:33 this is not funny anymore... Sep 01 15:56:54 indeed. Sep 01 16:06:02 Hence, even in this scheme RPM/DEB are highly relevant, though not strictly as an end-user tool anymore, but as a build tool. Sep 01 16:06:08 wtf² Sep 01 16:06:29 ~systemd cabal is a bunch of people (Lennart Poettering, Kay Sievers, Harald Hoyer, Daniel Mack, Tom Gundersen, David Herrmann) who want to turn linux into their wet dream perverted version of windows-me-too. See http://0pointer.net/blog/revisiting-how-we-put-together-linux-systems.html Sep 01 16:06:29 okay, DocScrutinizer05 Sep 01 16:08:04 ~pettering is also see ~systemd cabal Sep 01 16:08:04 DocScrutinizer05: okay Sep 01 16:08:10 looking at the whole proposal it mainly is a more complicated way of doing winsxs :D Sep 01 16:08:12 ~forget pettering Sep 01 16:08:13 i forgot pettering, DocScrutinizer05 Sep 01 16:08:19 ~poettering is also see ~systemd cabal Sep 01 16:08:19 okay, DocScrutinizer05 Sep 01 16:10:47 Pali: (hunter) I think there's a number of Russian immigrants that are pretty cheap and do literally *everything* when you pay them Sep 01 16:11:10 I heard numbers in the ballpark range of 500EUR Sep 01 16:11:38 well Sep 01 16:11:47 surely HiFo has 500EUR to spare Sep 01 16:11:58 haha, do you think so? Sep 01 16:12:06 it's for the good of linux! Sep 01 16:12:37 forget it, such dude won't sign an invoice/receipt. so for HiFo it's impossible Sep 01 16:14:29 The real problem: the systemd cabal gets paid (by redhat?) for the crap they do Sep 01 16:15:51 to me the whole thing more and more looks like "the secret war between RedHat and Canonical" Sep 01 16:20:33 >>Cryptographically secure verification of the code we execute is relevant on the desktop (like ChromeOS does), but also for apps, for embedded devices and even on servers (in a post-Snowden world, in particular).<< SUUUURE Mr Poettering Sep 01 16:20:41 ~aegis Sep 01 16:20:44 http://www.developer.nokia.com/Community/Wiki/Harmattan:Developer_Library/Developing_for_Harmattan/Harmattan_security/Security_guide , or "The purpose of this framework is: ... to make sure that the platform meets the requirements set by third party software that requires a safe execution environment.", or http://en.wikipedia.org/wiki/Trusted_Computing#Criticism, or http://en.qi-hardware.com/w/images/1/10/ME_382_LockedUpTechnology2.gif Sep 01 16:21:26 ever heard of MD5sum and similar simple straight ways to ensure what you got is what you want? Sep 01 16:21:44 its not war anymore... canonical chosed systemd too Sep 01 16:26:58 systemd-- Sep 01 16:32:12 DocScrutinizer05: I believe that such digests are part of said systems? Sep 01 16:32:19 only they start with SHA-256 and not md5 Sep 01 16:32:30 what the fuck is a "post-snowden world"? Sep 01 16:32:50 kerio: no idea, AFIK snowden lives Sep 01 16:33:09 AFAIK even Sep 01 16:33:18 kerio: presumably, one that has you aware of what the NSA does...? Sep 01 16:33:40 and how's trsuted computing help with that? Sep 01 16:33:53 lemme try again Sep 01 16:34:02 and how's trusted computing going to help with that? Sep 01 16:34:08 DocScrutinizer05: probably the converse Sep 01 16:34:15 trusted computing is for the nsa Sep 01 16:34:18 presumably if you hold the keys, you can verify the platform Sep 01 16:35:07 what Poettering suggests is "signed upstram packages" or sth like that, that's not anything like "you hold the keys" Sep 01 16:35:25 what the fuck even is a package Sep 01 16:35:34 is it like the app store Sep 01 16:35:36 kerio: asking obvious questions now? Sep 01 16:35:50 woah Sep 01 16:35:52 I more than once explained that "you hold the keys" is