**** BEGIN LOGGING AT Sun Oct 28 02:59:59 2018
Oct 28 09:02:52 <KotCzarny> tricky question, how to discharge li-ion to ~40%
Oct 28 09:03:17 <KotCzarny> can it be done by observing voltage or another algo is a must?
Oct 28 10:46:33 <Vajb> KotCzarny: I think you need to know capacity and then count how much mAh you draw out
Oct 28 10:47:14 <KotCzarny> i'm interested if there is a way to do it without charge/discharge cycle which takes many hours
Oct 28 10:47:26 <Vajb> if you compare against voltage you end up with 40% of max voltage which is different than capacity
Oct 28 10:48:14 <KotCzarny> and if i have 10+ batteries whole process could take many weeks
Oct 28 10:48:54 <KotCzarny> best way would be multi-slot programmable charger
Oct 28 10:49:13 <KotCzarny> but those babies can cost a lot (or take some electronics skills, which i suck at)
Oct 28 10:49:42 <Vajb> crazy thougth, if you have capacitor which is about 60% of battery capacity. Charge it via resistor and monitor volatage. When they are level you have 40% left in battery
Oct 28 10:49:57 <Vajb> voltage*
Oct 28 10:51:08 <KotCzarny> i got me nice charger that can charge/discharge and also monitor voltage/capacity
Oct 28 10:51:42 <KotCzarny> but requires me observing it (ie. missing 'charge, discharge, then charge to 40%' option)
Oct 28 10:52:24 <KotCzarny> so far it looks like getting battery down to ~3.6-3.7V is equivalent to ~50% of capacity
Oct 28 10:54:27 <KotCzarny> i could use second digit after '.', right now i dont know if it rounds or floors the display
Oct 28 18:21:40 <halftux> sicelo: I could not start cutenews I don't know why no console output no crash but nothing happens :( for qmlbrowser I tried https://fancyssl.hboeck.de which is working with TLSv1.2...
Oct 28 18:27:09 <halftux> ah ok there were no permission for execution of showwindow from cutenews
Oct 28 18:36:42 * Maxdamantus has almost finished writing his TLS proxy, which should allow older browsers to work with new SSL servers.
Oct 28 18:39:29 <Maxdamantus> You just give the proxy a certificate and matching private key, and the proxy will use the server name indicator on incoming connections to forge certificates signed by that given certificate on the fly.
Oct 28 18:39:53 <Maxdamantus> then it can just make a normal outgoing SSL connection itself.
Oct 28 18:39:59 <halftux> oh sounds nice
Oct 28 18:40:03 <Maxdamantus> requires that given certificate to be trusted by the browser.
Oct 28 18:41:12 <Maxdamantus> (private key for the CA is reused as the private key for dynamically generated certificates, so there's no need to maintain some sort of certificate/key cache across the connections)
Oct 28 18:44:50 <halftux> and you will host that proxy? in which language is that proxy written?
Oct 28 18:45:03 <Maxdamantus> It will be something that should be run on the device itself.
Oct 28 18:45:22 <Maxdamantus> There are other programs that seem to do this, but they seem a bit heavy for running on N900.
Oct 28 18:45:35 <Maxdamantus> This one is just a ~400-line C program that depends on openssl and POSIX.
Oct 28 18:46:07 <halftux> that is nice
Oct 28 18:46:52 <halftux> which openssl version do you use at the moment?
Oct 28 18:53:18 <Maxdamantus> I think it should depend on 1.0.2g, since that's the first one with fairly easy peer certificate validation.
Oct 28 18:55:49 <Maxdamantus> openssl 1.1.0 builds fine under the old debian chroot I have though, so it could just be distributed as a statically linked program.
Oct 28 19:02:19 <Maxdamantus> Could also just disable certificate validation, but I don't want to encourage that.
Oct 28 19:04:09 <halftux> no good idea to disable it :D
Oct 28 19:06:07 <halftux> is openssl 1.1.0 working with the maemo standard certificates when it is statically linked? will a rehash of cerificates break them for older openssl, if it is needed for newer openssl??
Oct 28 19:12:54 <Maxdamantus> I think it should work with that, but it might be preferable to just copy a new ca-certificates file from somewhere and just override the default search path (using some openssl environment variable)
Oct 28 19:14:25 <Maxdamantus> Since I just see a bunch of certificates in PEM format in /etc/certs/common-ca on maemo ..e dunno exactly what openssl's search behaviour is.
Oct 28 19:15:13 <Maxdamantus> but again, should at least be able to just point it to a single ca-certificates file that doesn't have to interfere with the rest of the system.
Oct 28 19:20:29 <halftux> ok I see
Oct 28 19:21:00 <Maxdamantus> eh, wtf, wonder what this /etc/certs/trusted/root.{ca,key} is .. has amaemo been doing a superfish all this itime?
Oct 28 19:21:03 * Maxdamantus will look into it when he's onnot on the bus.
Oct 28 19:46:12 <Maxdamantus> Yeah, that's a matching certificate/private key (readable by non-root), hopefully it's not distributed to every maemo .. doesn't show a package with `dpkg -l`
Oct 28 19:46:50 <Maxdamantus> f44094ac587d71cceb1510ffdae80e335e44d8ff  /etc/certs/trusted/root.ca
Oct 28 19:47:10 * Maxdamantus wonders if someone else can show a sha1sum for that file.
Oct 28 19:51:23 <Vajb> f44094ac587d71cceb1510ffdae80e335e44d8ff
Oct 28 19:51:46 <Vajb> looks about the same Maxdamantus 
Oct 28 19:59:00 <Maxdamantus> Okay, so someone fucked up.
Oct 28 20:00:36 <Maxdamantus> So maemo beat superfish to not knowing how to handle certificates.
Oct 28 20:01:22 <Maxdamantus> orcus:~# mv /etc/certs/trusted ~/untrusted
Oct 28 20:01:34 * Maxdamantus will try to look into what that was for later.
Oct 28 20:02:04 <Maxdamantus> and someone should probably fix that, depending on how certificate search paths work.
**** ENDING LOGGING AT Mon Oct 29 03:00:00 2018