**** BEGIN LOGGING AT Wed Dec 07 03:00:00 2016
Dec 07 11:05:25 <xes> http://motherboard.vice.com/read/hacker-claims-to-push-malicious-firmware-update-to-32-million-home-routers
Dec 07 11:08:11 <Wizzup> heh.
Dec 07 11:08:34 <KotCzarny> he just works for the manufacturers
Dec 07 11:08:41 <KotCzarny> that want to sell more more more
Dec 07 11:09:01 <warfare> This is why I run my own router and don't trust the stuff my ISP wants to give me. 
Dec 07 11:09:24 <KotCzarny> but it might be some silly news site
Dec 07 11:16:44 <xes> https://badcyber.com/new-mirai-attack-vector-bot-exploits-a-recently-discovered-router-vulnerability/
Dec 07 11:18:04 <DocScrutinizer05> >>TR-064 protocol<< ??
Dec 07 11:20:04 <DocScrutinizer05> oohfsck  https://avm.de/fileadmin/user_upload/Global/Service/Schnittstellen/AVM_TR-064_overview.pdf
Dec 07 11:20:46 <DocScrutinizer05> how many of that TR crap exists?
Dec 07 11:21:33 <warfare> TR-069 for wan side, TR-064 for the lan side as an alternative to UPNP & stuff. 
Dec 07 11:22:19 <DocScrutinizer05> oooh LAN side
Dec 07 11:22:41 <DocScrutinizer05> so those twits exposed TR-054 to WAN?
Dec 07 11:22:52 <DocScrutinizer05> 64*
Dec 07 11:23:01 <warfare> Apparently, yes. 
Dec 07 11:23:12 <DocScrutinizer05> :-((
Dec 07 11:26:17 <xes> DocScrutinizer05: they want give you the sensation that even at home you are not alone ;)
Dec 07 11:27:15 <DocScrutinizer05> woudn't TR-054 show up in a full portrange nmap?
Dec 07 11:27:24 <DocScrutinizer05> 64* dang
Dec 07 11:29:50 <DocScrutinizer05> or is it protected by stuff like port-knocking?
Dec 07 11:30:11 <DocScrutinizer05> or UDP key
Dec 07 11:31:04 <warfare> DocScrutinizer05: https://avm.de/fileadmin/user_upload/Global/Service/Schnittstellen/AVM_Technical_Note_-_Konfiguration_ueber_TR-064.pdf
Dec 07 11:31:38 * Wizzup wonders if his fritzbox is OK ;) 
Dec 07 11:31:46 <Wizzup> at least I have openwrt between fritzbox and LAN
Dec 07 11:36:27 <DocScrutinizer05> hmm, they claim access via TR-064 isn't possible when you have a password set on Fritte
Dec 07 11:36:45 <DocScrutinizer05> they also seem to say access is via port 443
Dec 07 11:37:45 <DocScrutinizer05> then I'm a happy camper since tcp port 443 is closed on my frontend router
Dec 07 11:39:43 <Wizzup> it's forwarded to my home server
Dec 07 11:41:36 <DocScrutinizer05> only ssh access to my LAN
Dec 07 11:41:40 <DocScrutinizer05> ;-)
Dec 07 11:42:23 <DocScrutinizer05> well, and a few forwarded ports with no active service
Dec 07 11:42:34 <DocScrutinizer05> like 10000 for STUN
Dec 07 11:42:58 <DocScrutinizer05> 5060
Dec 07 11:43:07 <DocScrutinizer05> (actually active)
Dec 07 11:44:05 <DocScrutinizer05> just waiting for some hacker finding an exploit for/in _that_
Dec 07 11:44:46 <DocScrutinizer05> I'd be surprised if it had no buffer overflows or anything else at all
Dec 07 11:46:24 <DocScrutinizer05> sucks when you have SIP daemon and WLAN and possibly even router on same CPU
Dec 07 11:46:36 <DocScrutinizer05> and same NIC
Dec 07 11:54:27 <DocScrutinizer05> warfare: https://de.wikipedia.org/wiki/Hackerangriff_auf_DSL-Router_am_27._November_2016
Dec 07 11:54:56 <DocScrutinizer05> >>Ziel des Angriffs war der Aufbau einer Verbindung mittels Fernwartungsprotokoll (TR-069) und das Einschleusen einer Schadsoftware über einen in der TR-069-Spezifikation nicht vorgesehenen Befehl des TR-064-Protokolls...<<
Dec 07 11:57:24 <DocScrutinizer05> anyway http://paste.opensuse.org/72514013 I think I'm safe
Dec 07 11:57:49 <DocScrutinizer05> no, my IP changed since ;-)
Dec 07 12:39:24 <sixwheeledbeast> I wouldn't use an ISP provided router myself
Dec 07 12:41:18 <DocScrutinizer05> never did
Dec 07 12:43:06 <DocScrutinizer05> what I'm worried most about are my LAN devices with proprietary firmware, like printer, home automation, whatnot
Dec 07 12:45:07 <DocScrutinizer05> my printer even has a NTP built in, it does a nozzle clean every day 12:00 noon
Dec 07 13:00:20 <sixwheeledbeast> IMO CCTV is the most vulnerable IP device in a home. DVR's are basically out of date Linux machines, that can watch your every move.