a delusion regarding effectiveness, since it is not capable to implement more security than e.g. SElinux Sep 01 16:36:10 Poettering suggests something like that? Sep 01 16:36:10 signed upstream packages is a good thing, it inhibits MITM attacks where the cryptographic digest is intercepted Sep 01 16:36:41 dos1: >>We want our images to be trustable (i.e. signed). In fact we want a fully trustable OS, with images that can be verified by a full trust chain from the firmware (EFI SecureBoot!), through the boot loader, through the kernel, and initrd. Cryptographically secure verification of the code we execute is relevant on the desktop (like ChromeOS does), but also for apps, for embedded devices and even on servers (in a post-Snowden world, Sep 01 16:36:42 in particular).<< Sep 01 16:37:02 apt already verifies packages with gnupg keys Sep 01 16:37:16 kerio: so "cryptographically signed packageS" Sep 01 16:37:24 kerio: sure. It's about "Trusted computing" Sep 01 16:37:38 who's the trusted here Sep 01 16:37:52 whoever holds the PKI key Sep 01 16:37:59 and that's NOT you Sep 01 16:38:12 presumably you're placing your trust in your OS vendor Sep 01 16:38:18 so it's pretty in line with aegis fuckup Sep 01 16:38:31 incl all the problems Sep 01 16:39:16 Poettering evidently is a poor system architect, but this time he gone WAY too far Sep 01 16:39:42 I agree, it's better to leave yourself exposed than to look into means of securing one's system Sep 01 16:40:10 the point is I don't want $random_person to secure MY system Sep 01 16:40:18 then feel free to do it all yourself Sep 01 16:40:22 including audit all the code Sep 01 16:40:41 feel free to bend over to Poettering Sep 01 16:40:55 be more of an ass? Sep 01 16:41:07 you haven't made an argument Sep 01 16:41:20 I did, you didn't notice Sep 01 16:41:33 2014-09-01 Mon 18:38:18] so it's pretty in line with aegis fuckup Sep 01 16:41:35 [2014-09-01 Mon 18:38:31] incl all the problems Sep 01 16:42:14 somebody holding the keys of your system and depriving you from doing whatever you want on your own system Sep 01 16:42:17 you forgot your blind assumption that you wont' have any control Sep 01 16:42:40 at some point you have to sense a fucking pattern Sep 01 16:42:43 that's an immanent concept detail of that Trusted Computing shit Sep 01 16:42:48 yeah, repeated ignorance Sep 01 16:42:56 that's literally what the human brain has evolved for Sep 01 16:43:41 it's also good at seeing patterns that aren't there, and confusing them Sep 01 16:43:59 [2014-09-01 Mon 18:35:52] I more than once explained that "you hold the keys" is a delusion regarding effectiveness, since it is not capable to implement more security than e.g. SElinux Sep 01 16:44:00 i really hope you're right Sep 01 16:44:46 http://en.wikipedia.org/wiki/Trusted_Computing#Criticism Sep 01 16:45:29 ah Sep 01 16:45:48 if you want to criticize someone over this, go after Apple and Microsoft Sep 01 16:47:02 bitching about poettering and screamig "omg trusted computing" doesn't lend you to seerious consideration Sep 01 16:47:47 when you can't see how what Poettering suggests is exactly the Trusted Computing scheme, then I can't help Sep 01 16:47:53 holy shit i didn't know someone could be a systemd fanboy Sep 01 16:48:14 kerio: please, spout more stupid shit Sep 01 16:48:25 DocScrutinizer05: so a verifiable and reproducible system is bad? Sep 01 16:48:41 wmarone__: please, spout more stupid shit Sep 01 16:49:54 DocScrutinizer05: no, I'm asking you a question. Your primary complaint seems to be that a platform could enforce a chain of trust, why is this a bad thing? Sep 01 16:50:17 I'm sorry for you that you're not able to understand how Trusted computing works and what it means when Poettering says >>mages that can be verified by a full trust chain from the firmware (EFI SecureBoot!), through the boot loader, through the kernel, and initrd.