**** BEGIN LOGGING AT Fri Oct 25 03:00:04 2019 Oct 25 07:24:13 blogic: it's ok, go ahead, I didn't started with firmware-utils yet, as I wanted to first solve the unit testing Oct 25 07:27:59 rr123: jow: I think, that some onetime opt-in after first boot would be no brainer, "I've just installed version $VERSION on $BOARD running on $TARGET" [y/N] Oct 25 07:30:54 it would be nice to make(or find) some kind of anonymization service, so we could receive this information without the source IP address Oct 25 07:31:38 device -> anonymization service API endpoint -> stats.openwrt.org API endpoint Oct 25 07:33:02 blogic: there is just git commit mailing list, I'm not aware about any git commit bot Oct 25 07:51:39 I wanted to add the wil6210 to upstream openwrt. I ported the changes from semoo-lab to latest openwrt branch. Everything works expect the hostapd that autmatically gets configured. How do I cange it to a valid 802.11ad configuration? Oct 25 08:49:21 blogic: jow ynezz who manages the openwrt domain? Oct 25 09:08:03 aparcar[m]: I do, thess, stintel and lynxis should be able to do it as well Oct 25 09:10:33 jow: do you mind setting up the cname? Oct 25 09:10:48 context: keycdn Oct 25 09:16:57 where does it need to point to? Oct 25 09:19:48 cdn.openwrt.org 120 IN CNAME cdn-1212d.kxcdn.com Oct 25 09:23:04 jow: please ping me once it's up Oct 25 09:23:19 ping Oct 25 09:24:00 http://cdn.openwrt.org/ seems to be working Oct 25 09:24:04 how is SSL handled? Oct 25 09:24:37 right now https:// serves a cert with a *.kxcdn.com wildcard domain Oct 25 09:24:48 will take care of the footer banner Oct 25 09:26:10 jow: I'll figure out the ssl part. Can you write a line at the bottom like "CDN by KeyCDN"? Oct 25 09:31:50 Or "Powered by KeyCDN" and a link to https://www.keycdn.com Oct 25 09:40:28 aparcar[m]: done Oct 25 09:44:27 I used what you wrote yesterday, "Open Source Downloads supported by [KeyCDN]." Oct 25 09:50:13 jow: thanks Oct 25 09:50:19 yey Oct 25 09:50:22 Error 429 {"type":"urn:acme:error:rateLimited","detail":"Error creating new authz :: too many failed authorizations recently: see https:\/\/letsencrypt.org\/docs\/rate-limits\/","status":429} when calling the API Oct 25 09:52:28 sleep 3600; Oct 25 09:52:31 :p Oct 25 09:53:24 aparcar[m]: did you get login credentials? If so, could you please share them via gpg mail? Oct 25 09:53:44 ynezz: ^^ Oct 25 09:53:52 jow: yes I was about to tell you Oct 25 09:55:39 jow: where is your gpg key? Oct 25 10:01:41 aparcar[m]: you can find it at mein.io Oct 25 10:01:47 via http Oct 25 10:01:48 jow: the backend of openwrt and then such a wiki entry... https://openwrt.org/developers/jow Oct 25 10:03:27 oh log livestream? Oct 25 10:03:30 Warning: Potential Security Risk Ahead Oct 25 10:04:04 https://github.com/jow-.keys and I just give you access to a random server? Oct 25 10:04:17 actually fly over here seems the only save approach Oct 25 10:04:25 ???? Oct 25 10:05:35 https://git.openwrt.org/?p=keyring.git;a=blob;f=gpg/47D94086.asc works too if you don't trust http Oct 25 10:05:49 jow: mein.io with https:// gives me a security warning Oct 25 10:06:28 ah, didn't know I had dns there :P Oct 25 10:06:30 erm ssl Oct 25 10:06:35 oh okay, mein.io via https:// has some random login portal Oct 25 10:06:41 yeah Oct 25 10:06:47 anyhow, use the git link above Oct 25 10:06:53 there is letsencrypt or don't you want to get people into using https? Oct 25 10:06:58 I will Oct 25 10:07:37 its vhost with other stuff, and that other stuff happens to have letsencrypt ssl, so mein.io now has to have ssl too, which it didn't had before because I am lazy Oct 25 10:11:58 Sie haben Post Oct 25 10:14:12 I'll go to sleep but please try in some 35 minutes to activate let's