**** BEGIN LOGGING AT Mon Nov 28 03:00:00 2016
Nov 28 06:13:47 <KotCzarny> totalizator: i think i saw allwinner tablets with eink displays, might be interesting i fyou plan on anything other than android
Nov 28 08:21:07 <warfare> Great, we're hit by a kernel bug. https://bugs.launchpad.net/ubuntu/+source/linux-lts-utopic/+bug/1492146 
Nov 28 08:22:17 <KotCzarny> 3.16 seems old?
Nov 28 08:22:38 <warfare> Apparently this is still present in 4.8.10.. 
Nov 28 08:23:32 <warfare> "igb 0000:02:00.1 eth1: Reset adapter"
Nov 28 08:24:47 <KotCzarny> can you add different network device?
Nov 28 08:28:56 <warfare> Nope :D 
Nov 28 08:29:28 <KotCzarny> damn those crippled proprietary overpriced servers!
Nov 28 10:18:35 <zGrr> moin :)
Nov 28 16:29:35 <gionata1> q
Nov 28 17:59:59 <warfare> Sorry, more maintenance going on.. 
Nov 28 18:03:08 <sicelo> on which resources?
Nov 28 18:13:34 <warfare> *.maemo.org 
Nov 28 18:14:18 <warfare> I'll post a detailed writeup to the whole fuckup with maemo.org hardware when it is solved. Please be patient with us, our servers don't seem to love us at the moment. 
Nov 28 18:20:49 <sicelo> :)
Nov 28 18:20:56 <sicelo> thanks for the work
Nov 28 18:24:06 <warfare> It's even harder when there are 8kgs of tomcat requiring cuddles on your desk..
Nov 28 18:25:06 <warfare> I think everything should work now. I'll post a complete post-mortem later.
Nov 28 19:38:48 <DocScrutinizer05> I hope you all deactivated TR-069 in your routers
Nov 28 20:00:14 <DocScrutinizer05> https://en.wikipedia.org/wiki/TR-069 what a terribly broken-by-design concept
Nov 28 20:00:56 <L29Ah> what's wrong with tr69?
Nov 28 20:01:11 * L29Ah is a proud implementer of this xml shit
Nov 28 20:01:25 <DocScrutinizer05> remote administration without any individual control
Nov 28 20:01:52 <L29Ah> there's individual control: cpe tells the server its id
Nov 28 20:02:02 <DocScrutinizer05> HAHA yeah
Nov 28 20:02:13 <DocScrutinizer05> like phones tell BTS their ID
Nov 28 20:02:18 <L29Ah> what's wrong?
Nov 28 20:02:34 <DocScrutinizer05> the idea that the server/BTS is trusted
Nov 28 20:02:41 <L29Ah> oh, this thing
Nov 28 20:02:52 <L29Ah> yes, tr069 means the cpe is owned by your isp
Nov 28 20:03:02 <DocScrutinizer05> or your friendly hacker
Nov 28 20:03:15 <L29Ah> it's not inherently mitm'able
Nov 28 20:03:34 <DocScrutinizer05> not inherently but *very* prone 
Nov 28 20:03:52 <L29Ah> just like any other http
Nov 28 20:04:06 <L29Ah> https, even
Nov 28 20:04:27 <DocScrutinizer05> just nobody within a sane mind dares to remote-admin stuff at such pathetic authentication level
Nov 28 20:04:31 <L29Ah> it may be configured by dumbasses, i agree
Nov 28 20:05:18 <DocScrutinizer05> and obviously the implementations are buggy like hell
Nov 28 20:05:39 <DocScrutinizer05> http://www.heise.de/newsticker/meldung/Telekom-Stoerung-BSI-warnt-vor-weltweitem-Hackerangriff-auf-DSL-Modems-3506556.html
Nov 28 20:06:13 <DocScrutinizer05> 900k pwned devices, in TELEKOM alone
Nov 28 20:06:32 <DocScrutinizer05> thank you TR-069
Nov 28 20:06:47 <L29Ah> you're talling it like there are better alternative
Nov 28 20:06:53 <L29Ah> s/are/is a/
Nov 28 20:06:54 <infobot> L29Ah meant: you're talling it like there is a better alternative
Nov 28 20:07:25 <DocScrutinizer05> the whole thing is basically useless
Nov 28 20:07:52 <L29Ah> your grandma doesn't know shit about network configuration, what would she do if her isp must change some intricate details of the communication channel?
Nov 28 20:08:07 <DocScrutinizer05> meh!
