**** BEGIN LOGGING AT Mon Dec 28 02:59:59 2015 Dec 28 10:19:01 i think i got openssl-1.0.1k to build a .deb for maemo Dec 28 10:19:14 well, it's compiling after a couple fixes to the debian/ directory Dec 28 10:19:28 it's compiling now on scratchbox for x86 Dec 28 10:19:44 i thought it was going to fail so I didn't document anything Dec 28 10:19:54 but maybe this afternoon i got something testable on the device Dec 28 10:20:15 ceene: but why Dec 28 10:20:34 why? Dec 28 10:20:40 1.0.2 is the latest stable Dec 28 10:20:45 ah! Dec 28 10:20:46 lol Dec 28 10:20:46 we don't have backwards compatibility to maintain Dec 28 10:20:46 i know Dec 28 10:20:54 and 1.1.0 is going to come out soonish Dec 28 10:20:59 i know, i know Dec 28 10:21:09 but that was what i could get the easier Dec 28 10:21:16 doesn't debian sid have 1.0.2? Dec 28 10:21:17 due to my available debian distro Dec 28 10:21:22 i just did want to do a quick test Dec 28 10:21:24 yea Dec 28 10:21:34 if it goes well, i'll definitely import latest openssl available on sid Dec 28 10:21:41 yea sid has 1.0.2 Dec 28 10:21:43 i didn't thought it was going to be this easy Dec 28 10:21:47 1.0.2 will be then Dec 28 10:22:02 if this thing finishes compiling and the .deb installs, i'll start again from 1.0.2 and document everything Dec 28 10:22:13 should I request repo access to upload these changes somewhere? Dec 28 10:22:35 ceene: well, you can't actually ship it that way Dec 28 10:22:54 openssl is part of the main system, isn't it? Dec 28 10:22:57 yep Dec 28 10:23:04 you can't replace openssl 0.9.8 Dec 28 10:23:13 there are api mismatches, i guess Dec 28 10:23:26 maybe this package should be anew and called openssl-1 Dec 28 10:23:33 so both of them can be kept Dec 28 10:23:37 hm Dec 28 10:23:45 also, i think all apps are linked to libssl.0 or something Dec 28 10:23:47 at least until all openssl users are upgraded Dec 28 10:23:50 you should ask freemangordon or merlin1991 Dec 28 10:23:53 1.x would make it libssl.1 Dec 28 10:24:10 KotCzarny: i think the libssl and libcrypto versions are weirder than that, but yea Dec 28 10:24:12 something like that Dec 28 10:24:24 lol Dec 28 10:24:25 well Dec 28 10:24:31 first of all i want to have something that compiles Dec 28 10:24:35 i'll ask them later then Dec 28 10:24:40 to see what must be done Dec 28 10:24:41 so you should just create libopenssl-1 or something Dec 28 10:24:45 dont know what is the debian way Dec 28 10:24:51 i think it is Dec 28 10:25:09 python is python2.5, python2.7 and python3 Dec 28 10:25:11 so in turn you dont need repo access to openssl-0 Dec 28 10:25:36 either that or you keep shipping openssl 0.9.8 together with your openssl Dec 28 10:25:37 ii libssl1.0.0:armhf 1.0.1k-3+deb8u2 armhf Secure Sockets Layer toolk Dec 28 10:25:54 oh Dec 28 10:25:55 OH Dec 28 10:25:58 yea that works Dec 28 10:25:58 and metapackage openssl that relies on it Dec 28 10:26:16 it's not a metapackage if it actually has files Dec 28 10:26:25 the openssl commandline utility is in the openssl package Dec 28 10:26:30 well, package build failed :/ Dec 28 10:26:35 but it's probably easily fixable Dec 28 10:26:44 does maemo have the same package layout? Dec 28 10:26:45 fixable, maybe, stable? Dec 28 10:26:57 kerio, maemo is a debian spawn Dec 28 10:27:05 it's gonna be a matter of rewritting a couple debian/ directory things Dec 28 10:27:18 everything compiled Dec 28 10:27:23 but dpkg-build is protesting about something Dec 28 10:27:24 yes, but who knew what debian did in 1945 when they began working on maemo? Dec 28 10:27:28 *who knows Dec 28 10:27:30 lol Dec 28 10:27:38 well, i gotta go now Dec 28 10:27:44 just wanted to report this back Dec 28 10:27:47 that it looks good Dec 28 10:28:06 cya! Dec 28 10:28:33 http://repository.maemo.org/extras-devel/pool/fremantle/free/libs/libssl0.9.7/ Dec 28 10:28:34 if we have versioned libssl and libcrypto packages then it's not a problem Dec 28 10:28:41 dear LORD Dec 28 10:29:27 and NO openssl