**** BEGIN LOGGING AT Mon Sep 13 02:59:57 2010
Sep 13 07:17:35 <xqo> hello, what is the most used distro for the freerunner right now? Is Android a good option?
Sep 13 07:18:22 <lindi-> xqo: most used? probably shr afaik
Sep 13 07:18:40 <lindi-> (I'm a debian user)
Sep 13 07:19:02 <xqo> alright thanks
Sep 13 07:19:13 <xqo> Is android still not a good option?
Sep 13 07:19:38 <xqo> you'd think with its late popularity it could be fun to use on the freerunner
Sep 13 07:21:03 <lindi-> xqo: depends on what you value
Sep 13 07:21:37 <PaulF> xqo: i haven't heard from folks running android since long.
Sep 13 07:21:46 <xqo> alright.
Sep 13 07:21:54 <PaulF> xqo: hackers are not interested in android anyway, as it's not programmer-friendly.
Sep 13 07:22:06 <PaulF> xqo: that's what even android devs admit.
Sep 13 07:22:19 <xqo> oh, okay. thanks!
Sep 13 07:23:14 <PaulF> xqo: google's android site basically suggests that the most important idea of android is _selling_ apps via android-market so that's certainly not something a free software enthusiast usually wants.
Sep 13 07:23:33 <lindi-> yeah that was the largest downside for me too
Sep 13 07:23:43 <lindi-> the idea of sandboxed apps however is very interesting
Sep 13 07:24:53 <lindi-> that's something that is clearly missing from debian and shr too
Sep 13 07:25:21 <PaulF> lindi-: you know that security always comes with a price, you have to make compromises between security and over-complication of the system.
Sep 13 07:25:46 <rhkfin> xqo: you might want to also check qtmoko, it's maybe the most 'finished' distro atm
Sep 13 07:27:57 <PaulF> lindi-: sandboxing a public http daemon is one thing, and sandboxing every end-user app is too damn complex. If you consider the history of breaches (and the consequencies) you'll probably agree that most often  sandboxing doesn't worth the trouble. ;)
Sep 13 07:29:23 <PaulF> lindi-: also that's a matter of what one wants. Android was made with the purpose of running random crap-apps. But that's clearly not a typical use-case for a Debian system.
Sep 13 07:32:09 <lindi-> PaulF: of course security comes with a price yes
Sep 13 07:32:36 <lindi-> PaulF: but giving all applications all access also has a price => you need to be really careful on what programs you run
Sep 13 07:32:55 <PaulF> lindi-: btw, have you ever tried studying windows ACLs? 
Sep 13 07:33:20 <lindi-> PaulF: what breaches do you mean? you mean that sandboxing is difficult to make without security bugs?
Sep 13 07:33:42 <lindi-> PaulF: debian is the universal os, I want to be able to configure it to do anything I want :P
Sep 13 07:33:58 <lindi-> PaulF: I don't think windows supported those in win3.1 very well
Sep 13 07:34:14 <PaulF> lindi-: it's an interesting and complex solution, on the order of magnitude more flexible than unix's permissions. But it's so damn complex (especially given the surprisingly lacking documentation) that almost nobody properly understands and uses that.
Sep 13 07:34:34 <lindi-> unix permissions clearly are lacking though
Sep 13 07:34:56 <PaulF> lindi-: i mean breaches in the apps that lead to some bad things that could have avoided if they were sandboxed.
Sep 13 07:35:07 <lindi-> PaulF: ah
Sep 13 07:35:11 <PaulF> lindi-: even POSIX ACLs are not nearly as powerful as windows'.
Sep 13 07:35:25 <lindi-> PaulF: anyways, I'd like to sandbox things like my one-time password calculator from everything else that runs on my FR
Sep 13 07:35:54 <PaulF> lindi-: why can't you use a restrictive selinux policy for every app by default?