Dec 07 13:00:40 <KotCzarny> many cctv devices come pre-trojaned for your convenienece!
Dec 07 13:00:43 <KotCzarny> ;)
Dec 07 13:01:49 <DocScrutinizer05> I'd still use analog SAT TV if that existed
Dec 07 13:02:09 <DocScrutinizer05> akk that digital TV stuff sucks big time
Dec 07 13:02:12 <DocScrutinizer05> all*
Dec 07 13:23:04 <xes> anyway, there are devices where also the stock features could give great satisfaction...  http://www.bit-tech.net/news/hardware/2013/12/17/bt-back-door/1
Dec 07 13:24:16 <KotCzarny> got windows?
Dec 07 13:24:18 <KotCzarny> ;)
Dec 07 13:24:47 <xes> KotCzarny: read the pdf ^
Dec 07 13:25:17 <sixwheeledbeast> Yep many popular Chinese brands have back door in them
Dec 07 13:25:34 <KotCzarny> nah, i know we are backdoored
Dec 07 13:25:54 <KotCzarny> be it software, system, devices or even chips layer
Dec 07 13:26:39 <KotCzarny> and systemd just proves people dont care about security. 'it only has to boot quick' (even if you boot once a year)
Dec 07 13:28:30 <buZz> fritzbox is diarrea anyway
Dec 07 13:38:22 <Wizzup> better than all other isp-provided ones though
Dec 07 13:39:45 <buZz> possibly , not convinced that much
Dec 07 13:40:03 <buZz> telfort once gave me a zyxel router with 100% stock config, nothing preconfigured or modded
Dec 07 13:42:36 <sixwheeledbeast> systemd is a non-issue in comparison, it's open source and not mandatory. Routers and other equipment is a requirement to many.
Dec 07 13:45:36 <KotCzarny> swb: also buggy, unstable ...
Dec 07 13:45:57 <KotCzarny> now imagine what will happen when it gets included on routers
Dec 07 13:46:07 <KotCzarny> 'because it boots faster'
Dec 07 13:49:22 <sixwheeledbeast> Many of the items in this botnet is still on 2.x kernel and not updated or patched if exploits are found. I am all for init freedom but there are bigger fish that systemd for IoT IMO.
Dec 07 13:49:36 <sixwheeledbeast> s/that/than
Dec 07 13:50:11 <KotCzarny> we will see
Dec 07 13:52:45 <sixwheeledbeast> systemd is too bloated to be on routers etc for the near future.
