#qi-hardware IRC log for Tuesday, 2014-04-29

whitequarkhave you seen http://www.shodanhq.com/ ?10:56
larschm... http://www.shodanhq.com/search?q=your+mom11:03
larsc"Server: Microsoft-IIS/7.5l; X-Powered-By: Your Mom!"11:04
larscthat seems to be a popular combo11:04
DocScrutinizer05damn, I wonder if it is about time to change my config to run web browser in a chroot only11:44
larscbest is probably to run in on a computer not connected to the internet11:47
whitequarkDocScrutinizer05: you'll like http://goto.ucsd.edu/quark/11:47
whitequarka web browser that is proven to never leak your private data to third parties11:48
whitequark(assuming there is no combination of webkit and kernel exploits that allow malicious code to escape sandbox, which is a pretty good assumption)11:48
ysionneauChromium and Firefox are starting to get there in term of sandboxing and security11:52
ysionneausmall steps by small steps11:53
whitequark"starting to get there"?11:53
whitequarkChrome pioneered the sandbox technique years ago11:53
ysionneaugetting there* ?11:53
ysionneauyes11:53
ysionneauit's starting to become nicely secured11:53
ysionneauso I'm not sure running in a chroot will add much security , maybe not today but in the short term11:54
whitequarkchromium already effectively runs every tab into chroot, or in fact in a better thing than chroot11:54
whitequarksecconp11:54
whitequark*seccomp11:54
ysionneauchromium is using seccomp, it filters 11:55
ysionneausyscalls11:55
ysionneauyes11:55
whitequarkyou have read(), write(), exit() and some other one11:55
whitequarkthat is all11:55
ysionneauindeed11:55
larscall you need ;)11:55
ysionneauif their list of syscalls is correct then it's secured11:55
ysionneauI bet they don't filter everything11:55
ysionneauit's very hard to do so11:55
ysionneaubut it's getting there11:55
larscthere have been breakouts from the sandbox in the past11:55
DocScrutinizer05whitequark: looks good11:55
ysionneauMozilla is doing the exact same for B2G (boot2gecko, AKA firefox OS)11:55
larscand there probably will be breakouts from the sandbox in the future11:56
larscit's still better to have sandbox than not have one though11:56
ysionneauthe theory would be to only allow read/write/exit11:56
ysionneauI bet they allow more11:56
larscs/have one/have none/11:56
whitequarkysionneau: they filter everything for browser tabs11:56
whitequarkthey use seccomp-bpf for flash11:56
ysionneaueven open? and mprotect?11:56
whitequarkalthough that is somewhat of a futile endeavour11:56
whitequarksure11:56
whitequarkwhy would a tab require open?!11:56
ysionneauwell it depends11:57
ysionneaufor instance on Android11:57
ysionneaufor the android app11:57
ysionneauerr not android app11:57
whitequarkah, the fourth one is sigreturn11:57
ysionneaufor the Chrome OS I mean11:57
whitequarkysionneau: it's not the tab that accesses the file11:57
larscI think we might realize not too far in the future that the micro-kernel folks were right11:57
ysionneauwhitequark: indeed the usual stuff is to make the parent process do the open() and send you the file descriptor via socket11:57
whitequarkysionneau: no recvmsg11:58
whitequarkit would just transfer the data to the tab with a multiplexed channel, I guess.11:58
ysionneaurecvmsg on a socket11:58
ysionneauto receive the file descriptor11:58
ysionneauwell actually you have several techniques for passing a file descriptor11:58
whitequarkI mean, no recvmsg in seccomp11:59
ysionneauah ok11:59
larschttps://code.google.com/p/seccompsandbox/wiki/overview11:59
ysionneau13:56 < whitequark> they use seccomp-bpf for flash < so i guess they have a smaller list of forbidden syscalls for flash then11:59
whitequarkyes11:59
larsc It restricts a thread to a small number of system calls:11:59
larscread()11:59
larscwrite()11:59
larscexit()11:59
larscsigreturn()11:59
ysionneaularsc: then you can use BPF, and you can use BPF to accept or refuse a syscall12:00
ysionneauand have whitelist or blacklist12:00
ysionneauyou can then either kill the process , or trap in a handler12:00
DocScrutinizer05anyway I think I'll just run browser under a dedicated user that has no access to *anything* outside of own $HOME12:00
ysionneauwhitequark: when your browser is not just a browser, but for instance an "OS" like firefox OS or Chrome OS12:01
ysionneauthen it's harder to just refuse everything except read/write/exit12:01
DocScrutinizer05or even better: in a VM12:01
ysionneaubecause of libhardware crap that want to open /dev/files to take wakelocks or to take locks on framebuffer etc12:02
ysionneauit's usually hard to forbid open()12:02
ysionneauor mprotect (for JS JIT)12:02
ysionneaubut they will find a way :)12:02
whitequarkDocScrutinizer05: VMs can be exploited too12:02
larscysionneau: well only a subset of the browser runs in the sandbox12:03
ysionneauthe 'content process'12:03
ysionneau(mozilla term)12:03
