**** BEGIN LOGGING AT Sat Jul 15 03:00:05 2017
Jul 15 04:38:18 <sicelo> software based wifi ap - hostapd?
Jul 15 04:47:11 <DocScrutinizer05> BUG!!  entropy runs dry in maemo5 (internet over WLAN, ssh session established). Though poolsize is 4096, it lingers at 177 and drops from 235 to 177 within minutes
Jul 15 04:47:37 <DocScrutinizer05> damn! 133
Jul 15 04:49:39 <DocScrutinizer05> though this isn't a problem per se it may have security implications. But particularly weird is what actually drains it
Jul 15 04:50:33 <DocScrutinizer05> processes actually doing blocking read from /dev/random may freeze/lag
Jul 15 04:52:46 <DocScrutinizer05> suggested measures: find (and fix) the process draining entropy pool. There should be no need for random numbers in normal idle system, IP stack should use its own less valuable source of entropy for sequence numbers etc. 
Jul 15 04:58:54 <DocScrutinizer05> run a process that monitors and - when needed - fills entropy pool from "unusual" sources like the used internet connection itself. E.G from a `iwlist scan`
Jul 15 05:03:19 <DocScrutinizer05> other possible sources of entropy:  bq27200 battery voltage, current; audio sampling from microphone; audio sampling from FM-RX(!) white noise when tuned to no station; accelerometer (poor); ALS (poor, low bitcount). All of the aforementioned only lower significant few bits
Jul 15 05:05:24 <DocScrutinizer05> the entropy-generating `ls /*` is probably a very poor quality entropy source, given the lack of any mechanical components or quantum effects involved in the whole process
Jul 15 05:08:26 <DocScrutinizer05> actually this might be one source of hangs in ssh sessions and generally IP traffic
Jul 15 05:15:31 <DocScrutinizer05> http://paste.ubuntu.com/25094143
Jul 15 05:15:46 <Maxdamantus> Suggested measures: ln -sf /dev/{u,}random
Jul 15 05:16:16 <Maxdamantus> Because random is practically never useful.
Jul 15 05:23:28 <Maxdamantus> I'm pretty sure ssh won't use /dev/random btw
Jul 15 05:23:30 <Maxdamantus> ssh-keygen might.
Jul 15 05:25:08 <DocScrutinizer05> freemangordon: ^^^ what do you think?
Jul 15 05:27:50 <Maxdamantus> If only Linux had some sort of CSPRNG that people could read the output of but not the state.
Jul 15 05:32:24 <DocScrutinizer05> seems I fail to find a way to add to available entropy in /dev/(u)random
Jul 15 05:36:13 <DocScrutinizer05> this is expected according to https://linux.die.net/man/4/random but it's pretty annoying nevertheless. Could we patch the device drover so it offer some writable node in /proc or /sys to actually *add* to the available entropy pool?  http://paste.ubuntu.com/25094214
Jul 15 05:37:27 <DocScrutinizer05> also note that `iwlist scan` seems to block the WLAN for a short (0.5s?) period by itself, during which no data traffic is possible
Jul 15 06:19:25 <DocScrutinizer05> OHMY
Jul 15 06:19:31 <DocScrutinizer05> IroN900:~# lsof |grep random
Jul 15 06:19:33 <DocScrutinizer05> csd         804       root    9r   CHR        1,9                1757 /dev/urandom
Jul 15 06:19:34 <DocScrutinizer05> telepathy  2010       user    9r   CHR        1,9                1757 /dev/urandom
Jul 15 06:19:36 <DocScrutinizer05> browserd   2712       user   12r   CHR        1,9                1757 /dev/urandom
Jul 15 06:19:37 <DocScrutinizer05> browserd   4145       user   12r   CHR        1,9                1757 /dev/urandom
Jul 15 06:24:33 <DocScrutinizer05> https://github.com/postmarketOS/pmbootstrap/wiki/nokia-rx51-(Nokia-N900)
Jul 15 06:26:44 <DocScrutinizer05> >>The first non-Android device! It comes with a hardware keyboard, so one can type in the full disk encryption password directly. It uses pali's 4.6 kernel, which is relatively close to mainline already.<<
Jul 15 06:28:49 <KotCzarny> it might be a bit too much of tinfoil hat, but maybe nokia got crushed by international evil  forces for trying to make linux on phones happen
Jul 15 07:02:15 <DocScrutinizer05> https://ollieparanoid.github.io/post/security-warning/  to cure your tinfoil hat feelings
Jul 15 07:03:24 <DocScrutinizer05> >>That can be used to turn your device silently into a surveillance device, because these components have direct access to your device's RAM (via DMA)<< not on N900
Jul 15 07:04:50 <DocScrutinizer05> at least as far as anybody knows. And for sure not on Neo900 ;-)
Jul 15 07:13:04 <hurrian> One benefit of having a USB^H^H^H HSI modem ;)
Jul 15 07:16:07 <DocScrutinizer05> yes
Jul 15 07:17:28 <DocScrutinizer05> I couldn't resist editing the nokia-rx51-(Nokia-N900) wiki page ;-D
Jul 15 07:18:49 <DocScrutinizer05> FOSS radio stack, the most common pipe dream
Jul 15 07:19:02 <DocScrutinizer05> will *never* happen
Jul 15 07:19:34 <DocScrutinizer05> and even if id would, I wouldn't dare using it
Jul 15 07:19:41 <DocScrutinizer05> it*
Jul 15 07:19:53 <hurrian> an open s/w interface to the baseband and AP-managed access is enough though :D
Jul 15 07:20:14 <DocScrutinizer05> yes
Jul 15 07:22:28 <DocScrutinizer05> I regret not having bookmarked any of those stories about US citizens sentenced to unspeakable 6 digit fines for using non-certified RF transmitter equipment
Jul 15 07:23:31 <DocScrutinizer05> like, USD300,000 plus some time in jail iirc
Jul 15 07:23:42 <hurrian> guess that was why having a SDR module embedded in the Neo900 wasn't a design goal? :p
Jul 15 07:23:59 <DocScrutinizer05> no
Jul 15 07:24:15 <DocScrutinizer05> SDR is greedy and expensive
Jul 15 07:24:32 <hurrian> yeah, the sheer power and RF board routing requirements would be crazy
Jul 15 07:24:39 <DocScrutinizer05> and we actually have sort of SDR, for NFC
Jul 15 07:24:50 <hurrian> but then again, so would a phone with a software defined baseband
Jul 15 07:26:03 <DocScrutinizer05> well, it's not _really_ SDR, it just has a MCU for protocols
Jul 15 07:26:23 <hurrian> the Neo900 has NFC?
