/srv/irclogs.ubuntu.com/2018/07/20/#ubports.txt

=== chihchun_afk is now known as chihchun
ubptgbot<Lakotaubp> @Dave S, Latest dev update and getting over24 hrs on OnePlus one. Nexus 5 same update level approx15hrs to 10%04:22
ubptgbot<wayneoutthere> Nigel for Battery President!04:24
ubptgbot<AlexanderPlaza> @Lakotaubp, Sounds like I’ll need to replace a nexus 5 battery and a Oneplus One battery soon.05:08
ubptgbot<AlexanderPlaza> Anyone recommend a specific battery replacement or just find whatever works online these days for those phones?05:09
ubptgbot<Lakotaubp> Have a look at this it may help05:19
ubptgbot<Lakotaubp> https://forums.ubports.com/topic/1100/nexus-5-replacement-battery05:19
ubptgbot<Stereofont> @Dave S, In the past, there have been a lot of problems with false readings of charge levels. Inaccuracy might be an alternative explanation06:27
ubptgbot<TartanSpartan> Yes, the MX4's hardware is bad for that for example. The only way to get an accurate reading is to power it down and watch the hibernated charging graphic. Then when you power it up again it matches for a while, but after that the software desynchronises the count from thr hardware.06:43
ubptgbot<TartanSpartan> Had hope that Xenial devel and RC had fixed that, but it proved to be false.06:43
ubptgbot<garrogarri> @Lakotaubp, Nostromo is a producer of tuna in Italy πŸ˜†07:11
ubptgbot<garrogarri> Anyway … ```debug: fastboot: flash; [{"type":"recovery","url":"http://cdimage.ubports.com/devices/recovery-mako.img","checksum":"6954e171f21445d40f936b96f3e9db78d5ae890819a60dcd003e7d0749d5b26d","path":"/home/gianmarco/snap/ubports-installer/170/.cache/ubports/images/mako"}]``` … Do this mean that: … 1. The installer is downloadi07:12
ubptgbotng the image during the flash operation? … and 2. The installer is downloading an image without using SSL?07:12
ubptgbot<garrogarri> [Edit] Anyway … ```debug: fastboot: flash; [{"type":"recovery","url":"http://cdimage.ubports.com/devices/recovery-mako.img","checksum":"6954e171f21445d40f936b96f3e9db78d5ae890819a60dcd003e7d0749d5b26d","path":"/home/---------/snap/ubports-installer/170/.cache/ubports/images/mako"}] … ```Do this mean that: … 1. The installer is do07:13
ubptgbotwnloading the image during the flash operation? … and 2. The installer is downloading an image without using SSL?07:13
ubptgbotAdjunktH was added by: AdjunktH07:38
ubptgbot<advocatux> @AdjunktH, Hi David, welcome! Take a look to https://ubports.com/telegram-welcome to get you up to speed07:40
ubptgbot<Lakotaubp> @garrogarri, But us the Tuna good πŸ‘½πŸ‘»07:44
ubptgbot<Flohack> @garrogarri, You know the movie connected with that?07:53
ubptgbot<Stereofont> @garrogarri, Their anchovies are first class07:53
ubptgbot<garrogarri> @Flohack, No, I don't07:54
ubptgbot<advocatux> @Flohack, That sounds fishy :)07:55
ubptgbot<Flohack> http://avp.wikia.com/wiki/USCSS_Nostromo07:55
ubptgbot<Flohack> Fishy? Not so much... More slimy and... Alien xD07:56
ubptgbot<advocatux> if there's tuna that's fishy to me πŸ˜‚07:58
ubptgbot<Flohack> lol07:59
ubptgbot<garrogarri> LOL, ok08:00
ubptgbot<garrogarri> @garrogarri, But what about this?08:00
ubptgbot<advocatux> @garrogarri, 1. afaik everything needed is downloaded to the computer before pushing it to the device … 2. it doesn't matter really because the installer checks the files checksums08:07
ubptgbot<Flohack> @garrogarri, You dont need to secure anything with https which is public information. It just is a waste of computing power ;)08:10
ubptgbot<garrogarri> @Flohack, Mmh. It isn't public information what operating system I want to use on my phone08:11
ubptgbot<garrogarri> Wikipedia is public information, but it is encrypted because it should be private which pages the people reads08:12
ubptgbot<garrogarri> [Edit] Wikipedia is public information, but it is encrypted because it should be private which pages the people read08:12