Sep 13 07:36:07 <lindi-> PaulF: still learning selinux Xorg extension
Sep 13 07:36:36 <lindi-> PaulF: it looks somewhat complex. apparently I need to modify the window manager
Sep 13 07:40:43 <PaulF> lindi-: i've heard multics was made with strong focus on security and it went nowhere while ITS gave many folks a lot of fun and experience throughout the many years.
Sep 13 07:41:32 <lindi-> PaulF: i haven't used either one :)
Sep 13 07:41:35 <PaulF> lindi-: i mean usually really secure systems are either too limited or too complex and inefficient so you have to choose.
Sep 13 07:41:43 <PaulF> lindi-: neither have i, unfortunately.
Sep 13 07:41:54 <lindi-> PaulF: but I'd like to have a normal system + one-time password calculator in isolation
Sep 13 07:42:10 <lindi-> PaulF: that'd be easier than having to carry a separate physical device for one-time password generation
Sep 13 07:42:31 <lindi-> PaulF: it shouldn't be compler or inefficient
Sep 13 07:42:33 <PaulF> lindi-: this option is exactly what i thought about because it'd be an easy and working solution.
Sep 13 07:42:44 <PaulF> lindi-: i meant carrying a separate device.
Sep 13 07:43:02 <lindi-> PaulF: it is not easy, those one-time password calculators are not cheap
Sep 13 07:43:17 <PaulF> lindi-: can't you implement it on your atmega or something?
Sep 13 07:43:24 <lindi-> PaulF: you call that easy? ;)
Sep 13 07:43:35 <lindi-> PaulF: they need a keyboard for me to type the passphrase
Sep 13 07:44:36 <lindi-> (I'm using opiekey(1))
Sep 13 07:45:48 <PaulF> lindi-: i see. Then why not switch to a text terminal to start the generator? 
Sep 13 07:46:42 <lindi-> PaulF: chvt 1?
Sep 13 07:46:54 <PaulF> lindi-: yes, to not have to deal with X
Sep 13 07:47:00 <lindi-> PaulF: on FR the problem is that I need xvkbd
Sep 13 07:47:12 <lindi-> since I don't carry a physical keyboard with me
Sep 13 07:47:27 <PaulF> lindi-: ok, then what about starting another dedicated X server?
Sep 13 07:47:36 <lindi-> PaulF: that eats a lot of memory
Sep 13 07:47:47 <PaulF> lindi-: sure, but for a short amount of time
Sep 13 07:47:47 <lindi-> PaulF: but is a possibility
Sep 13 07:49:13 <lindi-> PaulF: I just thought that it'd be fancier to integrate this to a single X server :)
Sep 13 07:49:21 <lindi-> PaulF: just to learn something new about selinux
Sep 13 07:49:38 <lindi-> PaulF: I'm thinking this could be used to run graphical package managers on typical desktop environments too
Sep 13 07:49:38 <PaulF> lindi-: i fully agree :)
Sep 13 07:49:50 <lindi-> PaulF: have I advertised sido yet? ;)
Sep 13 07:50:05 <PaulF> lindi-: at least i haven't seen it.
Sep 13 07:50:48 <lindi-> PaulF: it's a prototype to make sudo safer to use:  http://lindi.iki.fi/lindi/darcs/sido/README
Sep 13 07:52:28 <PaulF> lindi-: so basically you're trying to workaround the inherent insecureness of X?
Sep 13 07:53:06 <lindi-> PaulF: i don't believe it is inherent, we just are not using selinux yet :)
Sep 13 07:53:38 <lindi-> PaulF: trusted solaris folks claim to have secured their X
Sep 13 07:54:09 <lindi-> PaulF: but since it's non-free stuff it's very hard to say what X stuff they had to disable to get that done (at least opengl afaik)
Sep 13 07:54:30 <PaulF> lindi-: so here comes the non-zero price again...
Sep 13 07:54:41 <lindi-> PaulF: hmm?
Sep 13 07:54:58 <PaulF> lindi-: to secure the system they had to make it more limited.
