**** BEGIN LOGGING AT Sat Jan 02 02:59:59 2016 Jan 02 08:36:00 hi Jan 02 08:50:35 jonwil: ’lo. Jan 02 11:53:20 Pali: what about something like http://pastebin.com/TF8ywZAq Jan 02 11:53:42 the only problem is that events are registered with a delay, but I guess this can be fixed Jan 02 11:57:42 freemangordon: looks good Jan 02 11:57:51 only one problem is in ALS_PATH_RX51_3x Jan 02 11:58:14 path via i2c-adapter is not stable Jan 02 11:58:25 yeah, I forgot I touched that one too. But anyway, ^^^ is just POC Jan 02 11:58:31 I know Jan 02 11:58:44 there should be more stable symlink in /sys somewhere Jan 02 11:58:54 Pali: any clue why events might come delayed? the way mce sets giomonitor? Jan 02 11:59:17 first check that kernel does not delay them Jan 02 11:59:29 where? Jan 02 11:59:42 use e.g. program input-events Jan 02 11:59:44 evtest spits them immediately Jan 02 11:59:49 ok Jan 02 12:00:01 then it is somewhere in mce.. Jan 02 12:00:01 anyway, have to leave now, will look at the issue later Jan 02 12:00:07 yes, something in mce Jan 02 12:00:12 bb for now Jan 02 12:00:12 How much are they delayed? Jan 02 12:00:29 hard to say, but more than a second Jan 02 12:00:56 also, it is not the same everytime Jan 02 12:35:49 I think that khweeteur does not bother to rm cache-avatars (up to 20MB) from home/user when being purged-uninstalled. Anybody up to confirming-denying? Jan 02 13:04:50 man apt Jan 02 13:30:59 it's of course arguable if those avatar files are really 'config data' Jan 02 13:31:41 they're not Jan 02 13:31:46 but I think the general take on this is "never delete anything from user's home" Jan 02 13:32:19 the cache should really not be in /home/user though Jan 02 13:32:32 i guess that storing it in MyDocs becomes complicated, however Jan 02 13:35:06 how so? Jan 02 13:35:42 MyDocs gets unmounted at the user's will Jan 02 13:35:50 yeah Jan 02 13:36:01 stupid decisions all around, really Jan 02 13:36:40 well, that's the sort of compromises you need to do when you got only 240MB of / Jan 02 13:36:53 HI Jan 02 13:37:21 though ~optification is really a headache Jan 02 13:38:19 when the avatar data is no user's config data then it belongs into /opt Jan 02 13:39:00 at least on a genuine maemo5 system Jan 02 13:39:30 and yes, it should get cleaned out then Jan 02 13:39:55 "forgot to clear the cache" sounds like a common mistake Jan 02 13:41:19 or at your discretion s/cache/tmp/ Jan 02 13:56:56 one another thing to consider, with generic inputs/gpio, one could try redefining other button/event source (to unlock the screen for example) Jan 02 13:57:32 or to redefine depending what is running etc Jan 02 13:57:55 with hardcoded settings there is no such flexibility Jan 02 14:40:29 KotCzarny: why is that? We can always introduce switch<->functionality mapping file Jan 02 14:40:37 or gconf or whatever Jan 02 14:47:29 freemangordon: how hard would be to fix dsp driver and include it again into upstream kernel? Jan 02 14:47:49 you already played with that code, so maybe you could know... Jan 02 14:54:18 Pali: they want remoteproc driver. and that wouldn;t be easy Jan 02 14:54:52 i'll need remoteproc coff fw loader and who knows what else Jan 02 14:54:56 *it'll Jan 02 15:28:17 freemangordon: what is remoteproc? Jan 02 15:28:43 Pali: https://www.kernel.org/doc/Documentation/remoteproc.txt Jan 02 15:31:49 ufff Jan 02 15:32:39 now last version of tidspbridge cannot be compiled anymore (on uptream kernel)... Jan 02 15:33:11 :( Jan 02 15:36:49 in old TODO for tidspbridge is nothing about