Tuesday, 2018-06-05

*** birdzhang is now known as birdzhang_pc01:56
*** frinring_ is now known as frinring02:52
tom13Hello, I am going to travel a bit and wonder if there is an app that will scan for open WIFI and test-connect to ensure DHCP + internet is available06:19
tom13and then give me an audio alert that i have internet.06:19
tom13this might not work as well as i hope though, since  many open wifi APs present the user first with a landing page asking for agreement to policy before granting internet access06:22
r0kk3rzsounds dangerous06:56
tbrit's pretty much what android keeps doing. Just needs to fit your risk scenarios.06:57
dcalisteHello chriadam, how are you?07:04
rainemakdcaliste, hi there!07:18
dcalisteHello rainemak.07:18
rainemakdcaliste, not much has happened in the email front during last week07:19
dcalisteI guess you all have been busy with bug fixing and polishing of
dcalisteAs I posted on the gpgme PR in Github, I've finished to implement PGP signature and encryption via a plugin in secret.07:21
dcalisteIt can be tested with the secrets-tool CLI.07:21
dcalisteI have some questions regarding encryption API to chriadam, but it can wait for him being available.07:22
rainemakthank you07:24
rainemakyeah, better to ask directly from chriadam => no point that I'm a man in the middle07:24
*** SpeedEvil is now known as Guest5135907:26
dcalisteSure, thank you rainemak, see you later. Have a nice day.07:30
rainemakdcaliste, you too! have a nice day07:37
tom13itis hard to work with only 2GB on /07:57
tom13now have 21MB free and i can't find anything to delete07:57
chriadamdcaliste, sorry was sick still yesterday (and all last week).  back on deck now though :-)08:05
dcalistechriadam, I wish you feel better.08:06
chriadamcheers, mostly recovered now :-)08:09
dcalisteDo you have time for some questions?08:11
dcalisteAs said to rainemak before, I've finished to implement PGP signature and encryption via a plugin in secret. It can be tested via secrets-tool CLI.08:15
dcalisteAbout encryption, the API of decrypt() suggest that it's encryption + signature, or returning VerificationUnknown to status will mean in decrypt() that data are simply decrypted but there was no signature?08:16
chriadamI saw there was a PR to allow passing custom parameters for various calls - I haven't had a chance to review that one yet08:17
chriadamdcaliste, some block modes (like GCM) allow "authenticated" encryption/decryption08:17
r0kk3rzbtw who is best to talk to about sailfish-secrets stuff?08:17
dcalisteYes, there is this PR also, it's not very important. It is there more to be feature complete and being able to pass options to GnuPG.08:17
chriadamso if the block mode is an authenticated mode, then there will be a verified output also; but if the block mode is not authenticated (e.g. CBC etc, or asymmetric like RSA) then there will not be such verified output.08:18
chriadamr0kk3rz, in terms of implementation, or in terms of roadmap?  the former: me.  the latter: veskuh.08:18
dcalistechriadam, yes PGP allows also encryption + signature. So here my question: encryption is done with public key of recipient, while signing is done with private key of signer. But there is only one key parameter, how can I do?08:19
chriadamdcaliste, the API doesn't support using two separate asymmetric keys for this operation.  I guess you could "hack" it to work by accepting the signing key as authenticationData or similar, but I would not suggest that..08:21
chriadamdcaliste: instead, probably best to require the client to do it as two calls.  one: encrypt with remote public key.  two: sign with local private key.08:21
dcalisteI was thinking to pass the signing key (well it's identifier since GnuPG plugin never "leak" private data anyway into sailfish-secret) in customparameters. But it's kind of ugly and I don't know how to integrate well this in the UI.08:23
dcalisteRegarding UI, my second question: I've installed settings-secrets-ui, and see the key entry in settings. But in the page, I have only an unlock button, while I didn't set any lock anywhere.08:24
dcalisteI don't see option to create a key, list keys… Maybe it's behind the unlock button, or not implemented yet. I wanted to test the integration of GnuPG stuff through the UI also.08:25
chriadamdcaliste, there's no capability from the UI to relock a plugin once unlocked.  the UI is ... very primitive currently, due to time pressure for 2.2.0 schedule.08:26
chriadambut the unlock button should only appear if your plugin is reporting its state as locked()08:27
chriadamcollections and keys should automatically be populated from a plugin if the plugin is not locked08:27
chriadam(individual collections may themselves be locked, they will show up with a little padlock)08:28
chriadamto test, you can e.g. run the secretsd with --test, and then add a bunch of keys to the default sqlcipher plugin via the secrets-tool08:28
chriadamthen open the settings Keys page08:28
dcalisteYes, I understand, I don't blame anyone ;) Just I'm stuck on the "unlock" button that I don't know what to type there since I've never defined any lock. The lock button is for the master lock I guess. Anyway, I can wait to have access to the sources via the convention to see why I have only this unlock button.08:29