<< Sep 01 16:50:17 remember, the system is indepenent of those who would misusei t Sep 01 16:50:34 so what you're saying is security is bad Sep 01 16:50:38 Is there any option for supporting group texts on the N900? Sep 01 16:51:10 see http://en.wikipedia.org/wiki/Trusted_Computing#Criticism and ~aegis and "the HARMATTAN experience[TM]" why this is a bad thing Sep 01 16:51:17 wmarone__: "chain of trust" is inherently bad for security Sep 01 16:51:38 kerio: so the better path is nothing at all? Sep 01 16:52:03 bad security is worse than no security, yes Sep 01 16:52:04 no, there are like 5 dozen better alternatives Sep 01 16:52:14 which is what I said twice now Sep 01 16:52:39 and even nothing at all is better than TC Sep 01 16:52:56 and how are those 5 dozen other systems not also TC? Sep 01 16:53:37 *sigh* Sep 01 16:53:53 7me suggests Amazon, for finding a few good books Sep 01 16:54:16 "I'm not going to support my argument, go do it for me?" Sep 01 16:54:36 fckit Sep 01 16:54:43 [2014-09-01 Mon 18:43:58] [2014-09-01 Mon 18:35:52] I more than once explained that "you hold the keys" is a delusion regarding effectiveness, since it is not capable to implement more security than e.g. SElinux Sep 01 16:56:04 presumably SELinux would simply be one tool of many Sep 01 16:56:23 "I'm not going to fix my ignorance, you have to spoonfeed stuff to me" Sep 01 16:56:34 "why won't you just blindly accept what I say!" Sep 01 16:57:02 "no I won't engage you when you question my bitching!" Sep 01 16:57:26 "why don't you give me a crashcourse about IT security and Trusted computing in just 5 sentences?" Sep 01 16:58:32 "No, URL pointers to wiki et al are just not enough, I'm too lazy to do some reading on my own" Sep 01 16:59:33 "I heard 'SECURITY' buzzword, so it cannot be anything bad with it" Sep 01 17:01:17 https://www.youtube.com/watch?v=0cbS_lDJuJg Sep 01 17:04:19 DocScrutinizer05: it's kind of an overkill, but restricting freedoms for the sake of security is like totalitarianism 101 Sep 01 17:04:39 exactly Sep 01 17:05:36 and the whole chain of trust depends on somebody else (considered trustworthy) decided what's a trusted bootloader. Or the chain of trust is broken Sep 01 17:06:34 handing "the keys" to end user cripples the whole concept of chain of trust to a level where simple unix passwords work way better Sep 01 17:07:01 than that "Trusted computing" thing Sep 01 17:07:13 see HARM and aegis Sep 01 17:08:24 originally they promised "ther will be open mode". Now there 'is', and it basically renders your system broken. That's not what I call open mode Sep 01 17:09:00 Does anybody want this kind of 'security'? Sep 01 17:11:58 We got stuff like encrypted root filesystem since decades. We got posix permissions and SElinux. We got all sorts of passwords and permission handling. TC only brings *one* new concept to the game: depriving you of your rights to compromise your system whenever you decide to Sep 01 17:12:52 that's the foundation concept TC is basing on. Take that out and all that's left over of TC is a pile of crap and annoyances Sep 01 17:14:19 yes, the producer … at least it looks so Sep 01 17:18:26 DocScrutinizer05: Was that 7me intentional or inadvertently? Sep 01 17:35:07 * DocScrutinizer05 failed on pressing shiftkey for "/" Sep 01 17:36:04 intended been "/me" Sep 01 