Thursday, 2022-01-27

« Wednesday, 2022-01-26 Index Friday, 2022-01-28 »
hallynhi - pulled out my old xperia x with sailfish 3.4.0.24.  Want to get it on wifi to upgrade, but wifi wont' connect...  i was able to get usb networking before.  Is there a way to take one of the files from Sailfish_OS-Jolla-4.3.0.12-f5121-0.2.3.8.zip and use it locally to update?04:09
grywhy not get usb networking working again? then do the upgrade, and after the upgrade maybe wifi will start working04:17
hallynoh, interesting.  doing "connect to network" and picking an available network would not give me password prompt;  doing "add network" from settings told me "could not add network".  but if I then go to "advanced" from "add network", it let me add network, and it connected.04:17
hallyngry: well for some reason i wasn't able to get *past* the laptop.  Did set up a masq rule on laptop and default ip route on the phone, but it wouldn't get past.  But I think I'm good now - thanks.04:18
hallyn(I'd previously spent 2hrs plugging in and unplugging trying to figure out why it wouldn't turn out, only to finally remember there was something about 'lipstick' causing screen to always be blank.  That's when I noticed usb network was active)04:20
hallyns/wouldn't turn out/wouldn't turn on/04:20
gryhallyn: looks like some bug in the gui for wireless?04:36
hallyngry: yeah it does, but it's 3.2 so i won't worry about it until i see the same after upgrade.04:43
thilo[m]Is there already a statement from jolla regarding pwnkit somewhere? Will there be one soon?08:56
thilo[m]Anyone knows where to contact jolla regarding security related issues? The public forum seems to be the wrong place, but they also do not seem to have any separate communication channel for that. Just info@jolla.com?13:26
malthilo[m]: jolla knows about the issue and will be fixed in next release13:40
thilo[m]@mal: thanks for the response. I'll disable app updates until then. Guess you're having a busy time now. Good Luck. If there is any usable intermediate mitigation let us know.14:00
henkthilo[m]: any specific scenario you are concerned about? i.e. why disable updates?14:01
thilo[m]henk: just a bit paranoid about new code from untrusted sources (e.g. openrepos)14:08
Nicothilo: There is probably nothing new the applications can do, since the installation of the apps is done as root and as such they can run arbitrary scrips and install arbitrary services14:09
thilo[m]Hm, yes, you're probably right14:11
thilo[m]Interesting, I assume that is subject to change, as otherwise sailjail would have a pretty obvious security flaw14:14
NicoWell, such applications wouldn't be allowed in harbour14:22
NicoAlso the sandboxing by default in a future release should also make issues like the current one harder to exploit14:22
thilo[m]Nico: I would be suprised if there would be a good protection against arbitrary code execution. Just let the malicous code be disabled until a certain date is reached and it would only be found after it caused harm14:24
thilo[m]Or do you mean, that no applications would be allowed that have e.g. post install scripts?14:24
NicoYeah, no applications with malicious install scripts are allowed14:25
NicoSo all code runs sandboxed as a user after the install and the install can be audited14:25
thilo[m]How do you detect if a script is malicous?14:26
NicoYou probably read it14:26
thilo[m]I hope then that jolla is better at auditing than e.g. Etherscan with the $YEAR token14:28
thilo[m]however, I don't really want to get into this discussion. Security is always relative and I guess jolla has good reasons to do what they do14:29
thilo[m](link for reference: https://twitter.com/cat5749/status/1476813266462539779)14:29
henkthe sad truth is, though, that most people do not have the slightest clue what they are doing d-:14:44
henkand security is almost always treated as an afterthought … it’s not clear that some bug is a security issue? meh, fuck it, we’ll get to it at 3pm in january of the year 58429. maybe february.14:45
henkthat won’t be much different at jolla than it is anywhere else …14:45
hallynoh no - the fourth and final os update failed to initiate reboot when done.  Which would be ok except battery is 100% full, and power button is broken.14:50
hallynMaybe it was all for naught anyway - can anyone confirm/deny whether sailfish on the sony xperia x f5121 is capable of VoLTE?  (I had assumed it was, but apparently android on that was not, although the SoC is capable)14:50
hallynuh, re pkcon, i'd recommend chmod u-s /usr/bin/pkexec until that update arrives...14:55
NicoWell, you need local code execution perms to exploit it already, don't you?14:56
hallynyes.15:01
NicoThen it probably doesn't change much for me ;p15:05
hallyni just ...  i guess i'm more pessimistic than you are :)  do you have ssdh_config at least set to disable password login?15:05
hallynnah you're probably right.15:08
NicoYeah, also a random port because it reduces login attempts a lot15:09