package Dec 28 10:29:38 funny as it is Dec 28 10:29:49 no libcrypto either Dec 28 10:29:58 can someone with a handy access to a n900 right now do an apt-cache rdepends openssl Dec 28 10:30:06 KotCzarny: those are not in extras, obviously Dec 28 10:30:31 lets check nssu mirror then Dec 28 10:30:38 (im too lazy to reach for my n900) Dec 28 10:30:54 http://maemo.org/packages/view/openssl/ doesn't do rdepends Dec 28 10:30:56 http://sprunge.us/QSRF Dec 28 10:31:14 why the hell does libssl depend on openssl Dec 28 10:31:20 openssl provides libssl Dec 28 10:31:23 it may be split up Dec 28 10:31:36 Nokia-N900:~# apt-cache rdepends libssl Dec 28 10:31:36 Dec 28 10:31:47 did you compile 0.9.8 for yourself? Dec 28 10:31:51 fucking nokia bullshit Dec 28 10:32:10 well that is actually a problem Dec 28 10:32:21 but i guess it's a problem that has to be fixed at some point Dec 28 10:32:29 in cssu probably Dec 28 10:32:35 well yes Dec 28 10:32:45 as jonwil suggested repackaging/recompiling things Dec 28 10:32:59 in theory we don't need cssu for libssl1.0.2 and libcrypto1.0.2 Dec 28 10:33:35 does the interface really changes between minor versions? Dec 28 10:33:40 but to get them to be used, we need an update to the sdk Dec 28 10:33:40 why not just libssl1 Dec 28 10:33:48 KotCzarny: the minor version is the letter Dec 28 10:33:57 1.0.1 and 1.0.2 are not abi-compatible Dec 28 10:34:15 so you will have to recompile EVERY package or keep fuckton of libssl versions? Dec 28 10:34:24 fuckton = 2 Dec 28 10:34:26 on every libssl update? Dec 28 10:34:41 1.0.2 is the major version Dec 28 10:34:52 1.0.2a 1.0.2b 1.0.2c... are abi-compatible Dec 28 10:34:56 what would happen with 1.0.3 ? or 1.1.0 ? Dec 28 10:35:00 there's no 1.0.3 Dec 28 10:35:04 1.1.0 is also not abi-compatible Dec 28 10:35:14 what would happen on 1.1.1 ? Dec 28 10:35:42 openssl 1.0.2 was released on january 2015 Dec 28 10:35:59 openssl 1.1.0 entered prealpha a couple weeks ago Dec 28 10:36:16 KotCzarny: 1.1.1 is likely not going to be abi-compatible with 1.1.0 Dec 28 10:36:21 stuff changes Dec 28 10:36:36 so, recompile every package relying on libssl on every libssl change Dec 28 10:36:41 sure Dec 28 10:36:47 fun Dec 28 10:36:50 it's not manual labor Dec 28 10:36:56 a compiler does that for you Dec 28 10:37:12 what about packages not maintained by cssu? Dec 28 10:37:25 they're going to stay on 0.9.8 Dec 28 10:38:17 btw. 1.x is api compatible with 0.9.x? (ie. recompilation is enough) Dec 28 10:38:26 they're mostly api-compatible with each other Dec 28 10:39:51 How many packages not maintained by CSSU will depend on 0.9.8? I can't imagine lots. Dec 28 10:40:07 xchat has been broken for quite a while now Dec 28 10:40:10 because it forces ssl3 Dec 28 10:40:17 which is not actually usable anymore Dec 28 10:40:42 so it's not like the packages are perfectly working with 0.9.8, anyway Dec 28 10:42:10 11:33 < kerio> 1.0.1 and 1.0.2 are not abi-compatible Dec 28 10:42:12 are you sure? Dec 28 10:42:22 yes Dec 28 10:42:25 I upgraded from 1.0.1 to 1.0.2 on my gentoo and didn't recompile anything Dec 28 10:42:39 they are even in the same slow Dec 28 10:42:41 slot* Dec 28 10:42:45 [I] dev-libs/openssl Available versions: (0.9.8) 0.9.8z_p7^d ~0.9.8z_p8^d (0) 1.0.1p^d ~1.0.2a^d ~1.0.2b^d ~1.0.2c^d 1.0.2d^d ~1.0.2d-r2^d 1.0.2e^d Dec 28 10:43:05 If they are not compatible ABI wise, gentoo would have made a new slot Dec 28 10:43:07 oh nvm maybe i suck cocks Dec 28 10:43:14 :) Dec 28 10:43:24 Minor releases that change the last digit, e.g. 1.0.1 vs. 1.0.2, can and are likely to contain new features, but in a way that does not break binary compatibility. Dec 28 10:44:00 oh, fun, libssl 0.9.8z Dec 28 10:44:07 z is quite old Dec 28 10:44:10 we're at ze i think Dec 28 10:44:22 zh Dec 28 10:44:31 ...we should upgrade to zh Dec 28 10:44:33 can at least someone compile 0.9.8zWHATEVER into extras? Dec 28 10:44:42 *cssu Dec 28 10:44:45 they already are Dec 28 10:45:04 extras would benefit