remoteproc Jan 02 15:37:08 there is just: DOFF binary loader: consider pushing to user space Jan 02 15:37:32 only *consider* Jan 02 16:01:50 Pali: ok, it turned out some timeout exists in mce re misc input devices, I added a new "class" switch devices with all callbacks etc and now unlocking, slide etc is instant Jan 02 16:02:36 freemangordon: ok Jan 02 16:07:32 Pali: https://github.com/community-ssu/mce/commit/a3f25c56d7f57af5fc5a9c4c375b0db624f70b53 Jan 02 16:09:38 ok Jan 02 16:10:08 now I'm looking at mce/modules/vibrator.c and this code is not compatible with upstrem kernel too... Jan 02 16:10:29 path /sys/class/i2c-adapter/i2c-1/1-0048/twl4030_vibra/pulse does not exist Jan 02 16:10:42 vibrator is exported via evdev as well Jan 02 16:10:49 looks like that upstream kernel export twl4030 via input layer too! Jan 02 16:11:36 and twl4030-vibra is registered under audio device Jan 02 16:12:32 just a second do boot Jan 02 16:15:09 Pali: http://pastebin.com/itKGCpMK Jan 02 16:15:49 EV_FF Jan 02 16:15:54 yes Jan 02 16:15:59 force-feedback Jan 02 16:16:22 but problem is that event5 name is not stable Jan 02 16:16:29 so what? Jan 02 16:16:30 use by-id or by-path Jan 02 16:16:38 no by-id Jan 02 16:16:40 :) Jan 02 16:16:41 Or is that not available? Jan 02 16:16:43 Yeah, that Jan 02 16:16:49 need to match against "Input device name" (which is "twl4030:vibrator") Jan 02 16:16:59 Pali: ls /dev/input/by-id :) Jan 02 16:17:02 Pali: we can add another class Jan 02 16:17:16 or maybe just "*:vibrator" Jan 02 16:17:16 the same way I did for switches Jan 02 16:17:30 Pali: no, we'd rather mach on EV_FF Jan 02 16:17:33 *match Jan 02 16:17:36 instead of a name Jan 02 16:17:49 I was thinking the same for gpio-keys Jan 02 16:17:53 Wizzup: no by-id in Maemo :-( Jan 02 16:18:19 freemangordon: yes, match against EV_FF could work too Jan 02 16:18:24 to parse supported keys/switches and to choose what we need Jan 02 16:18:46 $ ll /sys/class/input/input*/capabilities/ff Jan 02 16:18:58 freemangordon: that match is really easy ^^^ Jan 02 16:19:00 hmm, no there is evdev ioctl for that Jan 02 16:19:17 ok Jan 02 16:19:24 as we can get the supported buttons as well Jan 02 16:22:16 getting the name is EVIOCGNAME Jan 02 16:23:58 Wizzup: seems you know evdev, could you write a function that gets "/dev/input/eventX", event types and buttons to match and returns fd if those match? Jan 02 16:24:15 yes Jan 02 16:24:19 great Jan 02 16:24:39 C, right? Jan 02 16:24:43 yep Jan 02 16:24:50 will do Jan 02 16:24:56 thanks! Jan 02 16:25:12 do you want to match against something hardcoded? Jan 02 16:25:20 (I guess so?) Jan 02 16:25:23 Wizzup: BTW, can we disable some of the keys via evdev interface? Jan 02 16:25:31 no hadcoded Jan 02 16:25:36 a parameters Jan 02 16:26:01 like match("/dev/input/event1", EV_KEY Jan 02 16:26:02 input devices are immutable, what can be done is grabbing the device (being the sole program to get the events), making a new input device, and filtering certain events Jan 02 16:26:11 oops Jan 02 16:26:17 ... Jan 02 16:26:22 match(file, EV_KEY, KEY_A) ? Jan 02 16:26:33 yes Jan 02 16:26:38 sure Jan 02 16:26:49 but 2 and 3 parameters should be arrays IMO Jan 02 16:27:14 or somesuch Jan 02 16:27:29 ack Jan 02 16:27:30 to be able to match both EV_SW and EV_KEY, for example Jan 02 16:27:46 with apprpriate masks for keys and switches Jan 02 16:27:48 I would say that param 2 should not be - since EV_SW cannot have KEY_A for example Jan 02 16:27:53 well, I guess that is possible though Jan 02 16:27:57 just