libera/#maemo/ Thursday, 2019-02-07

DocScrutinizer05the failure pattern is like: modem starts transmitting which draws massive amount of current bursts from battery, which in turn makes battery voltage sag below threshold where modem goes into shutdown/reset00:27
WikiwideDoes Fennec 17 us3 certificates different from MicroB? Because Fennec 17 goes paranoid on websites which are fine in MicroB. Doesn't help when iframe (blame Moodle login system) doesn't allow to scroll to "add permanent exception" button.01:38
brolin_empeyI recently had a plate break while being microwaved, do not know why it broke because I do not think we would have it at my office if it was not safe to microwave.04:16
MaxdamantusBecause it was heated unevenly.05:41
MaxdamantusThe plate will expand slightly when heated. If you heat only a single part, that part will expand and the cool part will stay the same, so you get some amount of tension between the hot/cold parts.05:43
brolin_empeyMaxdamantus: ACK.06:55
VajbDocScrutinizer05: swap of battery did not remove my connection problems, but I think it did improve it a bit.08:20
Vajblike for now. I switched to gprs and lost network signal only once.08:21
sixwheeledbeast3G consumes more power too09:50
WikiwideWhat part of MicroB packages is responsible for parsing JS? Because it is getting tiring to see websites, such as Moodle, not working due to what looks like Javascript incompatibility.10:28
WikiwideSo far, I am thinking of microb-engine... Libmozjs.so looks suspicious.10:28
MaxdamantusWikiwide: yes, it will be libmozjs10:29
MaxdamantusYou probably won't be able to simply replace that with a newer version, since ime, JSAPI tends to have breaking changes quite frequently.10:30
WikiwideThank you! It would be fun to run Virtual Reality on ancient Nokia N900 ;-)  That is, if intricate details of graphics handling will not make it impossible.10:30
WikiwideSo, libmozjs.so isn't the only file to be changed - the files relying on it will need to be changed as well, to handle changes in JSAPI?10:31
MaxdamantusYou'd very likely need to upgrade libxul or whatever it's called too.10:32
WikiwideBut the changes will likely not go outside microb-engine - engine is engine, nothing else needs to be concerned about JS.10:32
Maxdamantusjonwil seemed to be putting quite a lot of effort into something like that recently.10:32
WikiwideLibxul... Why is it here at all? MicroB doesn't use XUL, right?10:32
MaxdamantusYes, it's a XUL application, like Firefox.10:33
WikiwideMaxdamantus: where may I see jonwil's progress?10:33
WikiwideXUL support can be disabled, just like SVG support can be disabled?10:33
Maxdamantushttps://talk.maemo.org/showthread.php?s=3cbd26c5a4a8d869fac0ba3df7a9984d&t=10029610:33
MaxdamantusNo. XUL is the platform that the browser is implemented on.10:34
MaxdamantusIt's like trying to disable Gtk+ support from X-Chat.10:34
WikiwideFirefox was implemented on XUL. Modern Firefox is not XUL-based. MicroB isn't XUL-based, either?10:35
MaxdamantusActually, X-Chat does have other frontends, so it's probably more drastic than that.10:35
WikiwideThank you :-)  I amin fairly tumultous circumstances myself, so I am not sure when I will steadily devote time to actually editing code.10:35
MaxdamantusI'd be surprised if modern Firefox is not "XUL-based", but when I say "XUL" I basically mean gecko/xulrunner.10:35
MaxdamantusThe thing that "runs" Firefox or MicroB, whether those applications involve actual XUL markup, or just JavaScript that produces XUL DOM structures, or just uses the set of services that have evolved throughout the gecko project.10:37
WikiwideI like Gecko. I like XUL, even, but I think that Hildon interface is better for Maemo 5 than XUL interface.10:37
MaxdamantusI'm pretty sure it still uses at least XUL DOM though.10:37
WikiwideDon't think so... Should look into modern Firefox. I think it's anti-XUL10:37
MaxdamantusDefinitely still using XUL: chrome://browser/content/browser.xul10:38
MaxdamantusYou can open that URL in current versions of Firefox and introspect the XUL DOM elements in the developer tools.10:39
MaxdamantusApparently what they mean by being anti-XUL is just anti-non-standard sets of elements.10:42
MaxdamantusSo architecturally I suspect they don't really intend to change much, just reimplement the UI using HTML elements instead of XUL elements.10:43
Maxdamantusfrom that jonwil thread: > Although I am very close to saying "screw it" and looking for a fork of webkit or similar that works on our ancient libraries but supports the features needed (TLS 1.2 in particular but also more modern HTML/CSS/JS so it can render web pages that microb can't do).10:57