encrypt Oct 25 10:14:52 no laziness if openwrt is on the plate! Oct 25 10:21:23 aparcar[m]: incorrect login Oct 25 10:21:52 jow: let's move this to PM before it gets awkward Oct 25 10:25:25 * karlp grins Oct 25 10:25:54 was pebkac on my side Oct 25 10:27:48 not this time karlp ;) Oct 25 10:43:04 hey, short question. are we due for a new 18.06 release? I would update the haproxy package in the coming days if it is. Oct 25 10:55:38 Hauke: any luck with something reproducible for that CVE-2019-15513 ? Oct 25 11:00:53 jow: cdn zone added, shoudl work anytime soon Oct 25 11:03:21 Help! Oct 25 11:04:06 Luci is painfully slow Oct 25 11:06:49 ssh to the device and check local dns resolution Oct 25 11:12:16 hm, downloads (82.6 MB/s) and CDN (3.73 MB/s) for ‘openwrt-sdk-18.06.4-ath25_gcc-7.3.0_musl.Linux-x86_64.tar.xz’ Oct 25 11:12:30 where is the improvement? :) Oct 25 11:13:36 ynezz: maybe cache misses and it doesn't want to ddos the backend server Oct 25 11:13:55 I've assumed the same, so tried it several times Oct 25 11:14:22 10.29 % Cache Hit Oct 25 11:14:42 mhh so I just saw a 500mbit peak in the monitoring Oct 25 11:14:54 let's give it a few hours to settle? Oct 25 11:15:59 tried from different locations already, can't do more then 4MB/s from CDN Oct 25 11:16:07 for the same file Oct 25 11:16:24 maybe it needs to finish the initial rsync over the pops :p Oct 25 11:17:04 ynezz: https://paste2.org/M3BULABd Oct 25 11:17:33 I'm connected via wifi so I'm quite confident it will improve Oct 25 11:18:08 maybe your isp already cached downloads.openwrt due to your high demand Oct 25 11:19:49 indeed, I'm downloading fresh 18.06.4 ath25 SDK every morning Oct 25 11:20:22 ynezz: you'd be surprised what can be found in the access logs Oct 25 11:20:57 I'm testing it from servers around the globe Oct 25 11:21:36 and I'm wondering how could they cache https downloads Oct 25 11:22:02 I can download at 11MB/s now (my current connection maximum) Oct 25 11:22:05 ok, rsync has finished Oct 25 11:22:11 was capped to 3.5 a few minutes back Oct 25 11:22:19 105MB/s now Oct 25 11:22:24 any link to a large download on the cdn to test? Oct 25 11:22:32 http://cdn.openwrt.org/releases/18.06.4/targets/apm821xx/sata/openwrt-sdk-18.06.4-apm821xx-sata_gcc-7.3.0_musl.Linux-x86_64.tar.xz Oct 25 11:22:38 thanks! Oct 25 11:23:07 4,45 MB/s from Sofia, but via tunneled IPv6 Oct 25 11:23:39 3,62 MB/s over IPv4. that IPv4 should die already ;) Oct 25 11:23:45 so we have 1000 credits to play with, wonder how long that lasts Oct 25 11:24:04 stintel: download at least 3 times Oct 25 11:24:12 ynezz: can you do ipv4 vs ipv6? Oct 25 11:24:29 aparcar[m]: propagation to local caches? Oct 25 11:25:14 16,5 MB/s the 3rd time on Telenet Belgium. 4th time 6,93 MB/s Oct 25 11:26:00 number of downloads seesm to have no influence Oct 25 11:26:20 strange... Oct 25 11:26:34 just wait few minutes Oct 25 11:26:44 maybe they are just not as fast :P? Oct 25 11:26:45 it probably needs some time to cache that file around the pops Oct 25 11:27:04 constant 105MB/s is amazing I would say Oct 25 11:27:17 (once it's in CDN) Oct 25 11:27:19 in any case the average speed is likely better around various parts of the world Oct 25 11:27:23 105, that's not your home connection is it? :) Oct 25 11:27:33 e.g. in australia or the far east Oct 25 11:27:37 it's online.net in Paris Oct 25 11:27:48 ^ stintel Oct 25 11:28:01 wonder how it handles upstream server outages, I suppose it continues serving stale data Oct 25 11:30:08 lets test it? :p Oct 25 11:30:15 not yet Oct 25 11:31:10 we also need to get a feeling for the price... aparcar[m] how's the agreement with them? do they reissue credits yearly, do we have to get in touch with them? Is it a onetime thing? Oct 