| *** birdzhang is now known as birdzhang_pc | 01:56 | |
| *** frinring_ is now known as frinring | 02:52 | |
| tom13 | Hello, I am going to travel a bit and wonder if there is an app that will scan for open WIFI and test-connect to ensure DHCP + internet is available | 06:19 |
|---|---|---|
| tom13 | and then give me an audio alert that i have internet. | 06:19 |
| tom13 | this might not work as well as i hope though, since many open wifi APs present the user first with a landing page asking for agreement to policy before granting internet access | 06:22 |
| r0kk3rz | sounds dangerous | 06:56 |
| tbr | it's pretty much what android keeps doing. Just needs to fit your risk scenarios. | 06:57 |
| dcaliste | Hello chriadam, how are you? | 07:04 |
| rainemak | dcaliste, hi there! | 07:18 |
| dcaliste | Hello rainemak. | 07:18 |
| rainemak | dcaliste, not much has happened in the email front during last week | 07:19 |
| dcaliste | I guess you all have been busy with bug fixing and polishing of 2.2.0. | 07:20 |
| dcaliste | As I posted on the gpgme PR in Github, I've finished to implement PGP signature and encryption via a plugin in secret. | 07:21 |
| dcaliste | It can be tested with the secrets-tool CLI. | 07:21 |
| dcaliste | I have some questions regarding encryption API to chriadam, but it can wait for him being available. | 07:22 |
| rainemak | thank you | 07:24 |
| rainemak | yeah, better to ask directly from chriadam => no point that I'm a man in the middle | 07:24 |
| *** SpeedEvil is now known as Guest51359 | 07:26 | |
| dcaliste | Sure, thank you rainemak, see you later. Have a nice day. | 07:30 |
| rainemak | dcaliste, you too! have a nice day | 07:37 |
| tom13 | itis hard to work with only 2GB on / | 07:57 |
| tom13 | now have 21MB free and i can't find anything to delete | 07:57 |
| chriadam | dcaliste, sorry was sick still yesterday (and all last week). back on deck now though :-) | 08:05 |
| dcaliste | chriadam, I wish you feel better. | 08:06 |
| chriadam | cheers, mostly recovered now :-) | 08:09 |
| dcaliste | Do you have time for some questions? | 08:11 |
| chriadam | definitely | 08:14 |
| dcaliste | As said to rainemak before, I've finished to implement PGP signature and encryption via a plugin in secret. It can be tested via secrets-tool CLI. | 08:15 |
| dcaliste | About encryption, the API of decrypt() suggest that it's encryption + signature, or returning VerificationUnknown to status will mean in decrypt() that data are simply decrypted but there was no signature? | 08:16 |
| chriadam | I saw there was a PR to allow passing custom parameters for various calls - I haven't had a chance to review that one yet | 08:17 |
| chriadam | dcaliste, some block modes (like GCM) allow "authenticated" encryption/decryption | 08:17 |
| r0kk3rz | btw who is best to talk to about sailfish-secrets stuff? | 08:17 |
| dcaliste | Yes, there is this PR also, it's not very important. It is there more to be feature complete and being able to pass options to GnuPG. | 08:17 |
| chriadam | so if the block mode is an authenticated mode, then there will be a verified output also; but if the block mode is not authenticated (e.g. CBC etc, or asymmetric like RSA) then there will not be such verified output. | 08:18 |
| chriadam | r0kk3rz, in terms of implementation, or in terms of roadmap? the former: me. the latter: veskuh. | 08:18 |
| dcaliste | chriadam, yes PGP allows also encryption + signature. So here my question: encryption is done with public key of recipient, while signing is done with private key of signer. But there is only one key parameter, how can I do? | 08:19 |
| chriadam | dcaliste, the API doesn't support using two separate asymmetric keys for this operation. I guess you could "hack" it to work by accepting the signing key as authenticationData or similar, but I would not suggest that.. | 08:21 |
| chriadam | dcaliste: instead, probably best to require the client to do it as two calls. one: encrypt with remote public key. two: sign with local private key. | 08:21 |
| dcaliste | I was thinking to pass the signing key (well it's identifier since GnuPG plugin never "leak" private data anyway into sailfish-secret) in customparameters. But it's kind of ugly and I don't know how to integrate well this in the UI. | 08:23 |