17:56:54 ooh, it seems http://0pointer.net/blog/revisiting-how-we-put-together-linux-systems.html also sugests systemd becomes 2bootloader" now. And obviously *all* linux systems need btrfs now, or they won't be compatible to that new "package distribution system" Sep 01 17:59:21 >>And of course, this scheme also applies great to embedded use-cases. Regardless if you build a TV, an IVI system or a phone: you can put together you OS versions as usr trees, and then use btrfs-send-and-receive facilities to deliver them to the systems, and update them there.<< ROTFL Sep 01 18:01:53 >> [18:37:38] who's the trusted here << Factory of motherboard and SW/FW company Sep 01 18:02:00 not user, no PKI holder Sep 01 18:02:09 exactly Sep 01 18:02:10 nice Sep 01 18:02:21 and also no OS Sep 01 18:02:46 nice reading... ty... Sep 01 18:03:35 * drathir now stop like btrfs... Sep 01 18:03:37 >>This also allows us to implement something that we like to call Operating-System-As-A-Virus.<< crack? Or vodka made from old bread and spiced with random pharma products? Sep 01 18:04:19 why not both? Sep 01 18:05:17 DocScrutinizer05: I see, thank You for the Explanation. Sep 01 18:05:40 * drathir dont like forceing something.... Sep 01 18:06:00 >>And you don't have to be afraid that any of your personal data is copied too, as the usr sub-volume is the exact version your vendor provided you with.<< I wonder how installing new apps fits into this statement Sep 01 18:06:19 DocScrutinizer05: I'm afraid that lennart want to use that btrfs subvolumes in systemd and because no other FS implement it btrfs could become dependency for systemd Sep 01 18:06:28 and this is even worse Sep 01 18:06:41 lol me like mine luks+lvm... Sep 01 18:06:46 that would be *great* Sep 01 18:06:54 Pali: ooh, it seems http://0pointer.net/blog/revisiting-how-we-put-together-linux-systems.html also sugests systemd becomes 2bootloader" now. And obviously *all* linux systems need btrfs now, or they won't be compatible to that new "package distribution system" Sep 01 18:06:54 people would stop using systemd Sep 01 18:07:03 process with PID 1 that needs one FS is total nonsence Sep 01 18:07:12 see it Sep 01 18:08:32 Pali: I agree about it being nonsense, nevertheless it seems that's *exactly* what the systemd cabal is about to shove down our throat Sep 01 18:09:12 and now when all linux distributions (except gentoo and slackware) switched to systemd... they started listening to lennart and they will do what lennart say Sep 01 18:09:44 which is why I'm migrating everything to Gentoo soon Sep 01 18:09:56 yes, that's why we need to start acting *now* and actively denying to follow that poettering path any longer Sep 01 18:10:03 he probably almost has more influence than linus these days Sep 01 18:10:23 Luke-Jr: do you know situation and what gentoo developers want to do? Sep 01 18:10:39 Pali: they continue to maintain a fork of udev Sep 01 18:10:50 ok, this is good Sep 01 18:11:02 and what will do with init daemon? Sep 01 18:11:18 and with applications which depends on systemd (new gnome)? Sep 01 18:11:55 no idea about GNOME nonsense; I'm happy not using it still Sep 01 18:12:10 maybe we can convince Linus to "fork" and either announce a poetterin-free "true linux", or simply forbid that crap on linux and force the whole systemd cabal to fork and do their own carrpy poettering-linux distro? Sep 01 18:12:14 init remains sysvinit/init-ng/OpenRC Sep 01 18:12:16 https://lh4.googleusercontent.com/-bZId5j2jREQ/U-vlysklvCI/AAAAAAAACrA/B4JggkVJi38/w480-h320-no/bd0fb252416206158627fb0b1bff9b4779dca13f.gif Sep 01 18:12:29 isn't