Jul 15 07:26:28 <DocScrutinizer05> yes?
Jul 15 07:27:12 <hurrian> cool, didn't know that. guessing some modification to the back cover would be required?
Jul 15 07:27:46 <DocScrutinizer05> http://neo900.org/stuff/papers/nfc-draft.pdf
Jul 15 07:28:16 <DocScrutinizer05> yes, probably. That's why we don't deliver an antenna with it per default
Jul 15 07:28:40 <DocScrutinizer05> or, we still need to evaluate which antenna we might use
Jul 15 07:29:13 <DocScrutinizer05> if we're extremely lucky, a flex foil PCB antenna will do
Jul 15 07:29:30 <DocScrutinizer05> that wouldn't need any massive modificarions to battery lid
Jul 15 07:30:30 <hurrian> my guess is reuse of one of those wireless charging receiver+NFC coils for Android (usually Samsung) phones
Jul 15 07:30:41 <DocScrutinizer05> :nod:
Jul 15 07:30:48 <DocScrutinizer05> that sort of stuff
Jul 15 07:31:17 <DocScrutinizer05> it's RF. so voodoo, so only possible to test in real device
Jul 15 07:31:45 <hurrian> and maybe bring two pogo pins through the back case of the N900, hoping they get close enough to the pads of said wireless charger pad
Jul 15 07:31:58 <DocScrutinizer05> umm
Jul 15 07:32:13 <DocScrutinizer05> http://neo900.org/stuff/papers/hb.pdf
Jul 15 07:32:55 <DocScrutinizer05> NFC_GND, NFC_ANT
Jul 15 07:33:12 <hurrian> yep, something like that
Jul 15 07:34:25 <hurrian> imagine how much fun could be had though given a few hundred thousand USD more in tooling (e.g. for plastic molds) could go- 5/6 inch N900?
Jul 15 07:34:32 <DocScrutinizer05> http://neo900.org/stuff/papers/hb.pdf#10  >> 4.3  Mechanical coupling with battery cover<<
Jul 15 12:33:18 <sicelo> oh gosh ... our mobile operator does not isolate clients, ie i can connect to other phones if they have any running services
Jul 15 12:33:33 <sicelo> surely that's wrong?
Jul 15 12:44:58 <KotCzarny> money stealer
Jul 15 12:45:44 <KotCzarny> unless you dont get charged for incoming packets
Jul 15 12:45:57 <KotCzarny> which is unlikely ;)
Jul 15 12:46:06 <KotCzarny> udp flood someone ;)
Jul 15 12:57:58 <sicelo> you don't get charged
Jul 15 13:11:01 <Maxdamantus> "connect" as in just a normal TCP connection?
Jul 15 13:11:31 <Maxdamantus> Presumably it should be the responsibility of the OS to not allow the ISP or anyone who happens to be on the internet to do bad things to it.
Jul 15 13:12:17 <Maxdamantus> I imagine it would be unreasonable to make a phone OS that assumes it's always behind some NAT/firewall provided by the ISP.
Jul 15 13:14:31 <Maxdamantus> I would also imagine the same set of "services" would generally be exposed over WiFi.
Jul 15 13:16:06 <KotCzarny> i would be afraid about possible costs of not putting phone behind the nat
Jul 15 13:22:19 <Maxdamantus> How would these "services" work behind a NAT anyway?
Jul 15 13:24:12 <KotCzarny> stun
Jul 15 13:39:25 <sicelo> connect normal tcp  connection .. yes. i can ssh my n900 from ny laptop using usb dongle with same cellular operator
Jul 15 14:05:59 <DocScrutinizer05> LOL
Jul 15 14:14:03 <sicelo> at least it doesn't charge anything
Jul 15 15:00:19 <sicelo> thebpower consumption though!
Jul 15 15:00:37 <KotCzarny> run tcpdump on it? :)
Jul 15 15:01:07 <sicelo> just tested ... running an 'htop' this way makes standby current draw to rise to 200mA with screen off
Jul 15 15:52:20 <DocScrutinizer05> inbound pings and other shite can't get blocked, the modem _has_to_ send ack
Jul 15 15:53:08 <DocScrutinizer05> the only way to stop is to disable the APN
Jul 15 16:06:21 <sicelo> inbound pings are actually blackholed by default on n900on gprs0, but allowed on the other connections
Jul 15 16:08:15 <sicelo>  /etc/network/if-up.d/00_disable_icmp_echo_reply
Jul 15 16:23:14 <DocScrutinizer05> inbound data package needs an ACK always, on GPRS OTA protocol, independent from TCP OR IP or whatever
Jul 15 16:23:25 <DocScrutinizer05> afaik
Jul 15 16:24:41 <DocScrutinizer05> think of it as an ethernet through GPRS/UMTS tunnel
**** ENDING LOGGING AT Sun Jul 16 03:00:00 2017