**** BEGIN LOGGING AT Thu Mar 09 03:00:02 2017 Mar 09 11:55:18 hmm, looks like even 35.157.6.107 no longer pings ( http://talk.maemo.org/showthread.php?t=90651&page=25 ) Mar 09 12:00:32 But do any of the IP addresses given in that post actually answer SUPL requests anymore? Mar 09 12:02:00 The 52.22.201.16 address does seem to be answering SUPL requests Mar 09 12:05:54 I don't think any of those still answer Mar 09 12:24:55 uh oh Mar 09 12:26:01 The 52.22.201.16 address seems to be answering to SUPL requests for me Mar 09 12:26:07 If I put that into /etc/hosts Mar 09 12:41:10 yes that one is working for me too (wondering for how long .. ) Mar 09 12:55:51 works with supl-client indeed Mar 09 13:02:25 All I know is that at this point I can get fast accurate GPS lock Mar 09 13:02:43 which is what matters to me Mar 09 13:03:04 I can get that lock in both maps and fahrplan :) Mar 09 13:07:37 Its unclear exactly what its doing (tcpdump capture shows no packets sent to the 52.22.201.16 address but that doesn't necessarily mean anything) but hey, it works so who cares :) Mar 09 13:07:59 Obviously at some point a new supl server is needed, one that wont go away. Mar 09 13:21:46 or if we are somehow able to make Google's work ...it used to work some long time ago Mar 09 13:23:12 I hope that maemo.org could host one. Mar 09 13:51:39 hmm Mar 09 13:51:42 $ cmcli -c common-ca -v supl.nokia.com:7275 Mar 09 13:51:43 1ad16dd494e161abd39bd94ed94bf8eafe4ede28 supl.nokia.com Verification failed: self signed certificate Mar 09 13:51:57 lol Mar 09 13:51:58 using 52.22.201.16 in /etc/hosts Mar 09 13:52:06 that's ... strange? Mar 09 13:52:33 that 52... ip is old supl.nokia one? Mar 09 13:52:53 supposed to be, yeah Mar 09 13:53:13 was symantec CA removed at some point? Mar 09 13:53:18 Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4 Mar 09 13:53:52 maybe it expired? Mar 09 13:54:00 Not After : May 15 23:59:59 2017 GMT Mar 09 13:55:02 will fail in 2 months anyway? lol2 Mar 09 13:55:24 i would start migrating from nokia's infra to something current Mar 09 13:56:54 we don't have "something current" Mar 09 13:57:07 supl.sonyericsson.com should work as well, btw Mar 09 13:57:17 apart from the unrecognized certificate Mar 09 13:57:47 (same issue as google I think) Mar 09 13:58:55 or start nudging maemo.org infra guys/council to create our own? Mar 09 14:00:12 it's not that simple Mar 09 14:00:24 nudging IS simple ;) Mar 09 14:00:29 meh :) Mar 09 14:00:44 observe! Mar 09 14:00:48 xes: *poke* Mar 09 14:00:51 it may not be simple but it needs addressing somehow Mar 09 14:01:21 we'd need to sync ephemerids/almanachs from relevant sources, find a way to parse it, and serve it in a suitable way Mar 09 14:02:25 plus I don't know of any complete opensource supl server, so one would have to write it (supl-client/supl-proxy could serve as a base / reference) Mar 09 14:02:34 KotCzarny: ? Mar 09 14:02:52 xes, do you know who should we poke regarding new service on maemo.org ? Mar 09 14:03:27 KotCzarny: warfare and me. Are you talking about supl server? Mar 09 14:03:32 yup Mar 09 14:03:52 should it go through council or not necessarily? Mar 09 14:04:12 I don't think it should go through council if it is something small like a supl server. Mar 09 14:04:37 ... we have to evaluate how manage all the data collected by the server Mar 09 14:05:18 xes: easy: disable logging ;) Mar 09 14:05:45 do you guys know of any already available servers or it would have to be written as bencoh's suggested? Mar 09 14:06:04 warfare: this no logging must be clearly declared Mar 09 14:07:28 or just declare that data stored on server is only for service needs and user agrees to it by chosing to use it? Mar 09 14:08:24 KotCzarny: none that I know of and a quick googling revealed none. Mar 09 14:08:30 KotCzarny: i remember some supl proxy tool, but i don't know any other complete supl server