Sep 13 07:55:18 <lindi-> PaulF: yeah probably
Sep 13 07:56:13 <lindi-> PaulF: but a typical desktop user does not need a 100% unspoofable dialog, he can probably live with 100% unsniffable password and 99% unspoofable dialog :)
Sep 13 07:56:42 <PaulF> lindi-: sorry for the OT, but do you by any chance have a solution to "oh, i want to install this package but i can't because apt-get is already running installing something else"?
Sep 13 07:56:55 <lindi-> PaulF: not really no
Sep 13 07:57:01 <lindi-> PaulF: I use chroots :)
Sep 13 07:57:12 <lindi-> so multiple apt-get instances can be running at the same time
Sep 13 07:59:24 <PaulF> lindi-: windows uses C-M-<delete> as a very special combination to prevent spoofing dialogs.
Sep 13 07:59:55 <lindi-> PaulF: yep
Sep 13 08:00:13 <lindi-> PaulF: that's why I chose it for sido default too :P
Sep 13 08:00:40 <lindi-> (actually it is xsakd default. xsakd could be configured to run something else than sido-sign too)
Sep 13 08:02:08 <PaulF> lindi-: complex stuff... esp if you want to have a virtual keyboard working with it.
Sep 13 08:02:22 <lindi-> PaulF: yes
Sep 13 08:03:06 <PaulF> lindi-: it looks like there should be a very dedicated handling for the security-related stuff in X server integrated.
Sep 13 08:03:17 <lindi-> PaulF: there is selinux extension
Sep 13 08:03:26 <lindi-> PaulF: I just read the source
Sep 13 08:03:43 <lindi-> and some papers
Sep 13 08:09:05 <PaulF> lindi-: (serialise apt-get requests) surprisingly the tool in question is called "postpone" and it even has a "--debian key", so i'd just need to "postpone -d apt-get install coolapp" or even make an alias apt-get="postpone -df /usr/sbin/apt-get"
Sep 13 08:10:48 <PaulF> /usr/bin/apt-get
Sep 13 09:16:26 <rhkfin> PaulF: interesting!
Sep 13 09:44:33 <rhkfin> except that alias thing doesn't work.. complains me about /var/lib/apt/lists/lock .. (does Debian & ubuntu possibly name the locks in a different way?!)
Sep 13 09:50:01 <rhkfin> hmm.. sudo seems to mess up the aliases..
Sep 13 10:02:21 <PaulF> rhkfin: yeah
Sep 13 12:35:18 <panicking_mike> larsc, hi
Sep 13 14:23:05 <DocScrutinizer> PaulF: lindi-: isn't a sandbox to block access from _inside_ to general outside? I'd guess a sandbox doesn't help anything to protect any app inside from keylogging or data readout form _outside_ the sandbox
Sep 13 14:23:40 <DocScrutinizer> so what's the use of running a OTP generator inside a sandbox? o.O
Sep 13 14:32:15 <lindi-> DocScrutinizer: I'd run rest of the system inside a sandbox :)
Sep 13 14:32:30 <DocScrutinizer> that's more like it
Sep 13 14:32:45 <DocScrutinizer> it's called TPM afaik :-P
Sep 13 14:33:02 <DocScrutinizer> or TCPA or something
Sep 13 14:38:40 <lindi-> DocScrutinizer: not sure, i thought those included hardware support
Sep 13 14:38:54 <DocScrutinizer> not really
Sep 13 14:40:22 <DocScrutinizer> it's primarily a bootloader checking signature of kernel, kernel checking signature of apps, and making sure no 'rogue' app ever gets executed as long as any 'safe app' has still some memory allocated or not cleaned out
Sep 13 14:41:16 <DocScrutinizer> the hw thing comes in when mamaging the keys, and making sure nobody replaces the bootloader or the sig keys it uses to verify that's a 'safe kernel'
Sep 13 14:42:37 <DocScrutinizer> so TPM is all about depriving power from user
Sep 13 14:42:55 <SpeedEvil> Assuming the user doesn't have the bootloader keys.
Sep 13 14:43:11 <DocScrutinizer> yep
Sep 13 14:43:20 <SpeedEvil> I would quite like a device that is a total functional brick if the password is forgotten.
