**** BEGIN LOGGING AT Thu Sep 14 03:00:00 2017
Sep 14 11:08:31 <jonwil> Should I be worried about this big bluetooth flaw affecting my N900? Or is keeping bluetooth turned off (which I do since I dont have any Bluetooth devices) sufficient to protect myself?
Sep 14 11:08:51 <KotCzarny> keeping it off should be enough 
Sep 14 11:10:37 <jonwil> Good.
Sep 14 11:11:04 <jonwil> At least on the N900 all the relavent bits of code (Bluez, kernel etc etc) are 100% open and can be patched.
Sep 14 11:11:18 <jonwil> Unlike many devices that can't be fixed except by the OEM
Sep 14 11:11:51 <jonwil> At least I believe all the bluetooth bits on the N900 are open source...
Sep 14 11:12:59 <jonwil> Actually some of the UI widgets (bluetooth status bar widget etc) are closed and haven't been cloned yet but I dont think that matters for this issue
Sep 14 11:39:35 <bencoh> jonwil: our kernel is too old
Sep 14 11:39:55 <bencoh> the vulnerable code didn't even exist at the time iirc
Sep 14 11:40:04 <jonwil> Ok that's good.
Sep 14 11:40:14 <bencoh> you probably have to worry anyway, but not because of that specific vuln :)
Sep 14 11:40:41 <bencoh> actually there's also a userspace vulnerability, and I haven't checked when it was introduced to the bluez userspace layer
Sep 14 11:40:59 <jonwil> I have bluetooth off so any bluez bugs wont be a problem I guess
Sep 14 11:41:05 <bencoh> indeed
Sep 14 11:42:44 <jonwil> If it does turn out our bluez is vulnerable, putting a fix into CSSU would probably be a good idea...
Sep 14 11:43:29 <jonwil> I feel sorry for all those people with crApple and Android devices that will never see a fix for this issue and never can because the blobs involved are closed source
Sep 14 11:45:12 <Wizzup> if they have such a device they probably do not care
Sep 14 11:49:33 <dmth|intevation> or my car's hifi system -.-
Sep 14 11:49:59 <bencoh> that one probably has a different implementation
Sep 14 11:50:14 <bencoh> (based on some RTOS system)
Sep 14 11:50:28 <dmth|intevation> maybe, maybe not. Let's hope it is.
Sep 14 11:50:31 <bencoh> and I'm quite certain it has its lot of vulns :p
Sep 14 11:51:01 <dmth|intevation> Me too
Sep 14 11:52:47 <jonwil> I dont have a car so that's not a problem for me :P
Sep 14 11:56:30 <sixwheeledbeast> I believe from backscroll, bluez is vulnerable but RCE vulnerability is only >=3.3-rc1.
Sep 14 11:57:17 <Wizzup> love how it hits 3.4, which is the basically *the* android kernel ;) 
Sep 14 11:57:52 <KotCzarny> you can use bluez 5.37 from backports on 3.x
Sep 14 11:58:15 <KotCzarny> though you need bsp ofc
Sep 14 11:58:37 <freemangordon_> My bmw's entertainment system is based on linux and iirc the kernel is something 3.x
Sep 14 11:59:02 <freemangordon_> I guess I should ask the dealer for an upgrade
Sep 14 11:59:04 <KotCzarny> without the sources you cant do anything other than turning it off ;)
Sep 14 11:59:37 <freemangordon_> sure I can - pester the dealer :)
Sep 14 11:59:55 <freemangordon_> or check for an update on BMW site
Sep 14 12:01:05 <sixwheeledbeast> good luck with that, I'd be surprised if they have heard of it.
Sep 14 12:01:49 <freemangordon_> they will :)
Sep 14 12:04:31 <KotCzarny> ehehe
Sep 14 12:11:35 <jonwil> What I dont get is why so many companies (companies that will rigorously enforce their copyrights when someone else is violating them) continue to use open source software and not comply with the license. Its not like publishing the source code to this stuff is difficult (and if it is, you are doing something wrong in your development processes)
Sep 14 12:12:19 <freemangordon_> well, at least BMW has GPL2 in the menus and you can request the code
Sep 14 12:12:26 <jonwil> That's a good thing then.