people without cssu Dec 28 10:45:16 extras is not a system repository Dec 28 10:45:42 extras is absofuckinglutely not the place to put an updated openssl into Dec 28 10:45:45 otoh, f*ck people who didnt update and release fremantle-1.4cssu Dec 28 10:45:52 KotCzarny: people should just switch to cssu :) Dec 28 10:46:13 cssu-testing is at 0.9.8zf Dec 28 10:46:17 because really, fremantle-1.3.1 was LONG time ago Dec 28 10:46:18 so we're missing two security updates Dec 28 10:46:41 we need roadmap for cssu! Dec 28 10:46:45 KotCzarny: yeah but we have like 1.5 full-time devs Dec 28 10:46:48 with releases every 6 months Dec 28 10:47:22 oh man, httpredir.debian.org is so weird Dec 28 10:47:25 i bet 1.5ftdev would be enough for a release in 5 year period Dec 28 10:47:36 the mirror keeps changing as apt-get downloads packages Dec 28 10:48:37 anyway, NOTE: WE ANTICIPATE THAT 1.0.0t AND 0.9.8zh WILL BE THE LAST RELEASES FOR THE 0.9.8 AND 1.0.0 VERSIONS AND THAT NO MORE SECURITY FIXES WILL BE PROVIDED (AS PER PREVIOUS ANNOUNCEMENTS). USERS ARE ADVISED TO UPGRADE TO LATER VERSIONS. Dec 28 10:49:06 it's a shame we're going to upgrade openssl to something without chacha20, but meh Dec 28 10:49:11 maybe they'll backport that onto 1.0.2 Dec 28 10:49:37 (it's the only reasonable non-hardware-accelerated cipher) Dec 28 10:54:01 kerio: what do you mean Dec 28 10:54:08 kerio: why would people not pick 1.0.2? Dec 28 10:54:20 1.1.0 will support chacha20-poly1305 Dec 28 10:54:41 idk about 1.0.2 Dec 28 10:54:42 or get libressl to make it more messy :P Dec 28 10:54:52 kerio: pretty sure it supports it Dec 28 10:54:55 that's also an option, since we're breaking abi-compatibility anyway Dec 28 10:55:00 1.0.2 mainline doesn't Dec 28 10:55:11 there's a 1.0.2 fork that does, so it's definetely possible Dec 28 10:55:19 Host * Ciphers aes256-ctr,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com MACS hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256 Dec 28 10:55:33 that's ssh you dolt Dec 28 10:55:36 works on 1.0.2 (openssl) and openssh7.1 Dec 28 10:55:42 Doesn't ssh use openssl for this? Dec 28 10:55:46 not for chacha20 Dec 28 10:55:54 in fact, it's the only available cipher if you compile without libcrypto Dec 28 10:55:57 Right - you mean for TLS? Dec 28 10:56:00 yep Dec 28 10:56:04 okay, my bad :) Dec 28 10:56:24 also you should definetely put chacha20-poly1305 as your first cipher Dec 28 10:56:39 in the ssh protocol the client decides Dec 28 10:56:51 I am not unhappy with AES ;-) Dec 28 10:57:12 as implemented by openssh, chacha20poly1305 is slightly more secure Dec 28 10:57:16 the packet sizes are also encrypted Dec 28 10:57:25 which is pretty crazy Dec 28 10:57:42 is this on your computer or your n900? Dec 28 10:57:53 if it's your computer then using aes is understandable Dec 28 10:58:04 (but you should put aes-gcm over aes-ctr) Dec 28 10:58:32 The latter is my arm chromebook Dec 28 10:59:16 then you should most definetely put chacha20 before aes Dec 28 10:59:35 aes is pretty crummy without hardware acceleration :c Dec 28 11:00:54 Wizzup: it's not a conclusive test, but if you manage to find a libressl or an openssl 1.0.2-chacha, could you run `openssl speed -evp aes-128-gcm` and `openssl speed -evp chacha20`? Dec 28 11:01:11 sorry, openssl speed -evp chacha Dec 28 11:01:51 hehe, and to be even more n900-realistic, do it without hardfloat Dec 28 11:02:15 n900 supports hf Dec 28 11:02:18 it's just that maemo is not Dec 28 11:02:22 yes Dec 28 11:02:27 >floats Dec 28 11:02:29 >crypto Dec 28 11:02:32 u wot m8 Dec 28 11:03:20 I will start using libressl when gentoo unmasks it for arm Dec 28 11:03:28 if I was on intel I'd already start using it. Dec 28 11:03:45 there's some software compatibility issues Dec 28 11:03:52 it's always pretty simple stuff, but still Dec 28 11:03:52 Not enough to bother me ;-) Dec 28 11:04:04 a missing include here, a missing #ifdef there Dec 28 11:04:17 gentoo patched/fixed most iirc Dec 