| dcaliste | Regarding UI, my second question: I've installed settings-secrets-ui, and see the key entry in settings. But in the page, I have only an unlock button, while I didn't set any lock anywhere. | 08:24 |
| dcaliste | I don't see option to create a key, list keys… Maybe it's behind the unlock button, or not implemented yet. I wanted to test the integration of GnuPG stuff through the UI also. | 08:25 |
| chriadam | dcaliste, there's no capability from the UI to relock a plugin once unlocked. the UI is ... very primitive currently, due to time pressure for 2.2.0 schedule. | 08:26 |
| chriadam | but the unlock button should only appear if your plugin is reporting its state as locked() | 08:27 |
| chriadam | collections and keys should automatically be populated from a plugin if the plugin is not locked | 08:27 |
| chriadam | (individual collections may themselves be locked, they will show up with a little padlock) | 08:28 |
| chriadam | to test, you can e.g. run the secretsd with --test, and then add a bunch of keys to the default sqlcipher plugin via the secrets-tool | 08:28 |
| chriadam | then open the settings Keys page | 08:28 |
| dcaliste | Yes, I understand, I don't blame anyone ;) Just I'm stuck on the "unlock" button that I don't know what to type there since I've never defined any lock. The lock button is for the master lock I guess. Anyway, I can wait to have access to the sources via the convention to see why I have only this unlock button. | 08:29 |
| dcaliste | I'll try with running the daemon with --test indeed. | 08:29 |
| chriadam | ... that scares me | 08:29 |
| chriadam | rainemak: is it possible that the data corruption prevention PR caused a regression here? I haven't had a chance to test it yet... | 08:30 |
| chriadam | dcaliste: are you using the latest version from git? you would need to rm -rf your privileged/Secrets folder I guess, since Venemo's PR wasn't backwards compatible with previous databases etc (the cipher lock file is now in a separate directory etc) | 08:31 |
| chriadam | afaik, I haven't tested it personally yet. | 08:31 |
| dcaliste | About the encryption API, the intended use case is A and B sharing a common private/public key, so A can encrypt (public part) and sign (private part), send the data to B and B can decrypt (private part) and verify (public part)? | 08:31 |
| Venemo | chriadam: we had a discussion about that with rainemak and decided that we don't wanna be backwards compatible with something that was never actually released | 08:31 |
| rainemak | chriadam, what what? dcaliste you need to nuke your old privileded Secrets | 08:31 |
| dcaliste | About the latest version, yes I've already removed the directory so the work from Venemo is working. | 08:32 |
| chriadam | Venemo, rainemak: right, not being backward compatible is fine. but does it work _afterwards_? | 08:32 |
| chriadam | if it shows the master as being locked, even if no master lock has been set, well... that is very bad (tm) | 08:32 |
| rainemak | chriadam, I see "Change code" | 08:33 |
| dcaliste | Maybe I'm wrong but in French, it's written "verrou principal" which means master lock. | 08:33 |
| Venemo | chriadam: I'm not aware of that issue | 08:33 |
| dcaliste | chriadam, I can investigate further as soon as I can access the secret-ui sources. | 08:34 |
| rainemak | "Master lock" section is there always afair... Under that you can "Change code" if you haven't used that before or "Enter code" if it is already in use and locked | 08:34 |
| chriadam | dcaliste: could just be a translation issue (e.g. unclear messages) as opposed to an actual issue. try adding some keys to the default sqlcipher plugin via the secrets-tool, and see if they show up in the Keys page. | 08:34 |
| dcaliste | chriadam, ah I see. Going to do that today or tomorrow and will report. | 08:35 |
| dcaliste | chriadam, am I right in my understanding of the encryption use case described at 10:31? | 08:36 |
| chriadam | dcaliste: that's one use case, definitely. e.g. you can share your public key to someone else via .pem file, and vice versa. | 08:37 |
| chriadam | there is no automatic (PKI) lookup and population of keys, yet, but that's something which could possibly be implemented in the future. | 08:38 |
| dcaliste | chriadam, my problem is that as far as I understand, B needs the private key to decrypt, no ? | 08:38 |
| flypig | Does anyone have any insight into whether Jolla accepts 'pull requests' for the parts of Silica not in their github repo? Are they open to suggestions of putting new components on github? | 08:39 |