ubptgbot<garrogarri> @garrogarri, And what type of phone do I have08:13
ubptgbot<garrogarri> @garrogarri, [Edit] And what type of phone do I have, also08:13
ubptgbotDr. Katze was added by: Dr. Katze08:17
ubptgbot<advocatux> https doesn't protect you from third-parties learning a lot of things about you. You'd need TOR for that, and even that it isn't foolproof08:17
ubptgbot<garrogarri> Moreover I think there is some very slow cache in the place where I live, but is does not cache encrypted traffic, so it would be faster for me to download it encrypted08:18
ubptgbot<Dr. Katze> Hey there guys! I'm actually looking for the beginner's group. UBports homepage directed me to this group. Can you help me? :)08:20
ubptgbot<advocatux> @Dr. Katze, Hi Dr. Katze, welcome! Take a look to https://ubports.com/telegram-welcome to get you started08:20
ubptgbot<advocatux> @Dr. Katze, Shoot08:20
ubptgbot<Flohack> @Dr. Katze, Are you German?08:24
ubptgbot<Lakotaubp> @advocatux, In Space NoOne Can Hear You Eat Tuna ! πŸ‘½08:43
ubptgbot<advocatux> πŸ˜‚08:43
ubptgbot<Ingo_FP_Angel> @advocatux, What do you mean? … With HTTPS someone looking at the traffic sees which servers you are talking to but not which resources you access.08:54
ubptgbot<advocatux> @Ingo_FP_Angel, Yes, that's exactly what I mean :)08:55
ubptgbot<Ingo_FP_Angel> Then I don't get what you meant with your sentence πŸ˜‰09:02
ubptgbot<Flohack> I agree that https is mandatory as soon as personal information is transmitted. But not the public OTA images from our server09:02
ubptgbot<advocatux> @Ingo_FP_Angel, Garro said he doesn't want other people learning things like which OS have in his phone, and I meant connecting to something like `https://ubports-installer` gives a lot of clues about that to a third-party09:09
ubptgbot<Flohack> Hmm most Information is collected from stored data, not from tapping the transit. And most webserver logfiles are not encrypted ;)09:10
ubptgbot<Flohack> Why I would bother brute-forc-craking of https which is possible, or injecting false certificates, which is also possible, to get data from one single user only,  when I can just get potentially thousands of user data from the logfiles09:11
ubptgbot<advocatux> Exactly, I was just replying to Garro's concerns. MITM attacks, snooping the DNS queries, and so on are possible and https is not the way to protect you from nosy third-parties09:17
ubptgbot<Flohack> But still think about it, no one will make much efforts for only one user, rather its better to target thousands of usersΒ΄s data. Except its a personal interest of your friends, family or so. But usually the dont have the technical possibilities to tap your internet09:22
ubptgbot<advocatux> Yep, I agree with you :)09:29
ubptgbot<advocatux> Of course "who" is interested and "who" is the target, is pretty relevant09:30
ubptgbot<JBBgameich> Doesn't https also protect against "fake" servers (at least in some configurations). Since you also verify the checksum, it's maybe not be that much needed, but where does it get the checksum from?09:46
ubptgbot<JBBgameich> If the installer downloads the checksum from the same server, someone in the same network could modify the DNS entries so the installer flashes an image from the wrong server right?09:48
bshah@JBBgameich, but gpg key is on recovery09:48
bshahbut again if you are bootstraping, recovery can also be modified so lol09:49
ubptgbot<Flohack> @JBBgameich, In order to modify DNS entries he needs to hack your DNS server, or compromise you in a public WiFi. So dont upgrade the phone outside your own network. Because hacking your providers DNS is a different story09:57
ubptgbot<JBBgameich> I don't see a real threat there, I just wanted to show https isn't completely useless for OTAs :)10:21
ubptgbotguangutu9 was added by: guangutu910:26
Binary file (standard input) matches

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!