/srv/irclogs.ubuntu.com/2016/02/03/#ubuntu-touch.txt

=== bshah_ is now known as bshah
=== chihchun_afk is now known as chihchun
=== M-davidar is now known as davidar
JamesTaitGood morning all!  Happy Wednesday and happy Carrot Cake Day! 😃09:31
=== chihchun is now known as chihchun_afk
=== chihchun_afk is now known as chihchun
=== kawan__ is now known as kawan
=== lotuspsychje_ is now known as lotuspsychje
=== JamesTait is now known as Guest83722
=== _salem is now known as salem_
=== mzanetti_ is now known as mzanetti
=== dandrader is now known as dandrader|afk
=== chihchun is now known as chihchun_afk
=== alan_g_ is now known as alan_g|lunch
=== marcusto_ is now known as marcustomlinson
=== alan_g|lunch is now known as alan_g
=== dandrader|afk is now known as dandrader|lunch
zaolinhttp://www.golem.de/news/smartphone-security-root-backdoor-macht-mediatek-smartphones-angreifbar-1602-118888.html14:22
zaolinuiui14:22
zaolinhttps://twitter.com/jcase/status/687151870255755264?lang=de14:23
ogra_zaolin, yeah ... but not really harmful in ubuntu14:23
ogra_(apps cant access the property system, you would have to have shell access to abuse it)14:23
zaolinorga_: I guess so because of the lxc container. Did Canonical disable the debug feature ?14:27
ogra_zaolin, that has nothing to do with the container the app and security concept is simply different... to have someone abuse it you would have to hand him/her your phone with an unlocked terminal app open ... or hacve enabled ssh access and handed someone your secret ssh key .... or have developer mode enabled and given them the unlocked phone to access it via adb ...14:29
ogra_i think the container still has devel enabled and it is surely a bug that it does ... but it isnt really critical due to the above14:30
matv1that #reinvent campaign. Is it a smartwatch?14:32
zaolinorga_: Does a security target or detailed security architecure overview exists for ubuntu touch ?14:33
ogra_zaolin, it surely does, ask the security team ... i guess jdstrand could point you somewhere14:35
ogra_essentially apps cant access anything outside their workdir though14:36
ogra_or exec processes outside of it14:36
zaolinorga_: ah thanks14:39
ogra_the adb hack they describe wouldnt work on ubuntu, our adb is patched to always check if the screen is unlocked before letting you in .... so even with that hack you would first have to unlock the screen witrh your PIN or password14:40
ogra_(and thats the only possible remote expliot they describe)14:40
=== dandrader|lunch is now known as dandrader
jdstrandzaolin: fyi, https://wiki.ubuntu.com/SecurityTeam/Specifications/ApplicationConfinement15:23
=== ecloud_ is now known as ecloud
zaolinjdstrand: thank you ^^15:41
zaolinjdstrand: Will be there data encryption or FDE in the future ?15:54
ogra_zaolin, once the phone switches to snappy a s a base full disk encryption will come for free15:54
* ogra_ isnt sure anyone will work on implementing that in the current system-image based setup ... it would be throw-away work15:55
=== kenvandine__ is now known as kenvandine
jdstrandogra_: well... that depends16:02
jdstrandzaolin: data encryption is planned at some point, yes16:02
ogra_jdstrand, well, given the manpower and given the many issues with existing features it would be a waste of time16:02
ogra_but indeed, up to the managers ;)16:03
jdstranddepending on what would be implemented, it wouldn't be a waste of time16:03
jdstrandie, encrypted home would work either way16:03
ogra_snappy will encrypt all of 7writable at some point16:03
ogra_*/writable16:03
zaolinjdstrand: Does snappy uses cryptsetup or is it filesystem encryption ?16:04
ogra_(which is essentially full disk encryption since the squashfses all live in /writable now)16:04
jdstrandI don't know the details of that, but fde is fine for a single user system, but doesn't help for encrypting differently per user16:04
jdstrandzaolin: atm, neither16:04
jdstrandput it another way16:05
ogra_it is a longstanding TODO item ;)16:05
jdstrandtouch is lacking per-user data encryption. that is still something desirable on Touch and Ubuntu Personal (snappy)16:06