Mar 09 14:09:11 hmm, i have great idea, let's make the coding regatta winner code one! ;) Mar 09 14:09:16 https://www.tajuma.com/supl/supl-proxy-ex.html Mar 09 14:09:21 as a token of appreciation Mar 09 14:16:51 yeah that's the supl-proxy I was talking about Mar 09 14:17:01 but it's far from being a complete server Mar 09 14:29:37 hmm, that's crazy Mar 09 14:29:55 can't we force ssl or maemocert to just add an exception for a cert+domain?! Mar 09 14:32:04 bencoh: what is the problem? Mar 09 14:33:51 freemangordon: I just fetched certificate from supl.sonyericsson.com (using openssl s_client -showcerts), added it to maemocert using sudo cmcli -c common-ca -a result.pem Mar 09 14:34:03 cmcli -c common-ca -L |grep sony shows it Mar 09 14:34:27 but then cmcli -c common-ca -v supl.sonyericsson.com:7275 still fails Mar 09 14:34:38 hmm, woops Mar 09 14:35:12 I might know why actually ... Mar 09 14:35:21 cmcli -T common-ca -v supl.sonyericsson.com:7275 works Mar 09 14:35:26 mhm Mar 09 14:35:29 funny how -T common-ca -L doesn't show cert Mar 09 14:35:34 -c common-ca -L shows it Mar 09 14:35:46 looks like a cmcli bug to me Mar 09 14:35:56 the question is - does supl works? Mar 09 14:36:09 *work Mar 09 14:36:23 65d16a388a3264df9d6624c9ac7f273a49644346 supl.sonyericsson.com Verification failed: unable to get local issuer certificate Mar 09 14:36:29 nevermind the -T part, it still fails Mar 09 14:36:34 (works on supl.nokia.com though) Mar 09 14:36:46 what happens if you try to openns connect? Mar 09 14:36:54 *openssl connect Mar 09 14:36:57 doesn't work Mar 09 14:36:59 did format change somehow? some newer revision in supl? Mar 09 14:37:12 KotCzarny: he is unable to connect :) Mar 09 14:37:15 ahm Mar 09 14:37:24 but ... I suppose openssl s_client doesn't use maemocert anyway Mar 09 14:37:32 good ol' n900's cert fun Mar 09 14:37:38 bencoh: :nod: Mar 09 14:37:44 bencoh: are you on cssu? Mar 09 14:37:58 -stable, but yeah Mar 09 14:38:17 well, it is not "yah" because your openssl is old Mar 09 14:38:24 go thumb, it gives you quite a bit of free mem Mar 09 14:38:32 heh Mar 09 14:38:34 OpenSSL 0.9.8zf 19 Mar 2015 Mar 09 14:38:39 not that old Mar 09 14:38:43 hmm, should be ok then Mar 09 14:38:48 ;) Mar 09 14:38:53 yeah Mar 09 14:39:26 so ... cmcli does verify supl.nokia.com Mar 09 14:39:28 bencoh: could you try to connect via openssl wit dumpcerts option and pastebin the result Mar 09 14:39:37 I suspect we're missing some sony root cert Mar 09 14:39:43 we are Mar 09 14:40:17 my question is, why adding supl.sonyericsson.com cert (since I dont want to add their CA) doesn't work? Mar 09 14:41:09 looks like this is how it should be :) Mar 09 14:41:23 all the chain should be trusted Mar 09 14:41:30 http://pastebin.notk.org/pastebin.php?show=m329e9536 Mar 09 14:41:38 and you're missing the root cert Mar 09 14:41:42 and we're back to my first point Mar 09 14:41:49 why can't we add a per-domain exception?! Mar 09 14:41:59 why should I trust Sony's CA?! Mar 09 14:42:08 it's a system-wide trust ... Mar 09 14:42:27 bencoh: because root certs are system-wide AFAIK Mar 09 14:42:41 bencoh: OR... Mar 09 14:42:56 which is why I'd like to only add the domain cert itself, but... Mar 09 14:43:02 or? Mar 09 14:43:08 bencoh: any reason you don't like to to trust sony's? :) Mar 09 14:43:10 we should add sony's root CA the same way we did for those insecure symantec certs Mar 09 14:43:25 Sicelo: issuer=/C=SE/L=Lund/O=Sony Ericsson Mobile Communications AB/OU=Sony Ericsson Secure E2E Mar 09 14:43:32 are you willing to widly trust this? Mar 09 14:43:38 wildly* Mar 09 14:43:44 freemangordon: how did you add it? Mar 09 14:43:52 bencoh: https://github.com/community-ssu/maemo-security-certman/commit/e2270fac46ad2da172b42d9bcbb7fe6806b2accb Mar 09 14:44:05 freemangordon: are you referring to the CA used to sign supl.nokia.com? Mar 09 14:44:10 yes Mar 09 14:44:22 but, root cert, not