=== chihchun_afk is now known as chihchun
[04:22] <ubptgbot> <Lakotaubp> @Dave S, Latest dev update and getting over24 hrs on OnePlus one. Nexus 5 same update level approx15hrs to 10%
[04:24] <ubptgbot> <wayneoutthere> Nigel for Battery President!
[05:08] <ubptgbot> <AlexanderPlaza> @Lakotaubp, Sounds like I’ll need to replace a nexus 5 battery and a Oneplus One battery soon.
[05:09] <ubptgbot> <AlexanderPlaza> Anyone recommend a specific battery replacement or just find whatever works online these days for those phones?
[05:19] <ubptgbot> <Lakotaubp> Have a look at this it may help
[05:19] <ubptgbot> <Lakotaubp> https://forums.ubports.com/topic/1100/nexus-5-replacement-battery
[06:27] <ubptgbot> <Stereofont> @Dave S, In the past, there have been a lot of problems with false readings of charge levels. Inaccuracy might be an alternative explanation
[06:43] <ubptgbot> <TartanSpartan> Yes, the MX4's hardware is bad for that for example. The only way to get an accurate reading is to power it down and watch the hibernated charging graphic. Then when you power it up again it matches for a while, but after that the software desynchronises the count from thr hardware.
[06:43] <ubptgbot> <TartanSpartan> Had hope that Xenial devel and RC had fixed that, but it proved to be false.
[07:11] <ubptgbot> <garrogarri> @Lakotaubp, Nostromo is a producer of tuna in Italy 😆
[07:12] <ubptgbot> <garrogarri> Anyway … ```debug: fastboot: flash; [{"type":"recovery","url":"http://cdimage.ubports.com/devices/recovery-mako.img","checksum":"6954e171f21445d40f936b96f3e9db78d5ae890819a60dcd003e7d0749d5b26d","path":"/home/gianmarco/snap/ubports-installer/170/.cache/ubports/images/mako"}]``` … Do this mean that: … 1. The installer is downloadi
[07:12] <ubptgbot> ng the image during the flash operation? … and 2. The installer is downloading an image without using SSL?
[07:13] <ubptgbot> <garrogarri> [Edit] Anyway … ```debug: fastboot: flash; [{"type":"recovery","url":"http://cdimage.ubports.com/devices/recovery-mako.img","checksum":"6954e171f21445d40f936b96f3e9db78d5ae890819a60dcd003e7d0749d5b26d","path":"/home/---------/snap/ubports-installer/170/.cache/ubports/images/mako"}] … ```Do this mean that: … 1. The installer is do
[07:13] <ubptgbot> wnloading the image during the flash operation? … and 2. The installer is downloading an image without using SSL?
[07:38] <ubptgbot> AdjunktH was added by: AdjunktH
[07:40] <ubptgbot> <advocatux> @AdjunktH, Hi David, welcome! Take a look to https://ubports.com/telegram-welcome to get you up to speed
[07:44] <ubptgbot> <Lakotaubp> @garrogarri, But us the Tuna good 👽👻
[07:53] <ubptgbot> <Flohack> @garrogarri, You know the movie connected with that?
[07:53] <ubptgbot> <Stereofont> @garrogarri, Their anchovies are first class
[07:54] <ubptgbot> <garrogarri> @Flohack, No, I don't
[07:55] <ubptgbot> <advocatux> @Flohack, That sounds fishy :)
[07:55] <ubptgbot> <Flohack> http://avp.wikia.com/wiki/USCSS_Nostromo
[07:56] <ubptgbot> <Flohack> Fishy? Not so much... More slimy and... Alien xD
[07:58] <ubptgbot> <advocatux> if there's tuna that's fishy to me 😂
[07:59] <ubptgbot> <Flohack> lol
[08:00] <ubptgbot> <garrogarri> LOL, ok
[08:00] <ubptgbot> <garrogarri> @garrogarri, But what about this?