openrc only a set of scripts Sep 01 18:12:40 kerio: it works Sep 01 18:13:03 a set of scripts is the best you can get Sep 01 18:13:03 no, i mean, don't you use openrc with another init? Sep 01 18:13:16 or is /sbin/init actually a shellscript as well? Sep 01 18:13:19 kerio: sysvinit and init-ng are also installed Sep 01 18:13:21 oic Sep 01 18:13:26 i thought it was just alternatives Sep 01 18:13:41 /sbin/init: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.16, stripped Sep 01 18:13:47 Luke-Jr: how big? :) Sep 01 18:14:29 41K provided by sys-apps/sysvinit-2.88-r7 Sep 01 18:14:39 * DocScrutinizer05 idly wonders if sbin/init shouldn't rather be statically linked Sep 01 18:14:53 DocScrutinizer05: ew, no Sep 01 18:15:06 besides, have you actually tried compiling something statically, nowadays? Sep 01 18:15:38 DocScrutinizer05: Gentoo has /bin/busybox static as a fallback Sep 01 18:16:02 Luke-Jr: I heard that gentoo has support for systemd too... so you can choose which init daemon you want to use? (sysvinit/init-ng/openrc/systemd)? Sep 01 18:16:12 >>It's all the same. Installation becomes replication, not more. Live-CDs and installed systems can be fully identical.<< DANG those guys MUST have been on crack Sep 01 18:16:43 kerio: I tried and small C applications (without too many external libraries) working fine Sep 01 18:16:53 Pali: yes, it's a choice Sep 01 18:17:02 kerio: and maybe using -flto will reduce size and speed up it Sep 01 18:17:04 Pali: that's true in debian too Sep 01 18:17:16 at least, it's true so far Sep 01 18:17:30 * drathir wonder when arch move back from systemd... Sep 01 18:17:57 Luke-Jr: and how gentoo solving problem that every init daemon using its own format of daemon files (or there are only init.d scripts and every init daemon only using these)? Sep 01 18:17:58 kerio: I don't see an eudev pkg in Debian experimental Sep 01 18:18:20 or for every init daemon there is one script/config/systemd service? Sep 01 18:18:25 kerio: this quote is for you ;-P >>Any library that is not included in the runtime the developer picked must be included in the app itself. This is similar how apps on Android declare one very specific Android version they are developed against. This greatly simplifies application installation, as there's no dependency hell: each app pulls in one runtime<< Sep 01 18:18:36 JESUS FUCKING CHRIST Sep 01 18:18:36 Pali: I'm not sure init is supported outside of OpenRC Sep 01 18:18:46 Pali: every daemon installs an init script and systemd service Sep 01 18:19:13 What's the point of libraries if they aren't shared :) Sep 01 18:19:20 * Luke-Jr facepalms Sep 01 18:19:24 HAHA, asl Poettering Sep 01 18:19:29 ask* Sep 01 18:19:40 you share them between the binaries of the same package? idk Sep 01 18:19:40 Luke-Jr: ok, so packages have both files (openrc, systemd) and packagers need to provide them Sep 01 18:19:57 Pali: for some definition of "need to" Sep 01 18:20:31 DocScrutinizer05: have these idiots never heard of libtool? Sep 01 18:20:48 Luke-Jr: NFC Sep 01 18:20:57 ~poettering Sep 01 18:20:57 'sth is poettering' means it acts invasive, possessive, destructive, and generally in an egocentric exacerbating negative way. ``this cancer is extremely poettering'', or you look here for Linus' notion on what's poettering: http://lkml.iu.edu/hypermail/linux/kernel/1404.0/01331.html, or http://lkml.iu.edu/hypermail/linux/kernel/1404.0/01488.html, or see ~systemd cabal Sep 01 18:21:15 DocScrutinizer05: how do i tell icd to connect to the data connection? Sep 01 18:21:30 pls don't say "dbus-something" Sep 01 18:21:46 kerio: look at