<unkn0wn77>
Hi, any link to kernel sources? (ref: @hanno at twitter, saying you're making it right where blackberry blew it up (gr-not-enforcing-sec kernel))
SylvieLorxu has quit [Ping timeout: 246 seconds]
ploopkazoo has quit [Quit: ZNC - 1.6.0 - http://znc.in]
ploopkazoo has joined #neo900
SylvieLorxu has joined #neo900
pozitrono has quit [Ping timeout: 260 seconds]
Mentalysion has joined #neo900
pozitron has joined #neo900
baum has joined #neo900
baum has left #neo900 ["WeeChat 1.3"]
rjeffries has quit [Ping timeout: 240 seconds]
SylvieLorxu has quit [Remote host closed the connection]
<DocScrutinizer05>
unkn0wn77: well, "THE kernel"
paulk-collins has quit [Ping timeout: 240 seconds]
SylvieLorxu has joined #neo900
<DocScrutinizer05>
there's also a maemo kernel which is a mainline kernel with some Nokia patches that once were not upstreamed to mainline. Some never will since they don't match the mainline kernel coding rules
<DocScrutinizer05>
re "gr-not-enforcing-sec kernel" I don't know exactly what you refer to with this, but actually a lot of devices have a free kernel that nevertheless is running in a "secure mode" device or whatever is the proprietary name for it in the platform you're looking at.
SylvieLorxu has quit [Client Quit]
<DocScrutinizer05>
~wiki tivoization
<infobot>
At https://en.wikipedia.org/wiki/Tivoization (URL), Wikipedia explains: "'Tivoization' {{IPAc-en|ˈ|t|iː|v|oʊ|ɨ|ˌ|z|eɪ|ʃ|ən}} is the creation of a system that incorporates software under the terms of a copyleft software license (like the GPL), but uses hardware restrictions to prevent users from running modified versions of the software on that hardware. Richard Stallman coined the term in reference to TiVo's use of GNU GPL licensed s
SylvieLorxu has joined #neo900
paulk-collins has joined #neo900
stefek99 has quit [Quit: Connection closed for inactivity]
<DocScrutinizer05>
unkn0wn77: maybe you specify a bit more precisely what you want to know, so I (or somebody more savvy than me) can provide better more helpful answers
<DocScrutinizer05>
unkn0wn77: regarding "we do it right", we're just fed up with android devices that, despite allegedly based on linux and being FOSS, have so many closed blobs that you hardly can keep your system up to date when the manufacturer of your hardware stops support. Or even worse you have a Android platform that is tivoized and you couldn't apply patches to it even when the system that's running on it was bleeding edge
<DocScrutinizer05>
unkn0wn77: we're not selling subsidized hardware that is meant to make money on a "ecosystem" like appstore and spying on everything you do. Or like a coffeemachine or a inkjet printer where the machine is ridiculously cheap and ink-tanks or capsules cost you an arm and a leg.
<DocScrutinizer05>
unkn0wn77: we simply send a plain hardware that is (almost, as much as possible) completely open so you can do with it whatever you want, including running plain linux or android on it
<DocScrutinizer05>
s/send/sell/
<DocScrutinizer05>
there are a very few things we cannot provide, and we have no choice to use another hw component where the manufacturer would offer better documentation that would meet our requirements regarding cmplete openness particularly regarding documentation: the PVR GFX in SoC, the WWAN modem, the WiFi module. All three come with closed blob support by manufacturer and we can't provide open FOSS firmware for them
<DocScrutinizer05>
nevertheless they are sufficiently documented to consider them a blackbox and not worry much about the closed firmware they are running on. We however also take all possible measures to successfully guarantee that those subsystems never will misbehave in a rogue way, so you really don't need to worry much about them
Mentalysion has quit [Remote host closed the connection]
itbaron has joined #neo900
pozitron has quit [Ping timeout: 250 seconds]
<DocScrutinizer05>
for updating your Neo900 system you use same tools as with any arbitrary linux system, be it apt or dpkg or rpm or whatever. For updating the kernel you *might* use mtdutils from within a working system, or you use a flashing function in bootloader (uBoot). For flashing/updating uBoot you use ROMBOOT which is implemented in SoC, and to defend against "evil maiden attack" you can block that ROMBOOT flashing option with a jumper inside the
<DocScrutinizer05>
device, so it needs complete disassembly of the device to re-enable it. Complete disassembly includes shutdown of system, so you at least from uptime could even tell when the evil maiden had hours of unattended time with your Neo900, simply by controlling the uptime and existence of e.g. a volatile secret the system stores in RAM.
<DocScrutinizer05>
defending against all the other threats coming via vectors except the last mentioned one is completely under your own control
<DocScrutinizer05>
e.g. you can have a password in uBoot that protects flashing the kernel. And of course all your apt/dpk/rpd etc is protected by the age old usual permission&authentication system of unix
<DocScrutinizer05>
rpm*
<DocScrutinizer05>
so to change anything from within the running system you need root password, for flashing a new kernel you need uBoot password, and to install a new uBoot you might need to disassemble the complete device unless you have a working uBoot already, plus the password uBoot asks for
<DocScrutinizer05>
enyc: I'm trying to overcome some stress induced health problems
<DocScrutinizer05>
otherwise fine
<Arch-TK>
DocScrutinizer05: PP status report?
<Arch-TK>
no news so far I imagine.
<DocScrutinizer05>
no news since I reported yesterday
<Arch-TK>
ok
<Arch-TK>
DocScrutinizer05: you should take a holiday, unplug your internet and find a book for a week, watch some TV, go for a walk.
<Arch-TK>
You can't do much without the money and nothing urgent is likely to happen.
jonsger has quit [Quit: jonsger]
<DocScrutinizer05>
already managed
<DocScrutinizer05>
2 more weeks and then my GF will kill me if I'd dare to have a look at IRC
<Arch-TK>
:P
<DocScrutinizer05>
however I'd really like to start something before I leave for first holiday this year. E.g. KS campaign, or discussion about whether we should go KS, or whatever
<Arch-TK>
Something like KS will work, as long as there's publicity for it.