Nov 28 20:08:16 <L29Ah> like the vpn solution they love to use due to the cheapness of dumb ethernet switches
Nov 28 20:08:51 <L29Ah> and i guess dsl stuff has a lot config of it's own, never touched it
Nov 28 20:09:07 <L29Ah> also docsis shit
Nov 28 20:09:32 <L29Ah> not everyone is lucky enough to have ip over ethernet these days
Nov 28 20:15:57 <DocScrutinizer05> there were DSL routers (and even [USB-]modems) *before* invention of TR-069, and that worked and still works
Nov 28 20:16:43 <DocScrutinizer05> TR-069 is absolutely optional, just for convenience of the ISP
Nov 28 20:18:42 <DocScrutinizer05> I deactivate it whenever possible, not only on my devices but also whenever I do service for others
Nov 28 20:20:53 <L29Ah> config files are absolutely optional, just for convenience of the admin
Nov 28 20:21:17 <L29Ah> i disable them whenever possible and write my configuration in the source code
Nov 28 20:27:14 <DocScrutinizer05> I bet you'd better do that, since *I* am YOUR ADMIN
Nov 28 20:27:15 * DocScrutinizer05 magically changes L29Ah's IRC client's config files, with immediate effect on the client executable's behavior
Nov 28 20:28:01 <L29Ah> i'm not your grandma :P
Nov 28 20:28:06 <DocScrutinizer05> you are
Nov 28 20:28:35 <DocScrutinizer05> neither me nor my clients are the ISP's bitch
Nov 28 20:28:40 <xy2_> hey DocScrutinizer05 
Nov 28 20:28:58 <DocScrutinizer05> and honestly nobody should be
Nov 28 20:29:27 <L29Ah> wtf
Nov 28 20:29:30 <DocScrutinizer05> there's *absolutely zilch* the ISP needs to configure on *any* DSL router
Nov 28 20:29:35 <L29Ah> cpes are no big deal
Nov 28 20:29:59 <L29Ah> you're like OH THIS IRC SERVER WANTS ME TO ANSWER PONG, FUCK YOU I WON'T, I'M NOT AN IRC SERVER'S BITCH
Nov 28 20:30:02 <warfare> DocScrutinizer05: SIP settings. 
Nov 28 20:30:31 <DocScrutinizer05> meh!!
Nov 28 20:31:01 <L29Ah> also there are isp-owned cpes that sell wifi to other users
Nov 28 20:31:10 <L29Ah> so you can have a cheaper internet access
Nov 28 20:31:40 <L29Ah> and they can have wifi virtually everywhere in a city
Nov 28 20:31:50 <DocScrutinizer05> that's exactly the attack vector how "hackers" get my grandma to pay 1000s of bucks for phone calls she never initiated
Nov 28 20:32:37 <L29Ah> people can steal your credit card and buy stuff with it
Nov 28 20:32:43 <L29Ah> let's trash credit cards
Nov 28 20:32:47 <L29Ah> fuck burglars
Nov 28 20:33:18 <DocScrutinizer05> no, nobody ever stolen my credit card, and even then they wouldn't have a way to use it since we have PIN for it here
Nov 28 20:33:35 <L29Ah> don't worry, there're skimmers for that
Nov 28 20:33:46 <DocScrutinizer05> no, none I'd not notice
Nov 28 20:34:01 <L29Ah> :D
Nov 28 20:34:12 <L29Ah> ppl even modify the internals of atms for that
Nov 28 20:34:17 <L29Ah> so you won't notice it
Nov 28 20:34:42 <DocScrutinizer05> ok, POS are immanent threat for skimming but then, I don't care since my CC doesn't get stolen
Nov 28 20:35:10 <DocScrutinizer05> HAHA here all people can do to ATM is blow then up with gas
Nov 28 20:35:28 <L29Ah> have you erased that magnetic strip on your card?
Nov 28 20:35:59 <DocScrutinizer05> why would I? even if it's getting copied at a ATM I'm not responsible for the fraud
Nov 28 20:36:13 <L29Ah> same for isp bullshit
Nov 28 20:36:50 <DocScrutinizer05> yeah sure, you already have fought that battle against your ISP / SIP provider, right?
Nov 28 20:36:53 <DocScrutinizer05> and won
Nov 28 20:37:59 <L29Ah> ofc not, i'm not your grandma w/ docsis and tr069
Nov 28 20:38:36 <L29Ah> i leave this pleasure for ppl who find it more fun than computer networking knowledger :P
Nov 28 20:38:54 <DocScrutinizer05> you won't convince me TR-069 is something useful, great, needed
Nov 28 20:39:08 <L29Ah> i haven't planned to do this
Nov 28 20:39:20 <DocScrutinizer05> not even my grandma needs that crap
Nov 28 20:39:21 <L29Ah> it's a shitty kludge indeed
Nov 28 20:55:27 <DocScrutinizer05> >>The session is always started by the device (CPE)...<< is a first but insufficient step to secure TR-069. And the today's (yesterday's) attack seems to have exploited implementation flaws by connecting to CPE port 7547 from extern
Nov 28 20:56:21 <DocScrutinizer05> why would anybody run a crappy insecurely implemented and buggy service on their frontend device, when such service doesn't provide *any* benefit to them?