the intermediate one Mar 09 14:44:30 hmm Mar 09 14:44:34 question is though .. does sony's supl provide data in a way that Maemo understands? bencoh << Mar 09 14:44:47 just add sony's root cert in etc/certs/location-proxy/ Mar 09 14:44:53 freemangordon: I don't have that here (since -stable) Mar 09 14:45:01 yes, it is new Mar 09 14:45:11 so how comes it's still able to verify it? Mar 09 14:45:18 did they fix their chain somehow? Mar 09 14:45:25 because iirc google's doesn't work due to something related to alamanc data being sent or not sent Mar 09 14:45:43 bencoh: at some point supl become broken for those using cssu-devel ;) Mar 09 14:45:50 Sicelo: that's actually what I'm willing to check Mar 09 14:45:57 freemangordon: I'm not using -devel :D Mar 09 14:46:07 Sicelo: we'll understand once we're able to connect to it Mar 09 14:46:08 (well, only importing a few packets here and there :p) Mar 09 14:46:24 bencoh: and this was the fix, that will go into the next -testing Mar 09 14:46:31 the commit ^^^ Mar 09 14:46:35 ah Mar 09 14:47:00 but you could use it as an example on how to add a root cert used only by location-proxy Mar 09 14:47:11 and not system-wide Mar 09 14:47:20 I suppose location-proxy automatically uses the location-proxy store then? Mar 09 14:47:21 bencoh: got it? Mar 09 14:47:23 nice Mar 09 14:47:24 yes Mar 09 14:47:46 then I should be able to add sony root using cmcli Mar 09 14:47:52 the thing is ... I don't have the root cert Mar 09 14:47:54 bencoh: it uses common-ca and appends location-proxy store Mar 09 14:47:59 it's missing Mar 09 14:48:09 bencoh: yes, that's normal :) Mar 09 14:48:11 it's absent from the cert chain Mar 09 14:48:22 we should find somebody woth a sony device :) Mar 09 14:48:26 huhu Mar 09 14:48:26 *with Mar 09 14:48:36 I guess we could do that Mar 09 14:48:47 or browse old firmware images? Mar 09 14:48:51 mhm Mar 09 14:49:20 or ask google :D Mar 09 14:49:27 Sicelo: http://talk.maemo.org/showpost.php?p=1468009&postcount=190 Mar 09 14:49:30 you might be right Mar 09 14:50:33 bencoh: yes, we know Sicelo might be right, but we can't be sure until we try it Mar 09 14:52:06 i'm busy with somehting for the next few hours, but am on -devel and willing to test (with some guidance perhaps) ... if someone finds the sony cert let me know Mar 09 14:54:37 warfare: it seems we were searching for the wrong words... "RRLP server" Mar 09 14:54:40 http://genesysguru.com/blog/blog/2013/04/06/rrlp-and-openbts-rrlp-installation/ Mar 09 14:55:44 freemangordon: have you any idea about how is current RRLP implementation in the N900? Mar 09 14:55:49 NFC Mar 09 14:56:08 but I was wondering - can't we buy a commercial product? Mar 09 14:57:03 xes: nice Mar 09 15:05:40 hmm, isn't RRLP something different? that's basically location via cell id Mar 09 15:05:54 Sicelo: not exactly Mar 09 15:05:56 which makes sense to be related to openbts .. Mar 09 15:05:58 ok Mar 09 15:06:02 ~rrlp Mar 09 15:06:02 RRLP is the Radio Resource LCS (Location Service) Protocol as specified first in GSM TS 04.31, or http://osmocom.org/projects/security/wiki/RRLP Mar 09 17:24:51 hmm ... http://celestrak.com/GPS/almanac/Yuma/almanac.yuma.txt Mar 09 17:25:44 (found on genesysguru.com blog in another rrlp article) Mar 09 17:47:29 and ftp://ftp.trimble.com/pub/eph/ Mar 09 18:03:38 drat, i love debugging obscure errors Mar 09 18:04:10 for a future reference, remember to compile sublibs with the same cflags. /me nudges -D_FILE_OFFSET_BITS=64 Mar 09 18:08:03 hmm, looks like cmt-reset (as root) really works on maemo ... it does resets modem properly Mar 09 18:08:34 including GPS, since location-daemon then fetches SUPL data back from server Mar 09 18:08:55 'does reset' or 'do resets' Mar 09 18:08:55 that's pretty handy to help debugging A-GPS Mar 09 18:09:08 does reset Mar 09 18:09:09 :) Mar 09 18:09:12 :) Mar 09 18:09:44 bottomline is, 52.22.201.16 supl.nokia.com