dcalisteI'll try with running the daemon with --test indeed.08:29
chriadam... that scares me08:29
chriadamrainemak: is it possible that the data corruption prevention PR caused a regression here?  I haven't had a chance to test it yet...08:30
chriadamdcaliste: are you using the latest version from git?  you would need to rm -rf your privileged/Secrets folder I guess, since Venemo's PR wasn't backwards compatible with previous databases etc (the cipher lock file is now in a separate directory etc)08:31
chriadamafaik, I haven't tested it personally yet.08:31
dcalisteAbout the encryption API, the intended use case is A and B sharing a common private/public key, so A can encrypt (public part) and sign (private part), send the data to B and B can decrypt (private part) and verify (public part)?08:31
Venemochriadam: we had a discussion about that with rainemak and decided that we don't wanna be backwards compatible with something that was never actually released08:31
rainemakchriadam, what what? dcaliste you need to nuke your old privileded Secrets08:31
dcalisteAbout the latest version, yes I've already removed the directory so the work from Venemo is working.08:32
chriadamVenemo, rainemak: right, not being backward compatible is fine.   but does it work _afterwards_?08:32
chriadamif it shows the master as being locked, even if no master lock has been set, well... that is very bad (tm)08:32
rainemakchriadam, I see "Change code"08:33
dcalisteMaybe I'm wrong but in French, it's written "verrou principal" which means master lock.08:33
Venemochriadam: I'm not aware of that issue08:33
dcalistechriadam, I can investigate further as soon as I can access the secret-ui sources.08:34
rainemak"Master lock" section is there always afair... Under that you can "Change code" if you haven't used that before or "Enter code" if it is already in use and locked08:34
chriadamdcaliste: could just be a translation issue (e.g. unclear messages) as opposed to an actual issue.  try adding some keys to the default sqlcipher plugin via the secrets-tool, and see if they show up in the Keys page.08:34
dcalistechriadam, ah I see. Going to do that today or tomorrow and will report.08:35
dcalistechriadam, am I right in my understanding of the encryption use case described at 10:31?08:36
chriadamdcaliste: that's one use case, definitely.  e.g. you can share your public key to someone else via .pem file, and vice versa.08:37
chriadamthere is no automatic (PKI) lookup and population of keys, yet, but that's something which could possibly be implemented in the future.08:38
dcalistechriadam, my problem is that as far as I understand, B needs the private key to decrypt, no ?08:38
flypigDoes anyone have any insight into whether Jolla accepts 'pull requests' for the parts of Silica not in their github repo? Are they open to suggestions of putting new components on github?08:39
chriadamdcaliste: yes, you encrypt with the public key, and then they decrypt with the private key.  if the key is shared (i.e. they both know the public and private key parts - which is weird, but I guess possible) then they can both encrypt and decrypt (although in that case I'd suggest just using a symmetric key, shared via key exchange)08:40
r0kk3rzflypig: currently no, but there is a much rumoured contributors agreement supposedly coming soontm08:40
chriadamflypig: you'd need to talk to veskuh about that I guess.08:40
dcalisteSo my concern is that A needs the private key to sign, and B needs it to decrypt. So the private key is in two places, which is not adviced I think.08:41
r0kk3rzflypig: i was thinking we need a public repo of community curated components, because theres a bunch about the place already08:41
dcalisteThus my first question, encrypt() have one key argument, so to sign and encrypt it means that the private key is shared between the two persons which is weird.08:42
flypigr0kk3rz, chriadam, thanks for clarifying. I like the idea of a community repo. But that only solves some of the problem (it wouldn't allow extension of existing components, no?)08:42
chriadamdcaliste: normally they each would have their own, separate keys.  e.g. person A would have a key (A.Pub + A.Priv) and person B would have a key (B.Pub + B.Priv).08:43
chriadamdcaliste: so when A wants to send a file to B, they would encrypt the file with B.pub, and sign it with A.priv08:43
chriadamdcaliste: then B uses B.priv to decrypt the file, and checks that it verifies with A.pub08:43
chriadamso A knows A.pub+A.priv+B.pub08:43
chriadamand B knows B.pub+B.priv+A.pub08:43
dcalisteindeed, but there is only one key argument to the function…08:43
chriadamdcaliste: yes, as mentioned the client needs to perform two separate calls - the first to encrypt, the second to sign08:44
flypigr0kk3rz, every time I get back to developing Silica stuff, I end up having to rewrite components that everyone else must also have re-written hundreds of times.08:44
r0kk3rzflypig: yeah most likely08:44
tom13maybe the wifi scanner could be written entirely in bash.. using iw.. and other shell commands08:45
flypigchriadam, can you clarify about veskuh? Is s/he a sailor?08:45
dcalistechriadam, ah ok. Can I add a encryptAndSign() API ? GnuPG can do it in one call. Does it make sense?08:45
r0kk3rzflypig: veskuh is jolla project manager iirc08:45