pmcgowanogra_, did you lose the internal irc server or is it just me?16:06
ogra_pmcgowan, i'm, in16:06
seb128pmcgowan, just you16:06
pmcgowanhmm16:06
jdstrandwhat that will look like and when it will be implemented is TBD16:06
* ogra_ still thinks the switch to snappy will happen before that and give us fde 16:07
ogra_(whi9ch is sufficient on single user phones ... not so much in multi user envs indeed)16:08
zaolinjdstrand: Yep but filesystem encryption sucks. Ext4 enc. is currently shit and encfs, ecryptfs should be used.16:10
zaolin* shouldn't16:10
tyhickszaolin: what are the issues with ext4 encryption?16:13
zaolintyhicks: Google didn't finished the implementation and it currently leaks meta data. It will need some time to get matured.16:14
tyhickszaolin: what metadata is leaked?16:14
zaolintyhicks: Take a look at the slides http://kernsec.org/files/lss2014/Halcrow_EXT4_Encryption.pdf16:17
ogra_from 2014 ?16:18
zaolintyhicks: They wanted to impl. it in steps. I don't now the current state but my first rule for applied cryptography is: Don't trust fde software which is younger than 5 years16:19
tyhicksfile size, name, and perms are metadata that's typically leaked with file level encryption16:19
tyhickszaolin: Ok, thanks. I was just wondering if you had any solid gripes that I could pass on to the ext4 crypto developers.16:19
tyhicksThey're aware of and accept the metadata leaks that you mentioned and there's obviously nothing they can do about your 5 year rule.16:20
ogra_heh16:22
ogra_time machines ftw :)16:22
zaolintyhicks: Yeah it will mature and on some point it will replace encfs and ecryptfs.16:22
tyhickszaolin: that's the hope16:22
dobeyeh, /dev/null is the only secure encryption :)16:23
ogra_sudo mount /dev/null /16:24
ogra_?16:24
zaolinI guess it's a step into the right direction anyway.16:24
dobeyogra_: writing all your sensitive data to /dev/null. nobody will ever get it out, not even you!16:25
ogra_!16:25
ogra_indeed ...16:25
zaolinDoes ubuntu touch uses the trustzone for key management ?16:25
ogra_... you shoudl blog about that16:25
tyhickszaolin: no16:26
zaolinThat would be also interesting to combine it with the selected encryption solution16:26
ogra_zaolin, i dont think so (though the only key i'm aware of currently in use is the 2Fa token for the ubuntu one account for the store)16:26
coretex__can i move the launcher to the right?16:27
ogra_(well ... and perhaps ssh keys but they use the known directories)16:27
* coretex__ j/k16:27
ogra_coretex__, nope16:27
coretex__ogra_, thanks!16:27
coretex__:))16:27
ogra_:)16:27
dobeyogra_: online-accounts has several credentials16:27
ogra_coretex__, you can lock the screen rotation and hold it upside down ;)16:27
coretex__lol16:27
dobeyit should be theoretically possible to write a gnome-keyring backend that uses the hardware assisted credentials storage though16:28
zaolinIt would be good to bind the encryption to the hardware itself. So you can stop bruteforce attacks on short passwords16:28
ogra_zaolin, as long as we use 4 digit pins for everything thats rather moot ... but yeah16:28
ogra_:)16:28
ogra_(currently your PIN is also your sudo password for example ... that is changing though)16:29
dobeyeh, anything that requires the user to retain knowledge of a token, is breakable16:29
zaolinMaybe you should take a look at the android key derivation process for disk encryption. They did some good stuff. I guess using argon2 as key derivation function would be better than scrypt: https://android.googlesource.com/platform/system/vold/+/master/cryptfs.c16:32
=== dandrader is now known as dandrader|afk
ogra_if thats usable out of the vold context ... why not16:35
ogra_or out of the android context i should have said :)16:35
zaolinorga_: It's more about the concept itself than the code. But sure you could use around 70% of the code.16:39
=== dandrader|afk is now known as dandrader
=== alan_g is now known as alan_g|EOD
kastegirCan anyone assist me with an install issue?19:48
=== aaron- is now known as ahoneybun
kastegirCan anyone assist me with an install issue?19:57