larscyou have a 'trusted' part, that you assume is bug free12:03
ysionneauyes12:03
ysionneauand which interacts less directly with the content12:03
ysionneau(html/js/css)12:03
larscif the sandboxed thread can get the trusted thread to do stuff it shouldn't do you have broken out of the sandbox12:03
ysionneauyep indeed12:04
ysionneauit's still really not perfect yet12:04
ysionneaubut it's better and better :)12:04
larscand if I understand things correctly with that quark browser they verified that the trusted part is bug free12:05
ysionneaufrankly I think it's hard for hackers to exploits bugs in the browsers nowdays12:05
larsc(assuming that their formal verification is bug free)12:05
larscwhich we probably shouldn't12:05
ysionneauI'm really amazed each time I hear about a new 0day on a browser12:05
ysionneauthe guy who worked on it must be very clever12:05
whitequarklarsc: formal verification *is* bug-free, that's the point of it12:06
DocScrutinizer05whitequark: I think any usual exploit via browser will have a hard time to figure it's running in a VM and to breakout and taint my host system12:07
ysionneaueven when you found a bug, you escaped ASLR, canaries on the stack, X^W memory mappings etc, then you can execute your payload ... in a sandboxed process ... you can't do all the syscalls you want etc12:07
ysionneauvery hard12:07
whitequarklarsc: the possibility of Coq being flawed in some respect that not only escaped the attention of the authors but also somehow leads to an exploitable vulnerability in the code proven correct by Coq is so vanishingly small, it's almost not worth consiering12:07
whitequarkDocScrutinizer05: hahaha, you seriously underestimate today's malware12:08
DocScrutinizer05well, then HTML is dead12:08
whitequarkit is almost always able to detect VMs, and frequently able to exploit them, though a more usual mode of operation would be to not exploit the system at all12:08
whitequarksince it's likely to be a honeypot or a security researcher's machine12:08
whitequarkno, it's not12:09
whitequarkyou don't avoid going out on the street because a meteorite can hit you on the head12:09
DocScrutinizer05yes it is, since when a VM doesn't help then you need a separate physical machine to use HTML12:09
whitequarkwhat I mean is, no measure you can take (short of 100% formally verified sandbox stack) will provide you with guaranteed security12:10
ysionneauanyway, isn't HTML turing complete ?12:10
whitequarkno12:10
ysionneauor maybe it's XML12:10
whitequarknot even with CSS12:10
whitequarkneither is XML12:10
whitequarka browser with JS disabled is almost entirely harmless, the only thing left is image parsers12:10
DocScrutinizer05aha! 12:11
whitequarkanyways, two things12:11
whitequark1) nothing you can practically do will provide you with 100% guarantee. but you can do 99.99...% for arbitrary number of 9's12:11
whitequark2) your machine is not really interesting anymore these days12:11
DocScrutinizer05http://helpx.adobe.com/security/products/flash-player/apsb14-13.html12:11
whitequarkunless you are specifically targeted, and if you are, you *will* be owned12:12
whitequarkwhat is interesting is your data elsewhere, and it is usually waaaay easier to access than hacking browser, secured by best minds ever12:12
ysionneauI don't remember where I read that, but I saw somewhere that XML language was "adjectif" which then proved it was not possible to ever parse it correctly, there will ever be a document that will not get correctly parsed 12:12
ysionneauis that BS?12:12
whitequarkysionneau: perhaps for XML--definitely not for HTML12:13
larscwith drive by attacks it's a bit like in nature you don't have to be the fasted gnu in the herd, just faster than the slowest gnu in the herd12:13
ysionneauwhitequark: ok12:13
larscif somebody targets you though you are screwed12:13
whitequarkif somebody targets you, you probably shouldn't even try, it's an exercise in futility12:13
whitequarkotherwise... first you need to understand your threat model. without that you are stumbling in the dark12:14
whitequarkDocScrutinizer05 probably doesn't have a coherent one :p12:14
ysionneausure, security without threat model is pointless12:14
Action: DocScrutinizer05 wonders why he feels pissed again12:16
wpwrak"Wait...so...according to the new update...they blew the cost estimate". pandora meets the groundhog.  https://www.kickstarter.com/projects/myidkey/myidkey-passwords-at-the-tip-of-your-finger/comments12:17
DocScrutinizer05gang of handwaving theorists prolly doing none of the smartass things they claim are lasst cute shite12:18
whitequarkDocScrutinizer05: teach us, enlightened one!12:18
wpwrakysionneau: threat model: 1) they're everywhere. 2) trust no one.12:19
whitequarkwpwrak: appropriate response: get inside a box 1x2x0.5m. wait until they are no longer around.12:20