Dec 07 13:55:47 <buZz> my last router i bought had 128MB flash already
Dec 07 13:55:56 <buZz> i dont think this will really be any issue
Dec 07 13:57:14 <DocScrutinizer05> systemd mandates writable root fs. pretty incompatible with routers that often have no real r/w fs at all
Dec 07 13:57:24 <KotCzarny> tmpfs
Dec 07 13:57:42 <KotCzarny> or dying routers ahoy
Dec 07 14:01:54 <DocScrutinizer05> buZz: you can flash all Fritz to AVM plain firmware if it comes too 'branded' 
Dec 07 14:02:14 <buZz> ooo nice
Dec 07 14:02:24 <buZz> i think we dumpsterdived couple fritz's
Dec 07 14:02:38 <DocScrutinizer05> a pity
Dec 07 14:02:41 <buZz> last time i looked they had 0 support to run OpenWRT
Dec 07 14:02:46 <buZz> but you say they do?
Dec 07 14:02:48 <DocScrutinizer05> google freetz
Dec 07 14:03:13 <buZz> freetz is just a slight mod to firmware
Dec 07 14:03:26 <DocScrutinizer05> you need the AVM pre-6.51 recovery *.exe
Dec 07 14:04:10 <buZz> so, no openwrt? i'll just consider them lost causes then
Dec 07 14:04:20 <DocScrutinizer05> no idea
Dec 07 14:04:55 <buZz> ah no, actually a couple are supported a bit
Dec 07 14:05:09 <DocScrutinizer05> they come with a number of blobs, just like maemo ;-)
Dec 07 14:05:48 <DocScrutinizer05> the newer ones for example have offload (hw accel for packet routing)
Dec 07 14:06:07 <DocScrutinizer05> I don't think that's FOSS
Dec 07 14:06:07 <buZz> looks like nearly all of them are highly unrecommended openwrt platforms :P
Dec 07 14:06:33 <DocScrutinizer05> sure, aiui openwrt is best on very basic hw
Dec 07 14:07:02 <DocScrutinizer05> I don't see openwrt work fine with e.g. the DECT in mine
Dec 07 14:07:21 <buZz> ah DECT <3
Dec 07 14:07:36 <buZz> i still need to grab me a couple of those CardBus DECT sniffers
Dec 07 14:09:24 <kerio> should i spend like 200€ for one of those super high end fritzbox routers with VDSL
Dec 07 14:09:32 <kerio> 🤔
Dec 07 14:09:43 <KotCzarny> dsl? what do you need dsl for?
Dec 07 14:11:44 <buZz> connectivity
Dec 07 14:11:58 <KotCzarny> get fibre
Dec 07 14:12:03 <buZz> countries with good phonelines can use DSL for highspeed network connectivity
Dec 07 14:12:10 <buZz> not all countries can do fibre yet
Dec 07 14:12:13 <kerio> "high speed"
Dec 07 14:12:24 <buZz> yeah, higher than a nullmodem
Dec 07 14:12:24 <kerio> 80/20 is not high speed :<
Dec 07 14:12:31 * buZz is on 10/1
Dec 07 14:12:43 <kerio> 10/1 is also not high speed :<
Dec 07 14:16:39 <buZz> ;) exactly
Dec 07 14:16:45 <buZz> but hey
Dec 07 14:16:54 <buZz> beats downloading pr0n jpegs on a 14k4 modem
Dec 07 14:21:41 <KotCzarny> mmm, dialup pr0n
Dec 07 14:22:03 <KotCzarny> where half of the fun was imagining what will be below
Dec 07 14:25:55 <buZz> KotCzarny: and -then- i would still have to dither the image for 20-30 minutes to display it on my monochrome monitor
Dec 07 14:25:58 <buZz> gud times
Dec 07 14:26:34 <KotCzarny> yeah, imagination at work
Dec 07 14:26:53 <KotCzarny> we actually had to use our brains instead of consuming ;)
Dec 07 14:27:17 <buZz> ^_^
Dec 07 14:27:37 <buZz> i love ppl that get angry at me for not helping them understand some program
Dec 07 14:27:44 <buZz> after i just linked them the manual etc
Dec 07 14:27:51 <buZz> 'CANT YOU JUST SAY HOW I SHOULD DO IT'
Dec 07 14:28:03 <buZz> 'that wouldnt help you really'
Dec 07 14:28:13 <buZz> 'OK I GIVE UP, THIS PROGRAM DOES NOT WANT USERS!'