MaxdamantusMy solution to the TLS problem is to just run a MITM proxy I wrote, which runs using a modern version of OpenSSL and just creates certificates for domains on the fly, signed by my own root certificate that I've installed in Opera.10:58
sicelois it working well? mind to share? :)10:59
MaxdamantusIt pretty much works. There are probably some optimisations that would be worth doing; atm it uses a thread for each connection, and I have a suspicion that there is a slight connection delay due to the signing of that certificate at the beginning of each connection (it could instead do something like keep a cache of the last X used certificates to avoid resigning if a single site involves multiple11:01
Maxdamantussockets)11:01
Maxdamantushttps://gist.github.com/Maxdamantus/e32ab94dbc5d9d43298428400020620e11:02
MaxdamantusI just run that in my debian wheezy chroot, after compiling the latest version of openssl there.11:05
MaxdamantusThe reason it needs a relatively new version of OpenSSL is for easy host verification. Supposedly a few versions back you would have to implement a lot of that yourself (or pull in some other dependency that does).11:09
Maxdamantus(or you could just not do host verification, but I'd rather not do that)11:10
MaxdamantusI'd also like to have a wrapper script that generates a certiicate db file for Opera, so the private key only needs to be kept in memory, but I wasn't able to figure out the format for that in the time I spent looking into it.11:14
Maxdamantusin fact, the only way I got it to work was by running an old version of Opera on my desktop machine and adding the certificate there, then copying the certificates database file over to the N90011:15
Maxdamantusand also chmodding that file so it wouldn't get rewritten on startup11:16
WikiwideHTML is for hyper text, not for GUI of an application. Unless the whole application is intended to be text interface - akin to ncurses, but built with HTML. But I am being picky.11:21
Maxdamantus"HTML" also refers to a bunch of things, not just markup.11:22
WikiwideAnd the provided ssl workaround, while apparently better in terms of privacy than using a third-party proxy - and I have to wonder if it is possible to run a new-tls-to-old-ssl proxy directly on N900... Still doesn't resolve problem of JS engine being too ancient for modern websites.11:24
MaxdamantusI run the proxy on my N900.11:24
Maxdamantusthat's how I've been using all sites for the last few months.11:24
Maxdamantus(and that's its function: new-tls-to-old-ssl)11:25
WikiwideThat's great :-)  I am just surviving by dismissing all these new-security websites as haughty, and choosing anz.com instead of anz.com.au for Internet Banking.11:26
WikiwideHow difficult is it to set up this proxy? A package from repository, or?..11:26
MaxdamantusYeah, I currently can't use my online banking in Opera due to lack of JS features like `Set`11:27
WikiwideANZ Internet Banking works fine in MicroB, absolutely fine - just a tad slow JS when doing a bank transfer.11:28
MaxdamantusI was thinking of just adding some polyfills or something to edbrowse and then using that for banking.11:28
WikiwideI like /etc/hosts blocking (DNS redirecting to localhost) of advertisements, but I feel like that's not enough.11:29
Maxdamantusatm I can only use it on Iceweasel in the debian chroot, which seems to be very memory intensive.11:29
Maxdamantusas for running it, you need to build openssl somewhere, then compile the C file using a command something like:11:31
Maxdamantusgcc -D_BSD_SOURCE -D_POSIX_SOURCE mitm.c -lssl -lpthread -Wall -pedantic -std=c99 -I /mnt/sd/build/openssl/include/ -L /mnt/sd/build/openssl/ -lcrypto11:31
WikiwideI feel like somewhere during parsing of source code web browser should smartly (with something like userContent.css and userContent.js?) cut off all but the most essential parts of web page, somewhat similar to Reading Mode? So that number of DOM elements being remembered and rendered is minimised.11:31
Wikiwide/me whistles11:32
WikiwideI don't have an SD card, so far.11:32
Maxdamantusand you need to create a private key and corresponding root certificate (both PEM files), then you can run it as something like ` SSL_CERT_FILE=ca-certificates.crt ./a.out cakey.pem cacert.pem 127.30 9876`11:32
MaxdamantusDoesn't require an SD card. Just happens to be where my openssl build directory is.11:33
WikiwideWhere do I find source code? Is openssl also buildable with a single command?11:34
WikiwideBecause it's seriously tiring when most pages just fail due to security.11:34
Maxdamantushttps://github.com/openssl/openssl11:34
MaxdamantusI was able to just build the master branch there without difficulty in my wheezy chroot.11:35