larscbox with white walls and foam walls12:20
wpwrakwait until you are SURE they're no longer around, e.g., just stay in there. it's safer.12:20
whitequarklarsc: I was more thinking about a wooden one, but that works too, I guess12:21
DocScrutinizer05whitequark: no12:23
DocScrutinizer05whitequark: I'll neither give nor take lessons to/from a group that acts hostile12:24
ysionneauI don't think anyone here is hostile, I just think that some people here have strong opinions and then defend them vigorously12:26
whitequark... including DocScrutinizer05 ("handwaving theorists doing none of smartass things they claim", yea)12:26
wpwrakmeanwhile ... neo900 = 357 !12:27
DocScrutinizer05meanwhile, that's old12:27
wpwrakwell, didn't check it for a few days12:27
Action: whitequark imagines DocScrutinizer as http://cdn.grumpycats.com/wp-content/uploads/2014/04/04.27.2014-1.jpg12:28
ysionneaulol12:28
ysionneauhe's cute then ;)12:28
ysionneaurha12:28
ysionneaucome back you little kitten :(12:29
wpwrakmust be "foul mood day" again :)12:29
ysionneauthis time it's strange he got pissed12:31
ysionneausince the discussion was not ... agitated12:31
wpwrakthis one is even better, with the eyes half-closed: http://www.grumpycats.com/the-daily-grump-april-10-2014/12:32
whitequarkhttp://tsaoshin.deviantart.com/art/When-Will-My-No-Begin-39519447812:32
larschttp://truestorieswithgill.com/wp-content/uploads/2013/09/20130915-190539.jpg12:32
wpwrakwhitequark: what have you started :)12:33
ysionneauthe cat war12:35
nicksydney_has anybody heard about 'Significant Motion Sensor' ... I googled around there is motion sensor...but according to this page it does exist https://source.android.com/devices/sensors/composite_sensors.html#Significant12:49
larscwell that probably means that the sensor has a programable threshold and until the motion does not reach that threshold the motion is not reported12:52
larsc-> no IRQ -> CPU sleeps12:52
larscyour typical accellerometer is able to detect samll changes, e.g. the desk is vibrating because somebody tramples on the floor12:54
larscor because you are typing on your keyboard12:54
nicksydney_larsc: yes the sensor works that way...what i was trying to figure out whether this is a new kind of sensor or this is the same accelerometer sensor but with 'smarts' built into the firmware12:54
larscnicksydney_: all kinds of sensors have such a threshold12:55
nicksydney_according to this http://www.etezian.org/files/fosdem13_stm_accel.pdf (page 6 and 8)12:55
larsce.g. the adxl345 and that one is a few years old12:56
nicksydney_Kionix & ST LIS3DSH12:56
larscI think what is special about them is the programable statemachine12:57
larscrather than a fixed function pipeline12:57
wpwrak(neo900) heh, 358 ! and almost at 75 kEUR. now we know where he went, to celebrate !13:03
nicksydney_larsc: "The LIS3DSH is an ultra low-power high performance three-axis linear accelerometer belonging to the nano family with embedded state machine that can be programmed to implement autonomous applications."13:04
nicksydney_"with embedded state machine" :)13:04
nicksydney_cost $3.01 http://www.digikey.com/product-search/en?WT.z_cid=sp_497_0928_buynow&Enterprise=44&lang=en&Vendor=497&mpart=LIS3DSHTR13:05
larscnicksydney_: yea, that means that you can basically program your wakeup condition13:09
larscwhere as older hardware has just say a regiter where you write the minimum g value to wakeup13:10
nicksydney_was looking at the Kionix app note http://www.kionix.com/sites/default/files/AN029%20Getting%20Started%20with%20the%20KXCNL.pdf and basically looking through it there are 2 main trigger that you can tap into  - Free Fall and Motion Detection13:14
nicksydney_pardon me...my mistake the other doc http://www.kionix.com/sites/default/files/Motion%20Matters%20-%20The%20KXCNL%20Accelerometer%20with%20Dual%20State%20Machines%20-%20How%20it%20works%20and%20what%20it%20can%20do%20for%20you.pdf says ... "The KXCNL accelerometer has two independent, finite13:15
nicksydney_state machines that can be defined with up to 16 states each, along with programmable  actions initiated at state transitions. This allows users to implement a wide range of recogniti on algorithms, such as wake-up, free-fall,13:15
nicksydney_screen orientation, Tap/Double-Tap, step recognitio n, and more."13:15
apeleteHi larsc13:54
larscsup13:56
apeletebeen a while, hope you're doing well13:57
apeletelarsc: are you at work ?13:57
apeleteI've resumed debugging the dma in jz4740_mmc.c and I think I'll need your help13:57
larscok13:58
apeletewe can talk about it later if you're busy right now (I was reading the channel backlog just now and noticed you were there)13:58
larscI can neither confirm or deny that I'm currently at work ;)13:59
larscnor13:59
Action: pcercuei looks13:59
apeletehaha, ok ;-)13:59
pcercueihe's at work :)13:59
apeletepcercuei just dropped the ball ;-)14:00