Dec 07 14:28:17 <KotCzarny> playing games without any manual or tutorial. bah, even without knowing the game's language
Dec 07 14:33:11 <DocScrutinizer05> buZz: c'mon, you should feel happy! My users state "THAT DAMN PROGRAM SHALL JUST DO WHAT I WANT!"
Dec 07 14:33:29 <buZz> DocScrutinizer05: ah not users, these are 'friends'
Dec 07 14:33:36 <buZz> that 'work in IT so have high skills'
Dec 07 14:33:41 <KotCzarny> friends with benefits
Dec 07 14:33:58 <DocScrutinizer05> friends too, eveb gf, but no skills obviously
Dec 07 14:34:30 <buZz> ah well
Dec 07 14:35:28 <KotCzarny> simplifying everything around us would result in reducing our skills to stating 'i want that'
Dec 07 14:37:02 <buZz> they would lose denoting skills , and drop it to 'i want'
Dec 07 14:37:49 <KotCzarny> and in effect degradation, degeneration and decadentism
Dec 07 14:38:39 <KotCzarny> decadence?
Dec 07 14:38:56 <KotCzarny> dead can dance
Dec 07 19:27:06 <ymartin59> Hello. Does anyone has access to vcs.maemo.org logs to diagnose my push trouble ?
Dec 07 19:27:09 <ymartin59> git push origin 0.4.3
Dec 07 19:27:09 <ymartin59> error: Cannot access URL https://vcs.maemo.org/git/keepassx/, return code 22
Dec 07 19:27:09 <ymartin59> fatal: git-http-push failed
Dec 07 19:27:12 <ymartin59> error: failed to push some refs to 'https://vcs.maemo.org/git/keepassx'
Dec 07 19:27:15 <ymartin59>  
Dec 07 19:29:40 <KotCzarny> might be that someone has to authorize that project
Dec 07 19:30:04 <KotCzarny> dont know which one of the techstaff is able
Dec 07 19:30:10 <ymartin59> I am member of the project already
Dec 07 19:30:21 <ymartin59> I have already pushed there in 2013 and 2014
Dec 07 19:31:15 <KotCzarny> but, you dont have to post code there, regular apt with sources is sufficient
Dec 07 19:31:51 <KotCzarny> also, i think it doesnt matter if you did it before, new projects have to be authorized
Dec 07 19:32:02 <KotCzarny> (i might be wrong, but that's what my memory remembers)
Dec 07 19:32:06 <sixwheeledbeast> is *.maemo.org fully functional again?
Dec 07 19:38:37 <KotCzarny> hmm
Dec 07 19:39:07 <KotCzarny> https://vcs.maemo.org/git/?p=keepassx;a=shortlog
Dec 07 20:00:28 <ymartin59> OK... quite few more years earlier... 
Dec 07 20:01:10 <KotCzarny> are you sure you are the dev of THIS particular project and not one typo away?
Dec 07 20:01:11 <ymartin59> By the way how may I get grants to push to APT extra-devel repository ?
Dec 07 20:01:28 <KotCzarny> i think everyone can push to extras-devel
Dec 07 20:02:18 <KotCzarny> and that's the fun part of extras-devel. never ever do apt-upgrade on it ;)
Dec 07 20:02:30 <ymartin59> I logged in with my keepassx credential into project and account member is mine, sure of it: https://garage.maemo.org/projects/keepassx/
Dec 07 20:03:25 <ymartin59> KotCzarny: OK so I have to learn the right way to push into extras-devel... that is new to me
Dec 07 20:03:50 <KotCzarny> ~ping
Dec 07 20:03:56 <KotCzarny> bot is still missing. eh
Dec 07 20:04:00 <KotCzarny> check wiki
Dec 07 20:04:48 <ymartin59> Found http://wiki.maemo.org/Uploading_to_Extras-devel
Dec 07 20:04:50 <ymartin59> Thanks
Dec 07 23:16:36 <drathir> guys omp  really not support web links?
Dec 07 23:18:29 <drathir> sad that smplayer/mplayer cant use hw acceleration for playing webstreams...
**** ENDING LOGGING AT Thu Dec 08 03:00:01 2016