dobey!ask | kastegir19:58
ubot5`kastegir: Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) See also !patience19:58
stakewinner00_where are the logs of music app?20:00
ahayzenstakewinner00_, most likely here /home/phablet/.cache/upstart/application-click-com.ubuntu.music_music_2.3.964.log20:01
stakewinner00_thanks, i was searching on .local20:01
kastegirI am trying to install ubuntu touch to my Nexus 7 (2013) All went well until the ubuntu-device-flash portion. On the workstation all seemed to go fine but when the tablet rebooted it is stuck in recovery mode with tons of e2fsck error 8s20:01
stakewinner00_ahayzen, i can't find ~/.cache/upstart/application-click-com.ubuntu.music* is there another place?20:04
ahayzenstakewinner00_, not for the music-app, try doing $ ls ~/.cache/upstart | grep music20:04
stakewinner00_nothing, about 3 or hours the music app crashes, there are some "autoclean"¿?20:07
ahayzenstakewinner00_, try running the app again, or maybe it isn't even getting to the point of the app starting?20:07
stakewinner00_ahayzen, it crashed when scrolling the list of artist, normally don't crasehs, but sometimes does20:08
ahayzenhmm, so there should be a log20:08
ahayzenafter each reboot the logs get rotated IIRC20:08
stakewinner00_i restarted music app, now there are a log20:09
stakewinner00_can i configure remote logging without touching too much?20:14
stakewinner00_music app seems to be very buggy with the last update. Now i reopen music app, it doesn't crash yet, but there a lot of error messages20:18
ahayzenstakewinner00_, can you copy the output to pastebin ?20:18
stakewinner00_84 messages of libust[20770/20799]: Error: Error opening shm /lttng-ust-wait-5-32011 (in get_wait_shm() at lttng-ust-comm.c:958) and similar, is this normal?20:18
ahayzenstakewinner00_, yeah that is normal, and isn't an issue20:18
ahayzenstakewinner00_, bug 140430220:19
ubot5`bug 1404302 in webbrowser-app (Ubuntu) "liblttng-ust0 Error opening shm /lttng-ust-wait-5" [High,Confirmed] https://launchpad.net/bugs/140430220:19
stakewinner00_i'll try to reproduce the last crash20:19
ahayzenthanks, stakewinner00_ please report a bug against the music-app with the log attached if you do :-)20:20
ahayzenand if any .crash files appear in /var/crash they maybe useful20:20
kastegirSorry new error Failed to copy version-5.tar.xz to '/cache/recovery/': Is a directory20:23
stakewinner00_now it crashed, that happended a lot of time,   some songs caused music app to stop working, and i have to close it and start it again, i 'll see if this is a know issue20:24
ahayzenstakewinner00_, there are bug such as bug 1449790 which could be causing some of the issues20:24
ubot5`bug 1449790 in qtubuntu-media (Ubuntu RTM) "Fails to play a file with a # (hash symbol) in the path" [Low,Triaged] https://launchpad.net/bugs/144979020:24
stakewinner00_this song has a normal title20:25
stakewinner00_i can upload the song too20:25
ahayzenif it is reproducible that is useful :-)20:25
ahayzenstakewinner00_, also the media-hub and mediascanner2 logs maybe useful in that case (in the same directory)20:25
stakewinner00_"Failed to get current playback duration:  org.freedesktop.DBus.Error.UnknownMethod: Method "Get" with signature "ss" on interface "org.freedesktop.DBus.Properties" doesn't exist"20:26
ahayzenstakewinner00_, that sounds like media-hub crashed20:27
jhodappahayzen, stakewinner00_ yep, either crashed or dbus timed out (but most likely media-hub crashed and restarted)20:28
stakewinner00_media-hub log is of 3.3 M...20:29
jhodappstakewinner00_, just select 200 or so lines that center around the song filename that you were trying to play20:30
pmcgowankastegir, I think you are hitting this http://askubuntu.com/questions/674179/ubuntu-device-flash-fails-on-nexus-7-2013-android-5-0-2-cant-copy-image-to/67549920:30
jhodappand then of course around the area where it failed to play20:30
pmcgowankastegir, there are folks working to make the fix standard20:30
stakewinner00_seems to be related with the path name, this is a japanese song, with a some strange path, something like "02-%a5%a2%a5%a4%a5%bd%a5%c8%a1%bc%a5%d7 (second line).mp3"20:31