needs to be well defined/clear :) Jan 02 16:28:22 haveing integer array as a second and third parameter should do the job Jan 02 16:28:33 {EV_KEY, EV_SW, -1} Jan 02 16:28:33 ack. Jan 02 16:28:49 and array of integer arrays for the third Jan 02 16:29:56 {{KEY_A, KEY_B, -1},{SW_KEYPAD_SLIDE, SW_CAMERA_LENS_COVER, -1}}; Jan 02 16:30:03 Wizzup: ^^^ Jan 02 16:32:58 Ack Jan 02 16:37:36 will need like 30 mins. Jan 02 16:38:06 no hurry Jan 02 16:55:45 freemangordon, Wizzup: there is sysfs entry for disabling: /sys/class/input/input*/device/disabled_keys /sys/class/input/input*/device/disabled_switches Jan 02 16:55:55 Pali: I know Jan 02 16:56:22 the point is that it would have been easier if we could do it via evdev interface Jan 02 16:56:55 but this is specific for gpio-keys.ko driver :-( Jan 02 16:57:04 Pali: ah, tmyk Jan 02 16:57:10 ah, right. Jan 02 16:57:20 Pali: yes, exactly Jan 02 16:58:27 gpio-keys.ko support it only via sysfs Jan 02 16:59:18 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/drivers/input/keyboard/gpio_keys.c#n58 Jan 02 17:02:22 yeah Jan 02 17:26:03 freemangordon: http://sprunge.us/BJdY?c something like this Jan 02 17:26:24 the defines at the top of the function are taken from evtest Jan 02 17:30:16 ah - there is a bit more I have to clean up Jan 02 17:30:19 stray call that is not required Jan 02 17:33:59 http://sprunge.us/baKa?c should do it Jan 02 17:45:47 removed extra q = 0; -> http://sprunge.us/ZVfM?c Jan 02 18:00:17 the NULL is not required in the key_keys arg Jan 02 18:37:09 chem|st: xes: warfare: why does tmo block *reading* visitors? Jan 02 18:37:30 >>Sorry, it seems that you are using an IP address or a proxy that is listed in the forum anti spam blacklist.<< Jan 02 18:37:53 how would a visitor spam the forum? Jan 02 18:40:01 I haven't checked this yet (I can't tbh, wrong unblocked IP) but reports from Hellekin suggest the forum spits out that error message quoted above for visitors simply trying to read an arbitrary post like http://talk.maemo.org/showthread.php?p=1492838 Jan 02 19:14:55 Wizzup: thanks; will look at later Jan 02 19:15:07 no rush Jan 02 19:23:08 xes: warfare: chem|st: I'd think DoS by unregistered visitors would get blocked by traffic shaping or fail2ban, access to login page by fail2ban or vbulletin internal means when number of failed tries per time from one IP fail, and only access to registration page needs spam-list blocking. No? Jan 02 19:31:50 "sorry, Tor users are not allowed to *read* this forum" is silly Jan 02 19:36:48 I can see how Tor is prolly used by spammers to write posts, but it is also used by the most privacy and security aware legit users to _read_ tmo. The latter shouldn't get blocked Jan 02 19:37:55 no read access should get blocked, only write access Jan 02 19:38:27 (except in case of [D]DoS) Jan 02 19:43:16 hmm, possibly another 'user' (actually bot) used same Tor exit node to brute-force try to register to tmo. So the only feasible way to block this is to ban the tor node IP, assuming our infra blocks on firewall level this would result in such effect Jan 02 19:51:08 +1 for read-access Jan 02 20:06:31 freemangordon: new version of module-init-tools is in cssu-devel, now modprobe should take params also from kernel cmdline Jan 02 20:34:24 warfare: xes: assuming IP filtering is done on firewall, we need a "RPC-channel" from tmo engine to the firewall to add 'offender IPs' Jan 02 20:36:40 tmo engine should only blacklist actual offenders, not do a preemptive block of whole RMBs Jan 02 20:38:23 IOW