Sep 13 14:43:30 <SpeedEvil> It cannot be recovered even with flashing tools.
Sep 13 14:44:40 <DocScrutinizer> sounds odd. Usually a clean flashing, erasing *all* data on device, is considered a viable recovery method
Sep 13 14:46:07 <DocScrutinizer> this applies to firmware as well as for HDD with hardware password
Sep 13 14:46:20 <Wonka> SpeedEvil: with hard enough ionizing radiation you can even erase Fuse Bits on uCs... all devices can be recovered if there's no real damage done to something
Sep 13 14:47:06 <DocScrutinizer> Wonka: nope. Fuse bits often are real fuses. Once blown they can't recover
Sep 13 14:47:42 <Wonka> DocScrutinizer: hmm. hmm. not so for those atmels flylogic took apart...
Sep 13 14:47:49 <Wonka> http://www.flylogic.net/blog/
Sep 13 14:48:27 <DocScrutinizer> yeah, atmel fuse logic follows the erase-all paradigm. You can "reset to factory"
Sep 13 14:48:28 <Wonka> DocScrutinizer: using a degausser on a HDD surely causes all data to be lost - including those parts of the firmware that are on the magnetic media... it's quite effectively bricked then :>
Sep 13 14:48:32 <SpeedEvil> DocScrutinizer: I do not want someone stealing my phone to be able to recover it. Even if they cannot get my data.
Sep 13 14:49:18 <Wonka> .oO( watchdog activated load of thermite? )
Sep 13 14:49:21 * DocScrutinizer suggestes self-distruct
Sep 13 14:49:50 <SpeedEvil> I want it to work if I get it back, and know password.
Sep 13 14:49:53 <Wonka> hrm. what can the battery controller do? can it explode the LiPo battery?
Sep 13 14:50:02 <DocScrutinizer> for smal units usualy Litium is used :-D
Sep 13 14:50:53 <DocScrutinizer> esp on hardened attache cases
Sep 13 14:51:19 <DocScrutinizer> drill a hole anywhere -> documents incinerated
Sep 13 14:52:34 * DocScrutinizer wonders if anybody thought about cutting case in two halves under protective gas
Sep 13 14:53:13 <SpeedEvil> I have.
Sep 13 14:54:04 <SpeedEvil> Related wonderings are how to make aerogel, and pressure sterilisation of food. Both of which use stuuupid presures.
Sep 13 14:54:31 <DocScrutinizer> aerogel?
Sep 13 14:54:37 <SpeedEvil> yes.
Sep 13 14:54:37 <DocScrutinizer> what's that?
Sep 13 14:54:54 <SpeedEvil> It is a very open foam made from glass.
Sep 13 14:55:00 <DocScrutinizer> aaah
Sep 13 14:55:00 <SpeedEvil> Or other materials.
Sep 13 14:55:10 <SpeedEvil> That ends up at a density approaching air.
Sep 13 14:55:20 <DocScrutinizer> duh
Sep 13 14:55:28 <DocScrutinizer> probably less
Sep 13 14:55:30 <DocScrutinizer> :-D
Sep 13 14:55:59 <SpeedEvil> you start with a jelly, then replace the water with alcohol. Then at pressures that liquify CO2, you immerse it in CO2 until the alcohol diffuses out.
Sep 13 14:56:21 <SpeedEvil> you can also do it with only alcohol - but the pressures are worse
Sep 13 14:56:37 <DocScrutinizer> liquid glass and water??
Sep 13 14:56:57 <SpeedEvil> It's not quite liquid glass - it's something that when you then heat it, you get a glass.
Sep 13 14:56:59 <DocScrutinizer> not seriously
Sep 13 14:57:02 <Wonka> stuuuuuupid pressures
Sep 13 14:57:18 <Wonka> kBars? MBars?