| chriadam | dcaliste: yes, you encrypt with the public key, and then they decrypt with the private key. if the key is shared (i.e. they both know the public and private key parts - which is weird, but I guess possible) then they can both encrypt and decrypt (although in that case I'd suggest just using a symmetric key, shared via key exchange) | 08:40 |
| r0kk3rz | flypig: currently no, but there is a much rumoured contributors agreement supposedly coming soontm | 08:40 |
| chriadam | flypig: you'd need to talk to veskuh about that I guess. | 08:40 |
| dcaliste | So my concern is that A needs the private key to sign, and B needs it to decrypt. So the private key is in two places, which is not adviced I think. | 08:41 |
| r0kk3rz | flypig: i was thinking we need a public repo of community curated components, because theres a bunch about the place already | 08:41 |
| dcaliste | Thus my first question, encrypt() have one key argument, so to sign and encrypt it means that the private key is shared between the two persons which is weird. | 08:42 |
| flypig | r0kk3rz, chriadam, thanks for clarifying. I like the idea of a community repo. But that only solves some of the problem (it wouldn't allow extension of existing components, no?) | 08:42 |
| r0kk3rz | no | 08:42 |
| chriadam | dcaliste: normally they each would have their own, separate keys. e.g. person A would have a key (A.Pub + A.Priv) and person B would have a key (B.Pub + B.Priv). | 08:43 |
| chriadam | dcaliste: so when A wants to send a file to B, they would encrypt the file with B.pub, and sign it with A.priv | 08:43 |
| chriadam | dcaliste: then B uses B.priv to decrypt the file, and checks that it verifies with A.pub | 08:43 |
| chriadam | so A knows A.pub+A.priv+B.pub | 08:43 |
| chriadam | and B knows B.pub+B.priv+A.pub | 08:43 |
| dcaliste | indeed, but there is only one key argument to the function… | 08:43 |
| chriadam | dcaliste: yes, as mentioned the client needs to perform two separate calls - the first to encrypt, the second to sign | 08:44 |
| flypig | r0kk3rz, every time I get back to developing Silica stuff, I end up having to rewrite components that everyone else must also have re-written hundreds of times. | 08:44 |
| r0kk3rz | flypig: yeah most likely | 08:44 |
| tom13 | maybe the wifi scanner could be written entirely in bash.. using iw.. and other shell commands | 08:45 |
| flypig | chriadam, can you clarify about veskuh? Is s/he a sailor? | 08:45 |
| dcaliste | chriadam, ah ok. Can I add a encryptAndSign() API ? GnuPG can do it in one call. Does it make sense? | 08:45 |
| r0kk3rz | flypig: veskuh is jolla project manager iirc | 08:45 |
| flypig | r0kk3rz, great thank you. Is this the sort of thing to bring up at the community meetings? | 08:46 |
| r0kk3rz | sure | 08:46 |
| chriadam | dcaliste: I'd prefer not to at this point, personally (until we have more backends that support this same thing). I mean, there's no harm in creating a PR for this, but not sure it would be accepted. | 08:47 |
| flypig | r0kk3rz, thanks! | 08:47 |
| chriadam | dcaliste: primarily because it would add another request type, and plumbing to the daemon, but doesn't actually offer any new functionality (i.e. it just wraps two calls into one, without offering anything "new" as far as I can see) | 08:48 |
| dcaliste | chriadam: ok, no problem, just wondering. | 08:48 |
| r0kk3rz | flypig: btw theres also a whole bunch of undocumented things so if you're struggling with something then mention it here | 08:48 |
| dcaliste | chriadam: I'll slightly adjust the GnuPG plugin accordingly. So the work on the public open source part is mostly done for PGP. | 08:51 |
| chriadam | fantastic. hopefully this week I will be able to review it thoroughly and test | 08:51 |
| dcaliste | chriadam: trying to create a collection on device with CLI, I obtain « Error: Sailfish::Secrets::Result::ErrorCode(SecretsDaemonLockedError) "The secrets database is locked" » | 08:51 |
| flypig | r0kk3rz, thanks. Today it's a component to select a directory (there's already a Together post about it: https://together.jolla.com/question/182271/filepicker-to-pick-directory/). I was able to (gently) hack the MultiFilePickerDialog to get it to work, but not without making changes to the private parts of Silica. | 08:52 |