28 11:04:51 i would imagine that openbsd fixed most Dec 28 11:05:05 considering that they don't have openssl anymore Dec 28 11:05:08 :3 Dec 28 11:06:22 Wizzup: `openssl speed -evp aes-128-gcm` on your chromebook? Dec 28 11:07:26 The 'numbers' are in 1000s of bytes per second processed. Dec 28 11:07:27 type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes Dec 28 11:07:27 aes-128-gcm 25792.88k 30015.20k 36974.36k 39912.37k 40617.98k Dec 28 11:08:55 dear lord Dec 28 11:09:25 ? Dec 28 11:09:25 that right there is the reason why google is using chacha20-poly1305 for tls Dec 28 11:09:32 :) Dec 28 11:09:45 I have four cores, and never push out this much data anyway Dec 28 11:09:47 you're getting 40MB/s, i'm getting 1.3GB/s Dec 28 11:09:52 AES-NI. Dec 28 11:09:55 No doubt Dec 28 11:09:58 indeed Dec 28 11:09:58 aes-128-gcm 38158.76k 42308.12k 43319.21k 43606.70k 43929.94k Dec 28 11:10:02 this is on coreduo Dec 28 11:10:13 which is, well, old Dec 28 11:11:00 Wizzup: do you have a toolchain on the device? Dec 28 11:11:01 aes-128-gcm 8372.02k 9347.86k 9743.87k 9846.78k 9874.09k Dec 28 11:11:08 and this is on banana pi r1 Dec 28 11:11:15 (clocked at 720mhz) Dec 28 11:11:21 oh are we racing to the bottom? Dec 28 11:11:47 kerio: the chromebook? Dec 28 11:11:48 aes-128-gcm 7643.64k 9001.69k 9388.59k 9547.02k 9571.08k Dec 28 11:11:50 on sheevaplug Dec 28 11:11:52 Wizzup: yea Dec 28 11:12:08 It runs gentoo hardened Dec 28 11:12:17 you should totally compile libressl and run the benchmarks to fulfill my curiosity Dec 28 11:12:18 (so, yes) Dec 28 11:12:24 well, later :) Dec 28 11:12:29 nu :c Dec 28 11:12:31 if I have time I will first set up SB and IDA Dec 28 11:12:38 http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.3.1.tar.gz Dec 28 11:12:49 no libressl in debian repos Dec 28 11:12:50 you don't need to install it at the system level Dec 28 11:12:58 just compile it and run ./apps/openssl speed -evp chacha Dec 28 11:13:15 KotCzarny: how's the bananapi? Dec 28 11:13:24 i was kinda interested in the router-like one Dec 28 11:13:27 amazingly stable Dec 28 11:13:32 the one with space for a 3.5" hd Dec 28 11:13:35 i have only 10mbit at home tho Dec 28 11:13:41 p.s. the chromebook is cheap http://linux-exynos.org/wiki/Samsung_Chromebook_2_XE503C32 Dec 28 11:13:49 so you can always get one yourself ;-) Dec 28 11:13:53 but dont get banana Dec 28 11:13:58 it has too many issues Dec 28 11:14:06 KotCzarny: tolya :) Dec 28 11:14:07 grab olinuxino and gbit switch/router Dec 28 11:14:31 wizzup, but works good enough for me, i've already replaced my 2x x86 + 2x gbit switch setup Dec 28 11:14:42 what kernel version? Dec 28 11:14:46 KotCzarny: but it's got linux right in the name Dec 28 11:14:49 now i have single machine that does routing, switching, audio, nas etc Dec 28 11:14:54 and linux sucks Dec 28 11:14:59 wizzup: legacy Dec 28 11:15:05 Linux lamobo 3.4.110-sun7i #2 SMP PREEMPT Sat Nov 28 19:53:25 CET 2015 armv7l GNU/Linux Dec 28 11:15:05 KotCzarny: 3.4.x Dec 28 11:15:07 k Dec 28 11:15:24 hm, the olinuxino is an A8 at least Dec 28 11:15:26 i'll switch to mainline somewhere around 4.5 Dec 28 11:15:47 as it will have audio and other features done for my banana Dec 28 11:16:16 kerio: olinuxino's are allwinner a10 and a20 (so probably A8) Dec 28 11:16:19 kerio, you have basically 2 options, if you want sata, grab a20 based thingie Dec 28 11:16:24 a20 is a7 Dec 28 11:17:37 the other option would be getting a83t based (without single hub and 4 real usb ports) and raiding on usb-uas Dec 28 11:17:56 hm, considering that i already have a usb drive... Dec 28 11:17:57 unless you have dedicated nas box Dec 28 11:18:09 usb drive < uas-usb Dec 28 11:18:35 30-35M < 35-40M Dec 28 11:18:36 yeah but having real usb ports still helps Dec 28 11:18:45 http://linux-sunxi.org/A20 Dec 28 11:18:48 ...are you missing a zero Dec 28 11:19:17 its all on usb2 Dec 28 11:19:29 it will be even more of a difference on usb3 Dec 28 11:19:40 right Dec 28 