[08:07] <ubptgbot> <advocatux> @garrogarri, 1. afaik everything needed is downloaded to the computer before pushing it to the device … 2. it doesn't matter really because the installer checks the files checksums
[08:10] <ubptgbot> <Flohack> @garrogarri, You dont need to secure anything with https which is public information. It just is a waste of computing power ;)
[08:11] <ubptgbot> <garrogarri> @Flohack, Mmh. It isn't public information what operating system I want to use on my phone
[08:12] <ubptgbot> <garrogarri> Wikipedia is public information, but it is encrypted because it should be private which pages the people reads
[08:12] <ubptgbot> <garrogarri> [Edit] Wikipedia is public information, but it is encrypted because it should be private which pages the people read
[08:13] <ubptgbot> <garrogarri> @garrogarri, And what type of phone do I have
[08:13] <ubptgbot> <garrogarri> @garrogarri, [Edit] And what type of phone do I have, also
[08:17] <ubptgbot> Dr. Katze was added by: Dr. Katze
[08:17] <ubptgbot> <advocatux> https doesn't protect you from third-parties learning a lot of things about you. You'd need TOR for that, and even that it isn't foolproof
[08:18] <ubptgbot> <garrogarri> Moreover I think there is some very slow cache in the place where I live, but is does not cache encrypted traffic, so it would be faster for me to download it encrypted
[08:20] <ubptgbot> <Dr. Katze> Hey there guys! I'm actually looking for the beginner's group. UBports homepage directed me to this group. Can you help me? :)
[08:20] <ubptgbot> <advocatux> @Dr. Katze, Hi Dr. Katze, welcome! Take a look to https://ubports.com/telegram-welcome to get you started
[08:20] <ubptgbot> <advocatux> @Dr. Katze, Shoot
[08:24] <ubptgbot> <Flohack> @Dr. Katze, Are you German?
[08:43] <ubptgbot> <Lakotaubp> @advocatux, In Space NoOne Can Hear You Eat Tuna ! 👽
[08:43] <ubptgbot> <advocatux> 😂
[08:54] <ubptgbot> <Ingo_FP_Angel> @advocatux, What do you mean? … With HTTPS someone looking at the traffic sees which servers you are talking to but not which resources you access.
[08:55] <ubptgbot> <advocatux> @Ingo_FP_Angel, Yes, that's exactly what I mean :)
[09:02] <ubptgbot> <Ingo_FP_Angel> Then I don't get what you meant with your sentence 😉
[09:02] <ubptgbot> <Flohack> I agree that https is mandatory as soon as personal information is transmitted. But not the public OTA images from our server
[09:09] <ubptgbot> <advocatux> @Ingo_FP_Angel, Garro said he doesn't want other people learning things like which OS have in his phone, and I meant connecting to something like `https://ubports-installer` gives a lot of clues about that to a third-party
[09:10] <ubptgbot> <Flohack> Hmm most Information is collected from stored data, not from tapping the transit. And most webserver logfiles are not encrypted ;)
[09:11] <ubptgbot> <Flohack> Why I would bother brute-forc-craking of https which is possible, or injecting false certificates, which is also possible, to get data from one single user only,  when I can just get potentially thousands of user data from the logfiles
[09:17] <ubptgbot> <advocatux> Exactly, I was just replying to Garro's concerns. MITM attacks, snooping the DNS queries, and so on are possible and https is not the way to protect you from nosy third-parties
[09:22] <ubptgbot> <Flohack> But still think about it, no one will make much efforts for only one user, rather its better to target thousands of users´s data. Except its a personal interest of your friends, family or so. But usually the dont have the technical possibilities to tap your internet
[09:29] <ubptgbot> <advocatux> Yep, I agree with you :)
[09:30] <ubptgbot> <advocatux> Of course "who" is interested and "who" is the target, is pretty relevant
[09:46] <ubptgbot> <JBBgameich> Doesn't https also protect against "fake" servers (at least in some configurations). Since you also verify the checksum, it's maybe not be that much needed, but where does it get the checksum from?
[09:48] <ubptgbot> <JBBgameich> If the installer downloads the checksum from the same server, someone in the same network could modify the DNS entries so the installer flashes an image from the wrong server right?
[09:48] <bshah> @JBBgameich, but gpg key is on recovery
[09:49] <bshah> but again if you are bootstraping, recovery can also be modified so lol
[09:57] <ubptgbot> <Flohack> @JBBgameich, In order to modify DNS entries he needs to hack your DNS server, or compromise you in a public WiFi. So dont upgrade the phone outside your own network. Because hacking your providers DNS is a different story
[10:21] <ubptgbot> <JBBgameich> I don't see a real threat there, I just wanted to show https isn't completely useless for OTAs :)
[10:26] <ubptgbot> guangutu9 was added by: guangutu9
Binary file (standard input) matches