Sep 13 14:57:28 <DocScrutinizer> mbars
Sep 13 14:57:29 <SpeedEvil> mbars
Sep 13 14:57:30 <Wonka> yes, "M", not "m"
Sep 13 14:57:32 <SpeedEvil> http://en.wikipedia.org/wiki/High_pressure_food_preservation
Sep 13 14:57:39 <SpeedEvil> Is also fun.
Sep 13 14:57:41 <Wonka> "m" is "milli"
Sep 13 14:57:45 <Wonka> "M" is "Mega"
Sep 13 14:57:55 <SpeedEvil> Though that's 500Mbar
Sep 13 14:58:00 <SpeedEvil> err
Sep 13 14:58:05 <SpeedEvil> no
Sep 13 14:58:10 <SpeedEvil> 500MPa
Sep 13 14:58:29 <SpeedEvil> Aerogel is a hundred bar ish. 10MPa
Sep 13 14:58:53 <DocScrutinizer> I still don't wrap my head around aerogel
Sep 13 14:59:43 <SpeedEvil> http://en.wikipedia.org/wiki/Aerogel
Sep 13 14:59:45 <SpeedEvil> funky stuff
Sep 13 14:59:56 <Wonka> 70kpsi ~ 4.8M Bar
Sep 13 15:00:04 <Wonka> erh.
Sep 13 15:00:06 <SpeedEvil> Aerogel was first created by Samuel Stephens Kistler  in 1931, as a result of a bet with Charles Learned over who could  replace the liquid in 'jellies' with gas without causing shrinkage.[3][4
Sep 13 15:00:09 <SpeedEvil> :)
Sep 13 15:00:09 <Wonka> 70kpsi ~ 4.8 kBar
Sep 13 15:00:21 <DocScrutinizer> at 500MBar I guess any food, no matter strawberry marmelade or cheese, will end as diamonds :-P
Sep 13 15:00:31 <SpeedEvil> :)
Sep 13 15:00:43 <SpeedEvil> yes - 500MPa is rarther smaller.
Sep 13 15:01:51 <Wonka> DocScrutinizer: nah. 0.03 Diamond Formation Pressure, says wolframalpha
Sep 13 15:02:18 <Wonka> aaargh. make that 0.05. I wonder how I manage to mistype stuff all the time.
Sep 13 15:02:30 <Wonka> and also I wonder why they don't let you just c&p from the site
Sep 13 15:02:49 <DocScrutinizer> lol
Sep 13 15:03:35 <DocScrutinizer> what'S pressure for 5th, 6th, and 7th aggregate of water?
Sep 13 15:04:19 <DocScrutinizer> 7th = neutron matter?
Sep 13 15:04:36 <DocScrutinizer> mater even
Sep 13 15:07:34 <SpeedEvil> http://www.enm.bris.ac.uk/teaching/projects/2002_03/jb8355/review.html
Sep 13 15:07:59 <SpeedEvil> Ice 7 is abourt 2GPa
Sep 13 15:09:27 <Wonka> where's Ice 6?
Sep 13 15:09:59 <SpeedEvil> about 800MPa
Sep 13 15:10:08 <Wonka> I don't see it in the diagram
Sep 13 15:10:19 <Wonka> I, II, III, IV, V, VII
Sep 13 15:10:21 <Wonka> but not VI
Sep 13 15:10:33 <SpeedEvil> TIt's just below 7
Sep 13 15:10:53 <SpeedEvil> 6 is the first one that can be warm.
Sep 13 15:12:55 <Wonka> well, at that pressure, the temperature is quite irrelevant to me :>
Sep 13 16:12:39 <PBeck> hi
Sep 13 16:28:02 <SparFux> Hello. Why do they say, the samsung H1 has a 1 GHz processor, when it actually has a 600 MHz + 488 something MHz dsp?
Sep 13 16:31:41 <SparFux> ha, now I bought three of the samsung h1 and already doubt wethter this was wise. :-\
Sep 13 16:34:37 <SpeedEvil> SparFux: you don't care about clock frequency.
Sep 13 16:34:47 <SpeedEvil> Youcare about how fast the software goes.