really works Mar 09 18:09:48 (for now ...) Mar 09 18:09:52 oh? Mar 09 18:10:00 why it wasnt working before? Mar 09 18:10:13 I wasn't sure it worked before Mar 09 18:10:17 now I know for sure Mar 09 18:10:41 jonwil said he didn't see anything in tcpdump so I had to check ... hence cmt-reset Mar 09 18:12:13 well, at least I do see packets going through Mar 09 18:12:33 make sure those aren't 404 ;) Mar 09 18:14:57 with no enabled data connection it doesn't get a proper fix Mar 09 18:15:15 it does as soon as I enable gprs data :) Mar 09 18:15:26 nice Mar 09 18:17:19 regarding having our own server, looks like we can easily get "live" ephemeris/almanac data and use the openbts rrlp server, but afaiui we're still missing the supl<->rrlp glue Mar 09 18:17:27 not sure though Mar 09 18:20:33 yay! it works, muahahhahahahhahaah Mar 09 18:20:55 spent almost whole day debugging miscompiled library Mar 09 18:21:03 at least it works now :) Mar 09 19:13:55 Hello, I am trying to install NITDroid on a Nokia N900 from here: Mar 09 19:13:57 https://archive.org/download/NitdroidNokiaN900 Mar 09 19:14:15 unsupported, risky, wouldn't work Mar 09 19:14:34 if you really need android tablet with kb there are better options Mar 09 19:14:48 What do you mean? Mar 09 19:15:09 Is there anything for the N900? Mar 09 19:15:11 what will you be doing with nitdroid? Mar 09 19:15:42 Well, I just would like to install some apps which are not available for Maemo. Mar 09 19:15:59 but would telephony work? Mar 09 19:16:17 Why not? Mar 09 19:17:39 ? Mar 09 19:18:12 because i have never heard of nitdroid supporting telephony on n900 Mar 09 19:18:29 also, n900 has 256M of ram, which is TINY when it comes to android Mar 09 19:18:48 I understand. Are there better options? Mar 09 19:18:49 so just grab yourself some old native android phone with physical kb Mar 09 19:19:24 some people were experimenting with apkenv to run droid apps on maemo, but it's not satisfactory as well Mar 09 19:21:08 In any case, I would like to try, just for the sake of knowledge and to see what happens. Mar 09 19:21:45 you like to hurt yourself, won't stop you then Mar 09 19:22:28 but keep in mind that even old gingerbread on htc hero (380MB of ram) was slow Mar 09 19:26:18 No problem. It's kind of a game. But I'd need to understand some things to try. Mar 09 19:30:33 if you want to play with android innards, better grab some development board (ie. one of allwinner ones). they are much more hacker friendly (more connectors, unbrickable, uart exposed etc) Mar 09 19:30:52 or allwinner tablet (similarly unbrickable) Mar 09 19:31:11 cheap too Mar 09 20:15:33 nice find bencoh, re - cmt-reset Mar 09 21:17:36 ~tell Enrico__ about maemo-multiboot Mar 09 21:18:32 ~nitdroid Mar 09 21:18:32 extra, extra, read all about it, nitdroid is Nokia Internet Tablets with android OS. Support on nitdroid is provided in the channel #nitdroid and #nitdroid-help and Nokia does not officially support owners with android OS on their tablets. For more information read here: http://nitdroid.com/index.php?title=NITDroid_project. If you have bricked your N900 device and have installed nitdroid, flash with both eMMC and fiasco. Mar 09 21:21:36 Hello, my N900 is not bricked any more. Mar 09 21:21:48 I have u-boot working and Maemo as well. Mar 09 21:22:00 Just playing around with NITDroid. Mar 09 22:26:20 search terms: replicant, alien dalvik, libhybris Mar 09 22:40:40 and steer clear a 100 miles from multiboot! whatever you choose to install as second OS, uBoot will boot it fine Mar 09 22:55:11 multiboot *will* brick your N900, sooner or later Mar 09 23:04:13 ~multiboot Mar 09 23:04:14 somebody said multiboot was http://maemo.org/packages/view/multiboot/, or **DEPRECATED*, see ~maemo-multiboot Mar 10 02:19:45 "not bricked anymore" sounds like it wasn't bricked in the first place. **** ENDING LOGGING AT Fri Mar 10 03:00:03 2017