11:19:51 kerio: the olinuxino things are quite well built imho Dec 28 11:19:53 nicer than most others Dec 28 11:20:12 i guess i'll wait Dec 28 11:20:17 i'm changing internets soon Dec 28 11:20:19 but get the proper LIME ones Dec 28 11:20:22 idk what i'm getting Dec 28 11:20:27 but i'll likely have to use the ISP-provided modem Dec 28 11:20:32 https://www.olimex.com/Products/OLinuXino/A20/A20-OLinuXIno-LIME2/open-source-hardware Dec 28 11:20:35 this is the one I use Dec 28 11:21:04 http://linux-sunxi.org/Olimex Dec 28 11:21:34 hm Dec 28 11:21:43 why would i buy something like this instead of a beaglebone, though? Dec 28 11:21:54 beaglebone is way less powerful, but also cute Dec 28 11:22:10 olimex is the only real oshw company Dec 28 11:22:17 hm, dual core A7 Dec 28 11:22:18 and they support their boxes Dec 28 11:22:22 oh and sata Dec 28 11:22:43 yeah ok this a20 olinuxino is the current winner to replace my current home server Dec 28 11:22:54 a20 has inherent problem with sata, max is 200/50M (read/write) Dec 28 11:23:04 :\ Dec 28 11:23:18 it affects all boxes, not only bananas Dec 28 11:23:47 KotCzarny: weird that the write would be slower than the read Dec 28 11:23:50 but those boxes are so cheap you should get one just for funsies Dec 28 11:23:51 KotCzarny: are you sure that is with DMA? Dec 28 11:24:07 also I use several HDDs in raid1 btrfs over USB2. still no performance issues. Dec 28 11:24:18 ah yes Dec 28 11:24:23 i also really want freebsd support Dec 28 11:24:25 I guess I don't have a need to write 50MB+/s Dec 28 11:24:31 Freebsd supports some allwinners for sure. Dec 28 11:24:39 i need to check that Dec 28 11:24:40 I also know they support some exynos' things Dec 28 11:24:46 because i'm not going to use those silly toy filesystems Dec 28 11:24:47 well, my old x86 (c7@1ghz) also did ~40-50M/s max Dec 28 11:24:59 and its enough for my need, so its not that i need more Dec 28 11:25:01 although 1gb of ram is very little :c Dec 28 11:25:02 *needs Dec 28 11:25:03 kerio: *cough* Dec 28 11:25:12 kerio: for toy filesystems it is enough Dec 28 11:25:13 ;-) Dec 28 11:25:17 i have seen the light, Wizzup Dec 28 11:25:34 you can run btrfs with mainline on them Dec 28 11:25:36 zfs is my personal lord and saviour Dec 28 11:25:39 that's fine, no need to rant about it to others :) Dec 28 11:25:46 I know zfs is very nice Dec 28 11:25:56 it eats ram like crazy, though Dec 28 11:25:57 it's just that btrfs is way easier to set up and I want a secure system Dec 28 11:26:03 freebsd doesn't offer half as much as grsecurity+linux does Dec 28 11:26:16 ayy lmao Dec 28 11:26:50 hm, do i care about the 4gb flash on the olinuxino Dec 28 11:27:12 +sd slot Dec 28 11:27:22 there is 4gb nand if you pay more Dec 28 11:27:29 not that much more Dec 28 11:27:29 beware: I do not yet have nand working on mainline Dec 28 11:27:34 and on the legacy kernel it's a bit of a pain. Dec 28 11:27:42 so I stick to sd cards only for now Dec 28 11:28:18 my system is still in customizing state Dec 28 11:28:31 but it works amazingly well Dec 28 11:28:44 thought that it will be unstable, but it's not Dec 28 11:28:53 KotCzarny: no, the model without the nand still has a usd slot Dec 28 11:29:00 yes Dec 28 11:29:07 kerio, yes, and one with nand also has sdslot Dec 28 11:29:13 which means more storage options Dec 28 11:29:28 i don't see it listed here https://www.olimex.com/Products/OLinuXino/A20/A20-OLinuXIno-LIME2-4GB/open-source-hardware Dec 28 11:29:55 just the one microsd slot Dec 28 11:30:47 yes, nand + microsd slot + sata + usb Dec 28 11:31:13 another cute option is that they have onboard charger for li-ion Dec 28 11:31:38 i already ordered me 18650 and a holder Dec 28 11:32:30 and if you are silly enough, you can add lcd (with touchscreen) and keyboard Dec 28 11:35:37 but the best part is having current glibc/gcc Dec 28 11:36:42 also, r1 switch is supporting hw vlans, which is nice for my crazy config Dec 28 11:36:55 2x wan, 3x lan Dec 28 