hallynso ...   is there any other way i can reboot this thing?  While it has the sailfish os black update screen with full progress bar?  I aassume it won't setup local usb network if i plug it in...15:15
hallyntried inserting bogus sim card, was hoping that would reset something15:16
NicoJust long press the power button?15:17
NicoAlternatively power + one of the volume keys15:17
b100dian[m]hallyn if you connect usb cable do you have a network interface appearing on your computer? Or is that only if you have developer mode enabled :-?15:21
hallynb100dian[m]: That happened before, yes. But (just checked) not right now :(  I guess it's  not running a full os stack.15:24
hallynNico: there's the rub, power button is broken.15:24
NicoTake out the battery?15:24
hallynnot user servicable on xperia x :(15:25
hallynneed something fancier :)  like a special reset code i can send out over /dev/usb :)15:25
hallynthis all would be moot if f(x)tec would ship their phones.  i just needed a stop-gap!15:25
NicoWell, you need to take it apart to repair the power button anyway ;p15:25
hallyntechnically i was ok without a power button :)15:26
NicoClearly you are not okay with it now!15:26
hallynuntil now.15:26
hallynwell if the os update would reboot when it wants to reboot i would still be ok :)15:26
hallynall right so it sounds like i'm out of luck.15:27
NicoYou could wait for the power to run out15:27
b100dian[m]Xperia 10 would have been dead by tomorrow:)15:27
hallynThat's the current plan15:27
NicoHow do you even activate the screen?15:27
hallyndouble-tap15:27
Nicohuh15:27
NicoHow do you boot, after the power ran out?15:28
hallynplug it in.15:28
b100dian[m]F(x)tec changed chipset, right?15:28
hallynyeah i wouldn't mind tkaing it apart - but it's glued together and *that* i do not want to deal with.15:28
Nicoplugging it in only puts me on the charging screen15:28
hallynb100dian[m]: yeah.15:28
NicoThe glue is really easy to remove, I did it by accident ;p15:28
hallynNico: it has to be close to full battery for it to turn on, but it does turn on for me.15:28
NicoIt is just annoying having to buy new glue for 3 bucks15:29
hallynHm.  Then how do you re-glue it15:29
hallynok15:29
NicoI just used tape most of the time :D15:29
hallynwell if VoLTE might not work anyway then it's just not worth it.15:29
dokterkat[m]You can heat it up with a hair blower and try to put it back together when it’s still hot15:29
NicoThen I had one of the few xperia X compacts with removable battery!15:29
hallynnice15:29
hallyndual sim?15:30
NicoNo15:30
Nico500gb micro SD card ;p15:30
hallynwhat even do yo udo with that :)15:31
NicoI digitized all my CDs as flcac15:31
Nico*flac15:31
thilo[m]you dont need a mobile connection if you can download the whole internet onto the sdcard i guess ;)15:31
thilo[m]ah, also nice ;)15:32
NicoI had a few ISOs on it to boot linux distros too15:32
hallynis the heaphone amp good enough on that thing to tell?  (must be,...)15:32
NicoNo15:32
hallynoh :)15:32
NicoBut why lower the quality15:32
hallynmedia server then?15:32
NicoWell, you can tell if an mp3 is crappy15:32
hallyni dunno - i riped my cds 20 years ago, flac was just not an option then15:32
NicoBut high quality mp3s don't really make a difference to flacs15:32
hallyni should re-rip one day.15:33
NicoBut if I have the storage...15:33
hallynyeah15:33
maljust fyi https://github.com/sailfishos/polkit/pull/316:11
*** Malinux- is now known as Malinux20:08
hallyn(phone still going strong...  would you just run out of battery already!)20:40
gryhallyn: what kind of device have you got?20:53
hallynsony xperia x f512120:54
gryvery nice. does it have a loud speaker and good audio? i heard sony are good with audio20:59
hallyni think it was ok - but i've not had it running in a year and for a year before that my daughter had it (running sailfish).  But right the power button is broken and update got hung at reboot so i can't check until it runs out of battery :)22:19
hallynthis is why i don't like offline updaters.  had a mac for a year and i culdn't STAND that.  let me have system access while the update runs22:20
grywow this is a lot of information22:22
grypower button broken - wait for battery to go flat- then boot - this isok22:22
grywhat was wrong with that mac exactly? and what's wrong with offline updaters?22:23
hallynthe fact that i can't be o the system while it's being updated :)  if i could log into the salifish right now, i could reboot :)22:25
hallynwell hopefully by morning batt will be dead22:26
gryoh right, i don't think i saw an offline updater before, then22:26
grymaybe windows is like that. but it at least reboots itself. it doesn't prompt for the user to reboot22:26
hallynwell sailfish doesn't prompt for me to reboot either - it just messsed up and forgot to reboot, so it's sitting at the "100% done upgrading" screen :)22:28
grytake the battery out?22:29
gryor it is forced to be inside22:29
« Wednesday, 2022-01-26 Index Friday, 2022-01-28 »

Generated by irclog2html.py 2.17.1 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!