| chriadam | cripes. ok, let me dup my device and double check | 08:52 |
| flypig | r0kk3rz, the changes are really minor, so it would be nice to be able to submit them back. | 08:53 |
| dcaliste | chriadam: the daemon is running in normal mode, not -test one. | 08:54 |
| chriadam | dup will take 3 hours as per usual due to Australian internet, so I'll get back to you tomorrow | 09:13 |
| Venemo | ouch | 09:14 |
| dcaliste | chriadam, yes, no problem. Tomorrow, I have a day meeting with colleagues anyway. Regarding the UI integration part, I've signed and sent back the contribution agreement and am waiting for veshkuh reply and guidance on next steps. | 09:16 |
| chriadam | dcaliste, fantastic. I will poke him to make sure it doesn't get left in the inbox for too long ;-) | 09:16 |
| Ingvix | Is it just me or have others lost vibration from instant messages? Is it so now that developer must define the notification to vibrate and it's not vibrating by default? | 09:16 |
| dcaliste | chriadam: thank you very much, I wish you'll be completely fine after last week. | 09:22 |
| chriadam | thanks! I hope you have a good week also :-) | 09:22 |
| tom13 | im also interested in remote applications from pc | 09:31 |
| tom13 | nxclient for android is fairly interesting | 09:31 |
| tom13 | but simply h264 streaming a window works well in a home wlan | 09:31 |
| tom13 | so script starting an app on pc, resize/move with wmctrl, grab the window and stream with ffmpeg and pipe | 09:33 |
| tom13 | but how to send keyboard mouse from sailfish to pc? | 09:33 |
| Ingvix | qremoteconnection works for that | 09:34 |
| tom13 | ty | 09:35 |
| Ingvix | no, that wasn't the name | 09:35 |
| Ingvix | qremotecontrol | 09:36 |
| Ingvix | can be found on openrepos | 09:36 |
| *** BitEvil is now known as SpeedEvil | 09:41 | |
| tom13 | i don't have this enabled in storeman / warehouse | 09:41 |
| tom13 | oh thereit is | 09:43 |
| tom13 | built server. it starts with a welcome screen but then shows nothing | 09:57 |
| Ingvix | you need to have a server on your pc | 09:58 |
| tom13 | yes on pc | 09:58 |
| tom13 | where's config for server | 09:58 |
| Ingvix | there should be an icon on your tray | 09:59 |
| tom13 | the only new binary i see is /usr/bin/qremotecontrol-server | 10:00 |
| tom13 | i don't see a ~/.config/thing | 10:01 |
| tom13 | or /etc/qremote* | 10:01 |
| tom13 | on pc | 10:01 |
| tom13 | . | 10:02 |
| Ingvix | Okay, I can't really help you with linux. I have only controlled windows with it. On windows you can edit the configs after starting the server from system tray | 10:02 |
| Ingvix | *edit the configs from system tray after starting to server | 10:02 |
| tom13 | ok opened firewall on default port | 10:02 |
| tom13 | i get motion now, but phone keyboard only creates a VVVV | 10:03 |
| tom13 | interestnig, thanks | 10:03 |
| tom13 | abcd | 10:03 |
| Ingvix | you're welcome | 10:04 |
| tom13 | 30 20:14 .Xresources | 10:04 |
| dcaliste | chriadam: hopefully you will read this tomorrow before working on my UI issue. Sorry, my bad, I didn't erase all the content of priviledged/Secrets and in fact it was just the daemon not properly starting then. | 13:55 |
| dcaliste | By nuking all the directory, it properly list the keys now in the UI, even the GPG ones with the right plugin ;) | 13:55 |
| Aberts10 | Hi | 20:02 |
| Aberts10 | I'm wondering if it's possible to use sailfish 3 on a nexus 5 device? | 20:02 |
| mal | Aberts10: probably if someone updates the port but that has to be done after sailfish 3 is released, it's not yet, maybe sometime later this year | 20:10 |
| tom13 | does sailfish wifi actively connect to APs when i dont ask it to? | 20:13 |
| tom13 | i see the wifi kill app in warehouse | 20:13 |
| r0kk3rz | yeah thats going to be mostly pointless | 20:26 |
| tom13 | what is r0kk3rz | 20:29 |
| tom13 | the wifi kill app? | 20:29 |
| xenu | tom13: it's not about preventing connecting to APs, it's about preventing scanning for APs | 20:29 |
| tom13 | ah | 20:29 |
| tom13 | i seem to recall there was passive scanning possible.. e.g. with kismet | 20:30 |
| *** feodoran is now known as Guest41527 | 23:40 | |
| *** feodoran_ is now known as feodoran | 23:40 | |
| *** feodoran is now known as Guest76881 | 23:54 | |
| *** feodoran_ is now known as feodoran | 23:54 | |
Generated by irclog2html.py 2.17.1 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!