flypigr0kk3rz, great thank you. Is this the sort of thing to bring up at the community meetings?08:46
chriadamdcaliste: I'd prefer not to at this point, personally (until we have more backends that support this same thing).  I mean, there's no harm in creating a PR for this, but not sure it would be accepted.08:47
flypigr0kk3rz, thanks!08:47
chriadamdcaliste: primarily because it would add another request type, and plumbing to the daemon, but doesn't actually offer any new functionality (i.e. it just wraps two calls into one, without offering anything "new" as far as I can see)08:48
dcalistechriadam: ok, no problem, just wondering.08:48
r0kk3rzflypig: btw theres also a whole bunch of undocumented things so if you're struggling with something then mention it here08:48
dcalistechriadam: I'll slightly adjust the GnuPG plugin accordingly. So the work on the public open source part is mostly done for PGP.08:51
chriadamfantastic.  hopefully this week I will be able to review it thoroughly and test08:51
dcalistechriadam: trying to create a collection on device with CLI, I obtain « Error: Sailfish::Secrets::Result::ErrorCode(SecretsDaemonLockedError) "The secrets database is locked" »08:51
flypigr0kk3rz, thanks. Today it's a component to select a directory (there's already a Together post about it: https://together.jolla.com/question/182271/filepicker-to-pick-directory/). I was able to (gently) hack the MultiFilePickerDialog to get it to work, but not without making changes to the private parts of Silica.08:52
chriadamcripes.  ok, let me dup my device and double check08:52
flypigr0kk3rz, the changes are really minor, so it would be nice to be able to submit them back.08:53
dcalistechriadam: the daemon is running in normal mode, not -test one.08:54
chriadamdup will take 3 hours as per usual due to Australian internet, so I'll get back to you tomorrow09:13
dcalistechriadam, yes, no problem. Tomorrow, I have a day meeting with colleagues anyway. Regarding the UI integration part, I've signed and sent back the contribution agreement and am waiting for veshkuh reply and guidance on next steps.09:16
chriadamdcaliste, fantastic.  I will poke him to make sure it doesn't get left in the inbox for too long ;-)09:16
IngvixIs it just me or have others lost vibration from instant messages? Is it so now that developer must define the notification to vibrate and it's not vibrating by default?09:16
dcalistechriadam: thank you very much, I wish you'll be completely fine after last week.09:22
chriadamthanks!  I hope you have a good week also :-)09:22
tom13im also interested in remote applications from pc09:31
tom13nxclient for android is fairly interesting09:31
tom13but simply h264 streaming a window works well in a home wlan09:31
tom13so script starting an app on pc, resize/move with wmctrl, grab the window and stream with ffmpeg and pipe09:33
tom13but how to send keyboard mouse from sailfish to pc?09:33
Ingvixqremoteconnection works for that09:34
Ingvixno, that wasn't the name09:35
Ingvixcan be found on openrepos09:36
*** BitEvil is now known as SpeedEvil09:41
tom13i don't have this enabled in storeman / warehouse09:41
tom13oh thereit is09:43
tom13built server.  it starts with a welcome screen but then shows nothing09:57
Ingvixyou need to have a server on your pc09:58
tom13yes on pc09:58
tom13where's config for server09:58
Ingvixthere should be an icon on your tray09:59
tom13the only new binary i see is /usr/bin/qremotecontrol-server10:00
tom13i don't see a ~/.config/thing10:01
tom13or /etc/qremote*10:01
tom13on pc10:01
IngvixOkay, I can't really help you with linux. I have only controlled windows with it. On windows you can edit the configs after starting the server from system tray10:02
Ingvix*edit the configs from system tray after starting to server10:02
tom13ok opened firewall on default port10:02
tom13i get motion now, but phone keyboard only creates a VVVV10:03
tom13interestnig, thanks10:03
Ingvixyou're welcome10:04
tom13 30 20:14 .Xresources10:04
dcalistechriadam: hopefully you will read this tomorrow before working on my UI issue. Sorry, my bad, I didn't erase all the content of priviledged/Secrets and in fact it was just the daemon not properly starting then.13:55
dcalisteBy nuking all the directory, it properly list the keys now in the UI, even the GPG ones with the right plugin ;)13:55
Aberts10I'm wondering if it's possible to use sailfish 3 on a nexus 5 device?20:02
malAberts10: probably if someone updates the port but that has to be done after sailfish 3 is released, it's not yet, maybe sometime later this year20:10
tom13does sailfish wifi actively connect to APs when i dont ask it to?20:13
tom13i see the wifi kill app in warehouse20:13
r0kk3rzyeah thats going to be mostly pointless20:26
tom13what is r0kk3rz20:29
tom13the wifi kill app?20:29
xenutom13: it's not about preventing connecting to APs, it's about preventing scanning for APs20:29
tom13i seem to recall there was passive scanning possible.. e.g. with kismet20:30
*** feodoran is now known as Guest4152723:40
*** feodoran_ is now known as feodoran23:40
*** feodoran is now known as Guest7688123:54
*** feodoran_ is now known as feodoran23:54

Generated by irclog2html.py 2.17.1 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!