Sep 14 12:12:38 <freemangordon_> not that you can use it, as there is no way to sign the update, but still
Sep 14 12:15:55 <jonwil> Not that I would ever buy or drive a BMW (for all sorts of reasons) but its good to know they are at least publishing the code.
Sep 14 12:17:29 <jonwil> I just wish the right people (e.g. kernel devs) would put more pressure on those vendors that aren't following the license and aren't publishing the code they are required to publish (especially repeat offenders who do it again and again)
Sep 14 15:21:06 <merlin1991> freemangordon_: you pinged me the other day
Sep 14 15:59:17 <freemangordon> merlin1991: yes, I need advice on maemo-devuan packages versioning
Sep 14 15:59:42 <freemangordon> merlin1991: could you join ##fptf-private
Sep 14 19:02:06 <Enrico_Menotti> freemangordon BMW is Linux-based? Good to know. Do you have any readings about that to suggest me?
Sep 14 19:04:22 <KotCzarny> bt bug affects ALL systems
Sep 14 19:04:28 <KotCzarny> windoze and mac too
Sep 14 19:04:51 <freemangordon> Enrico_Menotti: only the entertainment system
Sep 14 19:05:02 <freemangordon> what kind of readings?
Sep 14 19:05:12 <Enrico_Menotti> Oh yes, I understood that.
Sep 14 19:05:48 <Enrico_Menotti> I mean some introduction about how that system works and what one may do to tweak it a bit so to enable, e.g., screen mirroring from smartphones.
Sep 14 19:06:32 <Enrico_Menotti> I have looked around and that is indeed doable, but the companies who sell that tweak are a bit... let's say... expensive.
Sep 14 19:07:21 <freemangordon> Enrico_Menotti: hmm, my is in guarantee, and it does its job pretty much ok, so I am not plying with it. BMW repairs are not exactly cheap ;)
Sep 14 19:07:39 <freemangordon> *mine
Sep 14 19:09:57 <Enrico_Menotti> Mine is no more guaranteed. Indeed I am thinking about looking for some tweak on the engine mapping too, but for that I need somebody with experience in order to avoid ruining the engine itself with too much stress. The entertainment system may be "extended" by buying some 3rd party extensions, and as far as I understand, they're mostly tricks to unlock features which are actually already embedded in BMW's system
Sep 14 19:09:58 <Enrico_Menotti>  (although hidden by default).
Sep 14 19:10:56 <freemangordon> afaik I have everything unlocked
Sep 14 19:11:26 <freemangordon> a2dp, office, voice, ...
Sep 14 19:12:43 <freemangordon> not to say I am not the type of guy who likes his car to be turned into a tablet :)
Sep 14 19:13:30 <freemangordon> I need power and stability, not fancy graphics
Sep 14 19:15:30 <Enrico_Menotti> :)
Sep 14 20:11:53 <blap> echo "Create ncurses based phone ui" >> ~/projectlist.txt
Sep 14 20:27:41 <sicelo> blap: why not join the fptf instead, and keep hildon/maemo relevant :-)
Sep 14 20:30:46 <blap> what is fptf?
Sep 14 20:30:54 <KotCzarny> ~fptf
Sep 14 20:30:59 <KotCzarny> ~ping
Sep 14 20:31:06 <KotCzarny> bot down. again
Sep 14 20:31:16 <blap> faster payments task force?  food protection task force?
Sep 14 20:34:11 <sicelo> Fremantle Porting Task Force 
Sep 14 21:21:40 <sixwheeledbeast> Flipping Pancake Test Facility?
Sep 14 21:49:54 <mike727> Any Aussies wanting a Droid4? This lady has messeged me about her's, but she's vague on price. https://i.imgtc.com/mb4VlYK.jpg
Sep 14 21:52:43 <blap> droid4 is best korea
Sep 15 00:14:26 <blap> would be nice to see maemo on it
**** ENDING LOGGING AT Fri Sep 15 03:00:01 2017