stakewinner00_http://pastebin.com/cBvAVhc820:32
jhodappstakewinner00_, how is the filename if you view it on the filesystem?20:32
jhodappahayzen, look at the file path that it's trying to open, how would media-hub have received this path? file:///media/phablet/3E3C-7B26/Music/Acidman/Slow Rain/02-�������ȡ��� (second line).mp320:33
jhodapp /media/phablet !?20:33
stakewinner00_"02-%a5%a2%a5%a4%a5%bd%a5%c8%a1%bc%a5%d7 (second line).mp3" seems to be the filename20:34
ahayzenjhodapp, that is an SD card20:34
jhodappahayzen, ah ok :)20:34
ahayzenjhodapp, looks like either our url encoding is breaking it, or media-hub isn't liking the unicode stuff20:34
jhodappahayzen, indeed20:34
jhodappstakewinner00_, does the file browser show the Japanese characters in the filename or does it show up like how it does in IRC here?20:35
ahayzenjhodapp, stakewinner00_ probably best to open a bug against music-app and media-hub (ubuntu) with all the relevant logs, with the file if possible.20:35
jhodappstakewinner00_, or if you look at it with Nautilus on an Ubuntu Desktop?20:35
stakewinner00_jhodapp, i'll do it tomorrow,20:35
stakewinner00_jhodapp, i don't have any graphical file browser, but other songs with strange unicode show like a square, but this songs seems like a url encoding. Maybe the media-hub crash with any url encoding like %df ¿?20:38
jhodappstakewinner00_, yeah indeed...looks like we could use some tests that try some more edge cases with filenames20:39
ahayzeni wrote some tests for ASCII characters for the music-app in the past, just not all of unicode :')20:40
=== salem_` is now known as _salem
stakewinner00_i played a little bit20:42
stakewinner00_ir crash when scrolling the list of songs, no log20:42
stakewinner00_no log of music-app20:43
ahayzenstakewinner00_, does anything appear in /var/crash ?20:43
stakewinner00_yep20:44
ahayzenstakewinner00_, could you attach all of this information to a bug report, i've gotta go but i'll look at the bug report later20:44
stakewinner00_the bug i mentioned seems tu be a duplicated of https://bugs.launchpad.net/music-app/+bug/1220370 but the last update is from 2013-10-11 and the status is "fix released" i should add a comment with the crash log or open a new bug report?20:53
ubot5`Launchpad bug 1220370 in Ubuntu Music App "Music app crashes when scrolling a big list of artists" [High,Fix released]20:53
dobeystakewinner00_: new bug21:10
dobeywell, a bug should probably be created from the already uplaoded error report (presumably it was uploaded)21:10
kastegirI followed those instructions and it won't boot at all now. I guess I will just go back to android until it is part of the main image21:10
dobeykastegir: followed what instructions?21:14
dobeykastegir: were you running android 4.4 on the device before flashing? is this the wifi or lte model?21:15
kastegirIt is the wifi model and no I was running 6.0 because it had updated a bunch of times since I bought it21:15
kastegirI followed these instructions http://askubuntu.com/questions/674179/ubuntu-device-flash-fails-on-nexus-7-2013-android-5-0-2-cant-copy-image-to/67549921:15
dobeykastegir: flashing doesn't work right if you have android 5 or 6 on the device. also, very late production nexus 7 had a change in the MMC i think, and may not work at all21:16
dobeykastegir: did your nexus 7 come with adnroid 5 on it already? or did it originally come with 4.4?21:18
kastegirit came with 4.421:20
dobeykastegir: ok, do this then: grab the original 4.4 image from google, flash it back on using the script provided with it, boot up to android welcome screen, reboot to the bootloader, and then do ubuntu-device-flash --bootstrap --channel ubuntu-touch/stable/ubuntu21:22
kastegiroh dobey... you deserve all the socks. That worked mate. Thanks!21:34
dobeykastegir: no problem. enjoy :)21:37
pmcgowannice dobey21:39
=== zequence_ is now known as zequence
=== _salem is now known as salem_
=== salem_ is now known as _salem

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!