11:38:46 wizzup, do you know how durable is that nand? Dec 28 11:39:10 no, I never used it. I never trust nand much Dec 28 11:39:32 where did you put your / then? Dec 28 11:39:36 sata? Dec 28 11:39:41 for some? SD. For others: SSD Dec 28 11:49:29 hi Dec 28 11:54:17 pali: ping Dec 28 11:55:26 jonwil: pong Dec 28 11:57:11 real 21m51.443s user 36m15.250s Dec 28 11:57:17 hah, libressl compiled Dec 28 11:58:12 neat that people are playing with newer openssl bits Dec 28 11:59:16 kerio: aes-128-gcm 8367.81k 9408.64k 9741.23k 9845.76k 9865.90k Dec 28 11:59:36 almost the same result Dec 28 11:59:50 erm, im stupid Dec 28 12:00:13 aes-128-gcm 4879.81k 5268.84k 5401.51k 5449.46k 5444.95k Dec 28 12:00:38 chacha 15944.60k 21795.50k 22880.68k 23189.16k 23270.74k Dec 28 12:01:03 it was compiled without any tweaking tho (ie, default cflags) Dec 28 12:29:34 kerio: with some flags added (-Ofast etc) Dec 28 12:29:38 aes-128-gcm 6009.51k 6766.70k 7017.64k 7087.10k 7102.46k Dec 28 12:29:41 chacha 16193.31k 22999.27k 24285.27k 24663.72k 24778.07k Dec 28 12:30:16 KotCzarny: can you compare `speed -evp aes-128-cbc` for libressl and the builtin openssl? Dec 28 12:31:12 libressl: aes-128-cbc 12619.07k 14438.61k 15055.19k 15214.25k 15248.04k Dec 28 12:31:21 openssl: aes-128-cbc 14222.51k 17020.05k 17958.66k 18199.55k 18323.78k Dec 28 12:31:28 weird as fuck Dec 28 12:32:37 openssl 1.0.1k-3+deb8u armhf Dec 28 12:32:41 oh Dec 28 12:32:47 i thought this was on n900 Dec 28 12:32:56 nope, all on bpi-r1 Dec 28 12:32:58 yea then it's likely just a matter of enabling optimizations Dec 28 12:33:11 like -O3 -funroll-loops and the like Dec 28 12:34:16 anyone know where I can get libgtkadi-dev (for maemo) from? Its not in the SDK repos and I cant get libgtkadi to compile locally for some reason Dec 28 12:34:37 the reason is probably too old libgtk Dec 28 12:34:49 try compiling newer libgtk and linking statically Dec 28 12:35:17 no, I am using libgtkadi from maemo repos Dec 28 12:35:28 maemo SDK repo includes libgtkadi source and binary Dec 28 12:35:33 but no libgtkadi-dev package Dec 28 12:35:35 and I need that Dec 28 12:36:00 then just compile it on pc, do make DESTDIR=/tmp/adi install and grab the headers? Dec 28 12:37:24 kerio, i would try sb build, but it's on the disconnected hdd for now Dec 28 12:38:40 also, i think one could expect results ~20% lower on n900 and ~30% higher on stock clocks for a20 Dec 28 13:07:20 i'm not happy anymore with my ssl build :( Dec 28 13:07:27 i'm getting into problems i don't know how to solve Dec 28 13:41:22 http://talk.maemo.org/showthread.php?p=1492799#post1492799 Dec 28 13:42:42 hmm, why a new thread? Dec 28 13:42:51 (but thx nonetheless :) Dec 28 14:08:24 why would there be extra maemo patches apart for maybe the packaging ones Dec 28 14:40:16 ok, i got openssl to build .deb packages on sbox-FREMANTLE_X86 :) Dec 28 14:40:39 now i'm happier than an hour ago Dec 28 14:40:46 :> Dec 28 14:43:47 why on _X86? Dec 28 14:44:04 because why not Dec 28 14:44:09 that's where i started Dec 28 14:44:13 ah Dec 28 14:44:17 okay Dec 28 14:44:35 i've just changed to sbox-FREMANTLE_ARMEL and it in facts seems to finish early with some error Dec 28 14:46:33 test BN_mod_exp_mont_consttime Dec 28 14:46:33 unable to dump 00150800 Dec 28 14:46:33 make[2]: *** [test_bn] Error 126 Dec 28 14:56:33 reminds me of https://mg.pov.lt/maemo-ssu-irclog/#maemo-ssu.2015-01-24.log.html (see bottom) Dec 28 14:58:02 i think i've just disabled unit testing Dec 28 14:58:14 maybe it's something related to the cross compilation and scratchbox Dec 28 14:58:35 failing tests isnt a good sign tho Dec 28 14:58:35 gotta go now, i'll leave that building and maybe later tonight i can report some progress Dec 28 14:59:31 KotCzarny: I'm quite sure it's qemu-related Dec 28 14:59:51 its a possibility Dec 28 15:00:02 sb's qemu is old Dec 28 15:00:18 (i've managed to use current one with a little hack) Dec 28 15:44:46 moin :) Dec 28 17:07:25 ehm.. I totally