Nov 28 20:57:50 <DocScrutinizer05> *sometimes* when I feel lazy, I connect a new router to DSL with TRY-069 enabled, to get provisioning automatically so I save me all that typing, but then I *always* disable that service since it's no longer needed
Nov 28 20:58:40 <warfare> The S in IoT stands for security. 
Nov 28 20:59:01 <DocScrutinizer05> I see ;-P
Nov 28 20:59:47 <DocScrutinizer05> when ISPs would care about their customers' security at all, they'd ship preconfigured DSL routers instead of running a TR-069 infra
Nov 28 21:00:45 <DocScrutinizer05> but that costs them a non-recurring-expense 5 bucks more per customer
Nov 28 21:00:47 <warfare> You don't want that. Especially not when doing triple-play. 
Nov 28 21:01:26 <DocScrutinizer05> triple-play is a brainfuck anyway in my book
Nov 28 21:03:28 <DocScrutinizer05> sending digital video over TCP-IP internet over TV cable, go figure!!!
Nov 28 21:04:42 <DocScrutinizer05> broadcast per definition of the thing and word is a one-to-many transmission, abusing a one-to-one infra for that is a huge idiocy
Nov 28 21:05:39 <warfare> DocScrutinizer05: That's why dtag is doing multicast for iptv. 
Nov 28 21:05:41 <DocScrutinizer05> I know there's stuff like video on demand etc, but then there's also youtube and flickr and whatnot which don't need any triple-play
Nov 28 21:06:59 <DocScrutinizer05> I'm quite sure they _need_ multicast to pull of that braindamaged stunt
Nov 28 21:07:40 <DocScrutinizer05> otherwise for 10 million households you'd need 1 million servers and all of them need their own fat backbone
Nov 28 21:08:14 <DocScrutinizer05> pull off*
Nov 28 21:11:07 <bencoh> multicast actually works only for live streams, btw
Nov 28 21:11:25 <bencoh> you still have the issue for VOD services
Nov 28 21:11:27 <DocScrutinizer05> ...and tbh I don't know a single friend or customer of mine who actually uses that IPTV stuff
Nov 28 21:11:45 <bencoh> DocScrutinizer05: have a look at the french market :)
Nov 28 21:12:06 <bencoh> pretty much everyone sell so-called-triple-play services nowadays
Nov 28 21:12:08 <DocScrutinizer05> thus I never felt like any of the routers I service or serviced needs TR-059
Nov 28 21:13:11 <DocScrutinizer05> and nobody called me today complaining that their phone, internet, or TV doesn't work anymore :-))
Nov 28 21:15:46 <L29Ah> if they don't, isps wouldn't have used it
Nov 28 21:15:56 <L29Ah> but in fact they're paying me to implement it for them
Nov 28 21:16:28 <L29Ah> not all of them ofc
Nov 28 21:19:27 <DocScrutinizer05> DTAG/TELEKOM for a long time offered VDSL (50MB) *only* bundled with IPTV and by redoing their calculations you can see they charge you premium for the IPTV stuff even when you don't want it. So for ISPs it's more been a matter of maximizing their margin than anything else, Customer demand had to be created for the product, and it's still low
Nov 28 21:21:58 <L29Ah> yeah who needs this iptv bullshit when there's youtube and piratebay
Nov 28 21:22:03 <L29Ah> your grandma probably
Nov 28 21:22:42 <DocScrutinizer05> no, my grandma still uses radio frequencies to watch TV
Nov 28 21:23:11 <DocScrutinizer05> meanwhile DVB-T
Nov 28 21:23:57 <DocScrutinizer05> she never fell for the "awesome new user experience to watch TV in HDTV"
Nov 28 21:24:15 <DocScrutinizer05> she couldn't even tell the difference ;-)
Nov 28 21:30:03 <DocScrutinizer05> otherwise she could use https://www.zdf.de/live-tv instead of piratebay
Nov 28 21:31:39 <DocScrutinizer05> no need for IPTV at all
Nov 28 21:33:30 <DocScrutinizer05> IPTV is just a way to circumvent net neutrality and offer customers (and providers?) premium bandwidth
Nov 28 21:33:56 <DocScrutinizer05> "offer"
Nov 28 21:34:10 <L29Ah> net neutrality is a joke anyway
Nov 28 21:34:16 <DocScrutinizer05> read: force them to use
Nov 28 21:36:34 <DocScrutinizer05> and of course pay for
Nov 28 22:00:11 <DocScrutinizer05> warfare: (SIP) basically *almost* same situation. Last time I checked, all telephony providers that now switch to double/triple-play also offer plain old SIP VoIP  as alternative method to connect to your telephony account
Nov 28 22:01:34 <warfare> DocScrutinizer05: Sure, but it is easier to "just plug in the white box" than "configure your sip account on $device and configure the necessary portforwardings on your router" 
Nov 28 22:03:09 <DocScrutinizer05> of course, and that's particularly true for 'my granny'
**** ENDING LOGGING AT Tue Nov 29 03:00:00 2016