Sep 13 16:35:17 <SparFux> Hm... the faster the clock the faster the software, if it's the same software. :-)
Sep 13 16:35:54 <SparFux> Te be honest, I plan on replacing the whole software on that phone anyway.
Sep 13 16:36:21 <SpeedEvil> No.
Sep 13 16:36:26 <SparFux> Not?
Sep 13 16:36:44 <SpeedEvil> Clock speed and execution speedd do not scale linerarly unless the processors are identical.
Sep 13 16:36:50 <SpeedEvil> And the RAM is the same ratio.
Sep 13 16:37:10 <SparFux> Ah, you are right.
Sep 13 16:37:43 <SparFux> Ok, the snapdragon sounds like being forther developed Cortex-A8, but that's not so important, the Snapdragon phone is more expensive anyway.
Sep 13 16:38:48 <SparFux> The most important thign would be to get root, replace everything and have drivers for all items anyway.
Sep 13 16:40:07 <SparFux> * LiMo (Linux Mobile) OS  *  TI OMAP 3430 600 MHz (same as N900) CPU/GPU chipsets        sounds like a good choice, The N900 can run debian :-)
Sep 13 19:47:48 <radekp> larsc: hi, are you here? if you are interested i have some measurements of current during suspend...
Sep 13 19:48:13 <larsc> radekp: yes I'm here.
Sep 13 19:49:02 <radekp> larsc: maybe they are useless but i spent quite a lot of time with them :)
Sep 13 19:49:04 <radekp> larsc: http://activationrecord.net/radekp/pub/suspend_power2/results.txt
Sep 13 19:49:38 <radekp> larsc: i have measured current with multimeter before every call to device suspend
Sep 13 19:49:49 <gena2x> radekp: they will not be useless anyway. as we now know how much is driven for each thing on boot
Sep 13 19:51:06 <radekp> larsc: another interesting thing is that suspending modem is somehow different for 2.6.29 and 2.6.34
Sep 13 19:51:32 <gena2x> radekp: btw, you had specific patches for modem
Sep 13 19:51:42 <radekp> larsc: if i do echo mem > /sys/power/state on .29 it suspends so that device eats 9mA
Sep 13 19:51:55 <radekp> larsc: with 2.6.34 i have 30mA
Sep 13 19:52:41 <gena2x> now 30mA? thought you had 15mA, mine result is 20mA.
Sep 13 19:52:41 <radekp> larsc: if i do echo "AT@POFF" > /dev/ttySAC0 then i get 16mA for .34
Sep 13 19:52:53 <gena2x> ah. yes.
Sep 13 19:54:02 <gena2x> btw i think this may very a bit, as battery has(guess) slightly different voltage depending on remainig charge
Sep 13 19:54:14 <gena2x> s/very/wary/
Sep 13 19:54:14 <apt> gena2x meant: btw i think this may wary a bit, as battery has(guess) slightly different voltage depending on remainig charge
Sep 13 19:54:47 <radekp> larsc: i dont think it's problem but i think it's interesting
Sep 13 19:56:20 <larsc> hm
Sep 13 19:56:37 <larsc> radekp: have you tried suspending the modem via the sysfs nodes?
Sep 13 19:56:53 <larsc> /sys/bus/platform/devices/gta02-gsm-pm.0/power
Sep 13 19:56:59 <larsc> or something like that
Sep 13 19:57:20 <radekp> larsc: yes but it has no effect on the overall current drain in suspend
Sep 13 19:58:09 <larsc> ok. thats interesting
Sep 13 19:58:50 <radekp> i can try it once more to confirm it...
Sep 13 20:02:14 <radekp> larsc: one more maybe interesting thing - the current in suspend is high even with openwrt 2.6.30 kernel
Sep 13 20:07:13 <larsc> hm. I'm wondering what we are not turning off
Sep 13 20:08:59 <larsc> i have some free time in the next days. i'll try to take a closer look and port the patches to 2.6.36
Sep 13 20:11:22 <radekp> oki, thanks
**** ENDING LOGGING AT Tue Sep 14 02:59:57 2010