forgot, perl6 was released!!! Dec 28 17:07:27 https://twitter.com/TimToady/status/680511168713064448 Dec 28 17:07:37 who uses perl anyway? Dec 28 17:07:45 http://perl6.org/ Dec 28 17:07:54 KotCzarny: me :-) Dec 28 17:07:57 :) Dec 28 17:09:59 ...language with full unicode support Dec 28 17:10:17 have you ever tried coding in mandarin? Dec 28 17:10:38 unicode string representail Dec 28 17:10:44 *representation Dec 28 17:11:02 on another note, getting segv in ao_shutdown(), wth Dec 28 17:15:42 Pali: python had unicode support for ages Dec 28 17:16:10 kerio: but not unicode graphemes Dec 28 17:16:28 who needs unicode anyway (apart from teens using icon ilanguage) Dec 28 17:16:36 Pali: as in? Dec 28 17:16:44 kerio look: http://jnthn.net/papers/2015-spw-nfg.pdf Dec 28 17:17:33 U+0044 U+0323 U+0307 is LATIN CAPITAL LETTER D COMBINING DOT BELOW COMBINING DOT ABOVE Dec 28 17:17:39 it is one letter Dec 28 17:17:58 that's three codepoints Dec 28 17:18:09 :\ Dec 28 17:18:13 but one grapheme Dec 28 17:18:16 so what Dec 28 17:19:54 KotCzarny: everybody who does not use just ascii Dec 28 17:20:10 pali, dont mind me, i'm just kidding Dec 28 17:20:15 yeah that's pretty much everyone except english speakers :| Dec 28 17:20:38 like, native english speakers with non-foreign origin on their paternal side Dec 28 17:20:51 but seriously, unicode attempted to be new chinese Dec 28 17:21:02 ie. representing everything it can Dec 28 17:21:33 and introducing so much redundancy in the process Dec 28 17:21:34 unicode represents everything written Dec 28 17:21:45 and it doesn't care about what you think is redundant Dec 28 17:21:46 kerio, how about pictograms? Dec 28 17:21:50 those are drawn, not written Dec 28 17:22:04 i think there's linear A characters Dec 28 17:22:11 and those are dubious Dec 28 17:22:21 but then again, there's also emoji Dec 28 17:22:23 ¯\_(ツ)_/¯ Dec 28 17:22:40 told you, drawings Dec 28 17:22:46 ツ is japan Dec 28 17:23:03 and others ascii Dec 28 17:24:17 idk about the ¯ Dec 28 17:31:10 i may dust off my SB, but not making solemn promise, lol Dec 28 17:31:19 aw .. sorry about that Dec 28 19:44:41 openssl has built for armel, provided tests are skipped Dec 28 19:44:41 i guess i should check why the test fails and try to fix it Dec 28 19:47:41 or at least run the test on the n900, in case it's qemu's fault Dec 28 19:47:41 build on device and check? Dec 28 20:15:59 DocScrutinizer05: do you have a source on the OMAP4 randomly missing interrupts? Dec 28 20:17:59 well, I heard the whole sad story while fixing/patching the drivers for an interface which hung each time the IRQ got lost Dec 28 20:18:19 hmm Dec 28 20:19:41 I also *heard* that TI closed the ticket as "WONTFIX, gets fixed in $omap5 " Dec 28 20:19:56 DocScrutinizer05: FIQ heard that from me and wanted an actual source Dec 28 20:20:20 sorry, I couldn't find any sources for it myself Dec 28 20:20:57 well, if its a hw bug, you can only write a workaround anyway Dec 28 20:21:20 err, wait. I *think* I've seen some "wake IRQ getting lost while PVR active" or similar ticket a long time ago Dec 28 20:21:22 you cant really "fix" it Dec 28 20:21:34 bencoh: yep Dec 28 20:23:51 anyway we inlemented a workaround in modem, repeating the IRQ wiggling of http://mipi.org/specifications/high-speed-synchronous-serial-interface-hsi when there occurred a timeout Dec 28 20:24:11 "we"? Dec 28 20:24:18 ST-E Dec 28 20:25:43 ST electronics? Dec 28 20:25:46 we deployed that fix/patch/botch to half a dozen customers who used omap4 in their phones together with our modem Dec 28 20:25:58 ST-Ericsson Dec 28 20:26:04 ah, right Dec 28 20:27:11 the bug tickets always been "your modem stops talking to our APE processor" - sure it stops talking when the APE doesn't react to an IRQ Dec 28 20:29:02 actually the thing would recover when APE would start talking via HSI. But since it usually doesn't, eventually the 'syslog' of the modem was full and the modem 'coredumped' Dec 28 20:30:34 and