the attack detection must run on tmo, only the teckling of tagged offenders may happen on firewall. And FW should automatically clean out expired IPs from block table after some relatively short period (24h?) Jan 02 20:58:42 Pali: good Jan 02 20:58:46 DocScrutinizer05: The IP Filter is implemented in Apache and pulls a stop-forum-spam list. Only blocking registration and/or posting might pose a bit difficult. Jan 02 20:59:30 Pali: coiuld you upgrade to -rc7, to see if net bug is still there? If it is, I'll try to bisect Jan 02 20:59:44 warfare: I see Jan 02 21:00:42 warfare: a tad cumbersome for innocent users only wanting to read a post and getting rejected just because they have the wrong IP Jan 02 21:01:18 DocScrutinizer05: yes, definitely. Maybe there is some anti-spam support in vbulletin. Jan 02 21:01:25 maybe we need a read-only mirror without filtering ;-) Jan 02 22:08:12 DocScrutinizer05: warfare: hi! Vbullettin has antispam modules that fail very very often Jan 02 22:21:03 if one ip is in our blacklist it means that it's been reported for malicious activity. I have checked almost every complaint and there was a real plausible reason for the presence in the list. So, in that list there aren't "innocent" users. Which is the purpose to grant a read only access to these bots and spammers? Jan 02 22:25:20 since the blacklist has been applied, i can remember <10 spam posts. When there was only the vbullettin antispam .... well, ask the numbers to the moderators Jan 02 22:36:39 xes: what about Tor nodes? Jan 02 22:36:53 and huge NATted networks Jan 02 22:39:46 DocScrutinizer05: do you know which kind of traffic is generated by tor? Jan 02 22:40:03 all sorts of traffic are routed via tor Jan 02 22:40:39 yes, probably a lot of spammers use tor as well. But also absolutely innocent users do Jan 02 22:41:30 sure. One you have a minute compare the tor exit nodes list with the list of recent attacks on the web Jan 02 22:41:42 I don't know traffic _generated_ by tor though. Except of course between tor nodes Jan 02 22:42:33 anyway, i can see how this solution is far from perfection (if a perfection exists) Jan 02 22:42:42 Tor is basically a NAT service, at least as seen from the outside Jan 02 22:44:02 but we need an efficient solution that vbulletin addons can't provide Jan 02 22:44:06 there are other NAT that have a very huge userbase behind them. GPRS cellular serices come to mind, and in some eastern-european countries it seems even wired internet is fed through a NAT Jan 02 22:46:13 I can see a very simple 10-liner "addon" to handle this: on register page check IP of current user against RBL IP list. If match, send that IP to FW for blocking Jan 02 22:46:19 yes, i know Jan 02 22:46:42 "eastern-european" Jan 02 22:46:56 one of the major italian ISPs does carrier-grade NAT Jan 02 22:47:06 hmm dunno, kerio. That's what I seem to remember Jan 02 22:47:17 no i mean Jan 02 22:47:20 you don't have to go that far Jan 02 22:47:24 ok Jan 02 22:47:28 G8 country Jan 02 22:47:37 carrier-grade NAT on a major wired ISP Jan 02 22:47:46 kerio: most major german cable providers do this. Jan 02 22:48:09 i think that verizon in the US does nat64 on the phones Jan 02 22:52:57 how about giving my 10-liner idea a shot? Jan 02 23:04:38 tmo could even report each IP accessing the login page, and FW does the lookup in the RBL and adds the IP to netfilter only when it's a hit in RBL Jan 03 00:41:19 freemangordon: minor cleanup http://sprunge.us/jBCN?c **** ENDING LOGGING AT Sun Jan 03 02:59:58 2016