25 11:34:22 jow: have a look at the zone definition with advanced options, you can set quite a lot of stuff there Oct 25 11:36:16 ah, wasn't aware about this credits part Oct 25 11:36:22 jow: I'll figure that out and update you. Oct 25 11:40:19 ynezz: I'm pretty sure thats not an issue Oct 25 11:41:56 I'm not implying that, just saying, that it wasn't stated (or I have skipped that part) in your email :) Oct 25 11:42:43 the speed is same here for IPv4/v6 Oct 25 11:52:29 HTTPS seems to work too now Oct 25 11:59:20 I was testing only over https Oct 25 12:02:08 ah okay. My pop seems to be lagging behind a bit **** BEGIN LOGGING AT Fri Oct 25 12:26:49 2019 Oct 25 14:30:43 Hello anyone know what's up with the slow down with luci? Oct 25 14:30:57 "the" slowdown? Oct 25 14:31:19 yeah, as I wrote a few hours back Oct 25 14:31:27 shs to your box and check local dns resolution Oct 25 14:31:38 its the most common cause of slowdowns Oct 25 14:32:21 The DNS isn't operational atm the router isn't connected to an internet connection Oct 25 14:32:43 non operational DNS ijs okay Oct 25 14:32:56 but DNS forwarded to a black hole is problematic Oct 25 14:33:07 e.g. nslookup openwrt.org should immediately fail, not hang Oct 25 14:33:43 Karlp Luci takes a long time (if at all) to load the login screen then take even more to sign in and show the options. Been like this for the better part of 2019 but I never bothered to diagnose the issue until now Oct 25 14:34:24 jow the issue, I believe, is uhttpd itself not DNS look up Oct 25 14:34:44 thagabe: cannot reproduce it here Oct 25 14:34:57 but some people reported that disabling http keepalive helped Oct 25 14:35:39 Right now I'm running mvebu with the basic compile and Luci + luci-openssl and everything is slow Oct 25 14:35:46 I'm currently working on this Oct 25 14:35:50 try luci-mbedtls instead Oct 25 14:35:58 people also reported that openssl is slow Oct 25 14:39:13 I'll try. But it used to work just fine before plus openssl is my go-to because I can use hardware acceleration Oct 25 14:41:40 well there were no changes to luci or uhttpd in ages Oct 25 14:41:51 to things involving ssl that is Oct 25 14:42:06 so its either libopenssl updates, libustream-ssl updates or a combination of both Oct 25 14:43:34 busybox has broken dns behaviour on exactly this sort of thing before though. Oct 25 15:09:51 Ah I was disconnected Oct 25 16:32:51 ynezz: I was too tired for CVE-2019-15513 yesterday Oct 25 16:33:56 Pepe: I am not sure if we should activate CONFIG_BRIDGE_VLAN_FILTERING in 18.06, it increases the kernel size by about 10KB to 20KB uncompressed Oct 25 16:34:10 we could make it depend on !low_mem Oct 25 16:34:37 Pepe: how and where do you want to use it? Oct 25 16:51:19 Is possible to update hostnames in wrt with nsupdate ( RFC2136 ) ? Oct 25 18:29:03 Hauke: yeah, could imagine that :] Oct 25 20:23:20 Ok back online on a pc Oct 25 20:23:53 Anyone experiencing painfully slow luci interface? I took jow's advice and opted to disable all ssl Oct 25 20:24:23 right now running basic packages for the 3200acm and luci Oct 25 20:24:27 no ssl **** BEGIN LOGGING AT Fri Oct 25 20:49:59 2019 Oct 25 21:30:57 Hauke: i am about to hit the sack, post your status on CVE-2019-15513 i'll prolly have time tomorrow but would not want ot duplicate work if you already started on the issue .... Oct 26 00:19:10 jow: are you aware of this: https://github.com/Ansuel/nginx-ubus-module Oct 26 00:19:48 uhttpd-modu-ubus for nginx basically Oct 26 00:22:08 rr123: jow's already commented on the PR adding it, so yeah, I think he knows :) Oct 26 00:27:17 cool, trying to play with reactjs+nginx here so this module comes in handy just in time **** ENDING LOGGING AT Sat Oct 26 02:59:57 2019