maemo wiki and search for Phone Control Sep 01 18:21:49 kerio: sorry, I don't know off top of my head. Maybe ~usb-networking footnotwe helps Sep 01 18:21:55 that page has that dbus-something described Sep 01 18:22:09 hehe Sep 01 18:22:18 ~phonecontrol Sep 01 18:22:18 from memory, phonecontrol is http://wiki.maemo.org/Phone_control Sep 01 18:23:01 poettering is the sinofsky of linux Sep 01 18:23:30 or Elop of Nokia Sep 01 18:24:50 who is lennart's boss? Sep 01 18:25:13 and who is lennart's boss boss? Sep 01 18:26:09 anyone have any thoughts on the DragonBox Pyra? http://www.pyra-handheld.com/ Sep 01 18:26:11 I still do not want to belive that all above lennart want this systemd stuff... Sep 01 18:26:56 Luke-Jr: It has PowerVR™ SGX544-MP2 Sep 01 18:27:02 so no thanks Sep 01 18:27:04 Pali: is that bad? Sep 01 18:27:27 yes, everything from PowerVR gpu chips are the worst option Sep 01 18:28:12 (closed) drivers will work only with one kernel version and only with one userspace libc/libX (replace X with any library) Sep 01 18:29:07 see N900, we can be happy that powervr drivers working with stock kernel and also with kernel-power and even after installing CSSU Sep 01 18:29:12 I guess there are some better options nowadays Sep 01 18:29:30 yes, everything is better then PowerVR Sep 01 18:29:58 if nothing more, closed drivers will work Sep 01 18:30:07 well, you can't chose the GPU of your SOC Sep 01 18:30:13 but this is not case of powervr Sep 01 18:30:24 and pyra had to chose OMAP5 in the end Sep 01 18:30:53 sadly, but if you do not need GPU then it is OK Sep 01 18:31:58 Pyra is supposed to work when sold, so they need to come up with somewhat open drivers for powervr or they need to make sure they don't need the GPU at all Sep 01 18:32:23 anyway do you know some cheap SoC with two ethernet slots? (100M or better 1G) where is linux working? I need box for doing network magic, nothing more Sep 01 18:32:46 hmm, nope Sep 01 18:33:07 which doesn't mean a thing since I never checked Sep 01 18:33:27 now for 60Mbps is my raspberry pi (with second usb ethernet card) working Sep 01 18:34:19 but I think that this is limit (do not know if 70 or 100 is possible) Sep 01 18:35:09 Pali: dreamplug Sep 01 18:36:10 and usb 2.0 is probably capped at 100mbps at best Sep 01 18:36:55 thanks Sep 01 18:37:03 i have a sheevaplug Sep 01 18:37:13 it's... good Sep 01 18:37:16 i dunno Sep 01 18:37:17 it sits there Sep 01 18:37:42 100mbps limit is theoretical, there is CPU overhead for iptables plus routing... so I'm happy that 60 is working... Sep 01 18:37:54 i doubt the guruplug will have those limits Sep 01 18:37:58 it's two gigE Sep 01 18:38:22 1.2GHz armv5 Sep 01 18:39:43 Didn't the guruplug have heating problems when using both in 1Ghz mode? Sep 01 18:39:49 I need linux kernel with enabled multicast routing support, 8021q (vlan tagging), ipv6 and ebtables+iptables Sep 01 18:40:25 all these requirements are SW, so I think it could work on any NIC which has linux driver Sep 01 20:24:29 Pali: multicast on 802.1q interfaces can get funny sometimes Sep 01 20:24:38 it wont work at all on some NICs Sep 01 20:25:25 bencoh: it working fine on rpi nic which is some usb chip... Sep 01 20:25:54 actually I think "the dumber the better" for that kind of usecases Sep 01 20:26:06 I had troubles with the cubox-i NIC Sep 01 20:26:58 I havent tried to fiddle with offloading options yet ... maybe there is one I need to disable for it to work Sep 01 20:29:45 (btw, it only has one ethernet NIC, but you might want to check it - nice board and cool devteam :) **** ENDING LOGGING AT Tue Sep 02 02:59:59 2014