to make things more funny, since 'syslog' was via HSI to APE and got stored on APE side, never anything useful shown up in 'syslog' before the modem 'coredumped' Dec 28 20:32:56 sounds like omap4 is 'dont buy it' flag Dec 28 20:34:36 the tests run fine on the n900! Dec 28 20:35:02 we got openssl1.0.2! :D Dec 28 20:35:24 ceene, compile ssh against it and test? Dec 28 20:36:40 that's probably quite complex. i want to try first with something simpler, telnet-ssl or something like that, socat or whatever, that'll let me test it against known https siites Dec 28 20:36:40 \o/ Dec 28 20:36:54 there is always sconnect Dec 28 20:36:55 but it should definitely work :) Dec 28 20:37:05 use it to connect to some https Dec 28 20:37:09 for today that's gonna be all Dec 28 20:37:15 kerio: does this info help you? Dec 28 20:37:41 tomorrow I'll ask whou should I talk to in order to get this for everyone Dec 28 20:37:43 ceene: you have the openssl tool itself Dec 28 20:37:43 also, keep in mind openssl1.1.0 is to be released soon, so why not jump onto newer/better/shinier boat Dec 28 20:38:13 KotCzarny: because nothing supports 1.1.0 yet Dec 28 20:38:25 and 0.9.8 is EOL Dec 28 20:38:25 kerio, is it api incompatible ? Dec 28 20:38:29 kerio: if FIQ wants to know more, he rather queries me, I already was too talkative about details Dec 28 20:38:49 DocScrutinizer05: oh, it's seekrit stuff? Dec 28 20:38:59 well, sort of Dec 28 20:39:01 anyway, ty Dec 28 20:39:13 yw Dec 28 20:39:14 KotCzarny: yes Dec 28 20:39:17 well, I'll be back tomorrow, we'll get this thing working for everyone! Dec 28 20:39:37 if someone can tell jonwil he'll be happy too Dec 28 20:39:47 cya! Dec 28 20:40:26 I only told you hearsay mostly, which is OK. I however shouldn't disclose details of my own work at employers Dec 28 20:41:45 Version 1.0.2 will be supported until 2019-12-31. Dec 28 20:41:54 oh, well, at least that buys us some time Dec 28 20:42:18 even the MIPI HSI specs are 'sekrit' Dec 28 20:42:55 ceene: "openssl s_client" Dec 28 20:43:01 >>Specifications are available to MIPI members only<< Dec 28 20:43:19 that'll be simpler than trying to build socat or any other ssl-dependant tool Dec 28 20:49:28 I see that I've been highlighted Dec 28 20:49:58 DocScrutinizer05, sorry, I didn't mean to ask if it is secret stuff Dec 28 20:50:15 I just wanted to read a bit more about it is all Dec 28 20:52:54 not secret, just the usual "confidential" Dec 28 20:53:52 which I dunno if it's 2 or 3 or even 5 years I'm supposed to act accordingly Dec 28 20:55:34 I just wonder why I never found any SiErr notice from TI about all that Dec 28 21:44:56 Hmm, fsck 'corrected' 3 files, and seem to think that there is nothing else to be done. Suspiciously fast... Going into reboot to have MyDocs mounted back Dec 28 21:51:56 Of course, the 'corrected' files are not-working henceforth. Not sure if they were working before that, though... Dec 28 21:55:50 Hmm, recovered one file by web-searching for the info again. Others two, vidos recorded by device's camera, would @ave no such luck. Dec 28 21:57:57 hi Dec 28 21:58:56 hello Dec 28 22:31:56 we need to find someone who knows enough about openssl to figure out just what the local patches in the maemo openssl0.9.8n are for and which ones we would need going forward... Dec 28 22:32:22 how many patches are there? Dec 28 22:32:43 I dont know what differences/patches there are Dec 28 22:33:47 I am going to take a look and find out Dec 28 22:50:08 hmmm, I cant make sense of all this Dec 28 22:57:18 Nice, links? Dec 28 22:58:09 nice what? Dec 28 23:08:35 well one of them is actually harmful Dec 28 23:09:08 12_valgrind.patch Dec 28 23:45:59 Nice idea, to upgrade openssl. And opening links is way easier than finding them... Dec 28 23:59:28 mmm, openssl. When You guys finish. I can port it to n800 too Dec 29 00:44:14 bah, I cant find the source code to upstream openssl (debian version 0.9.8n-1) **** ENDING LOGGING AT Tue Dec 29 02:59:58 2015