MaxdamantusMight build under maemo too, haven't tried.11:35
* Maxdamantus already runs other things from wheezy anyway, so prefers to build things there.11:36
WikiwideNo need to fetch something-dev?11:36
WikiwideWhen openssl compiles, is it just one .so file?11:36
WikiwideDoes MicroB use the same certificates as maemo-security-certman?11:38
MaxdamantusDunno if it requires -dev packages. It'll probably fail on ./configure if it's missing something.11:53
Maxdamantusit's not just one .so file. I think there's libssl and libcrypto.11:54
Maxdamantusbut transitively, the program should only depend on libssl, libcrypto, libpthread and libc.11:55
WikiwideMaxdamantus: I will free up some space on MyDocs (it's choke-full of files, such as thousands of photographs). But last I heard, new-ish openssl is in repositories anyway - fahrplan has to support the latest security protocols.12:08
Wikiwidehttp://maemo.merlin1991.at/cssu/community-devel/pool/free/o/openssl/12:08
MaxdamantusAh, that should be okay then.12:11
WikiwideQml-browser sounds interesting. As in, recompiling MicroB against newer openssl sounds like a pain, whereas Qt4 and qml-browser are apparently already compiled against newer openssl.12:14
MaxdamantusForgot about that one.12:16
WikiwideJust looking at https://talk.maemo.org/showthread.php?t=100343&page=2 and wondering how JS is in this browser.12:18
MaxdamantusURL navigation seems a bit flaky, but apparently I've still got the latest version, and I must've installed it years ago.12:19
WikiwideUh-huh. As a lazy person, instead of downloading individual packages, I added the whole community-devel repository. Now application manager is checking for updates...12:27
Maxdamantusand yeah, my mitm.c compiles fine on Maemo just using the current version of libssl-dev from community-devel.12:27
WikiwideMaxdamantus : package your proxy into community-devel repository? ;-)12:28
WikiwideI should have packaged "duckduckgo search engine" into repositories long ago, but packaging it properly is a hassle - easier to edit everything manually.12:30
MaxdamantusMaybe. The main thing is probably that compiling it is about the easiest part of setting it up.12:30
MaxdamantusSince you also need to create a private key and root certificate, and probably a recent distribution of ca-certificates for host verification, and you need to get whatever browser you're intending to use to accept that root certificate.12:31
WikiwideYes. The trickiest part with ddg search engine is imagining that there is also an xyz search engine packaged.12:32
Maxdamantusand you need to get your browser to connect to it as an HTTP proxy.12:32
MaxdamantusHTTP proxy configuration on microb seemed quite annoying; it just takes the system settings, which means you need to configure the proxy through Maemo settings for every network you use.12:33
WikiwideWhatever browser : browser-switchboard knows something about choosing which browser is being used.12:33
WikiwideAnnoying, but reliable. Better than having each browser use its own configuration.12:33
WikiwideAnd I use four different networks, at most. Home wifi, eduroam, uniwide and cellular data.12:34
WikiwideAre there any default presets for networks? So that each new network would, by default, use the proxy?12:35
sixwheeledbeastthis is an issue on a lot of mobile devices12:36
MaxdamantusOh right, opera did that as well, but I stopped it by just chmodding the configuration file to be non-writable.12:36
KotCzarnyisnt opera sold to some chinese corpo?12:36
WikiwideInstalled ddg: google->ddg. Installed xyz: ddg->xyz. Uninstalled ddg: xyz->google. Uninstalled xyz: google->ddg. Expected outcome: google. Received outcome: ddg. Bug.12:37
WikiwideThe only way out is to say that each search engine conflicts all other search engines.12:38
WikiwideThen there would be no such tangles.12:38
WikiwideBut I don't know if it's possible to say that ddg-engine provides/replaces <search-engine> and conflicts <search-engine> at the same time.12:40
KotCzarnyyeah, because bug exists in newer kernels12:44
KotCzarnyerm, wrong chan12:44
WikiwideHow do I add CSSU devel to HAM? I tried http://maemo.merlin1991.at/cssu/ community-devel free, doesn't seem to work.20:36
Wikiwidehttp://maemo.merlin1991.at/cssu/community-devel/ ./ free doesn't seem to work, either20:47
sicelohttp://maemo.merlin1991.at/cssu/community-devel/ fremantle free20:53
WikiwideApparently, the repository is http://maemo.merlin1991.at/cssu/community-devel/ fremantle free. However, qml-browser requires qt-components-hildon? Which should be available in extras-devel, but doesn't show up for me.23:37

Generated by irclog2html.py 2.17.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!