apeleteno problem, we'll talk later14:00
wpwrakafter he was reassigned to the NSA he's always been rather vague about what he's doing14:00
apelete:)14:01
rjeffrieswpwrak this looks shiny. (I know, they have challenges. Still, it seems to exist in the wild now): https://twitter.com/CoolPileCom/status/458682168005234688/photo/114:24
wpwrakyes, i've been watching their progress. it does seem that they've started shipping. yet people are still heavily guessing14:27
rjeffriesindustrial design is not bad. Is tehir display about same as your anelok, or smaller?14:34
rjeffrieswpwrak fwiw I think your jog wheel will be a nice user input method. I still dream that someday somebody will mod your code so the character being selected is displayed 2x or 3x teh size. but am NOT holding my breath.14:36
wpwrakit may be the same size. in any case very similar14:38
wpwrak(wheel) i'm actually gravitating towards a slider. results so far don't look too bad.14:39
wpwrakand the password input was just a very very early demo. nothing final there :)14:40
wpwrak(slider experiments) i made a very simple slider sensor made of two triangles, one of them ground, the other the actual sensor. the signal strength is pretty good.14:48
wpwrakwhat doesn't work so well are a) fall and rise times (that should be mainly a question of proper filtering - right now i just use the raw samples without further ado), and14:49
wpwrakb) high variability depending on finger position (e.g., whether a little above or below the sensor or moving diagonally across it) and finger pressure14:50
wpwrakthe data i can gather doesn't look as if it was sufficient for auto-calibration of all the relevant parameters (i could auto-calibrate "idle", but there's no good way to determine, for instance, the values at the left and right border of the sensor, without actually asking the user to put a finger there)14:52
wpwrakhowever, if i had little more information, i could probably just eliminate the variable common offset and multiplier14:54
wpwrakthis "little more information" could come from turning the ground triangle into a sensor, too. that would add a second channel and give me an essentially complementary value14:56
wpwrakthat's still fairly rough, but then, we don't need superb precision there anyway14:56
wpwrakit's more about detecting things like "left tap", "swish to the right", and so on14:57
apelete<wpwrak> (wheel) i'm actually gravitating towards a slider. results so far don't look too bad.15:00
apeleteis the jog wheel that bad ? me would take mechanical input method over touch anytime (unless it's really bad)15:00
wpwrakthe wheel feels reasonably nice but has many drawbacks: 1) high cost - it's the 2nd most expensive component in the design (after the display), 2) size - it's big and defines the minimum thickness of the whole device,15:06
wpwrak3) sourcing risk - there's only one source i know of, so if that one dries up, it may be difficult to find a replacement, and even less a mechanically identical one,15:07
wpwrak4) wear - it can break due to intense use, particularly in the presence of dirt or other contaminants,15:08
wpwrak5) wear 2 - it produces (a little) mechanical stress on the PCB,15:09
wpwrak6) limited flexibility - all you can do is press the button and turn left or right, while a slider could have multiple tap zones and perhaps also a variable resolution15:10
wpwrak7) makes case design more demanding because the case needs fairly precise clearance around the wheel. too much and it will look sloppy. too little and the wheel will rub against the case.15:12
apeletethat's a lot of limitations indeed15:13
apeleteoh well... :-(15:13
wpwrakadvantages of the wheel are: a) feels nice, b) gives anelok a unique look, c) very clearly defined behaviour (things are either on or off, no calibration required)15:13
wpwrakregarding c) of course, rotary encoders have a tendency of getting bouncier with time, and eventually they bounce more than the debouncing algorithm expects ...15:15
wpwrakah, and advantage d) no power required in standby.15:16
wpwrakregarding a), larger amount of rotation don't feel so nice, though. so a slider should be more pleasant there, too, since you just move the finger back and forth, without having to perform a proper rotation.15:18
apeleteand drawback 3) seems to be a real problem too15:21
wpwrakyeah, it's the sort of risk i very strongly dislike15:26
wpwrakDocScrutinizer51: wouldn't you agree, about sourcing risks and the fun it is when parts turn into unobtainium ? :)15:27
wpwrakactually, i should make a little video of the critter i have this far15:27
apeletew00t, shiny new video :-)15:30
wpwrakvideo shot. now the post-processing ...15:52
sb0grrr, how to open a .lib created with kicad libedit?16:26
sb0it won't show it in "current library" even after adding its path to the search list16:26
Action: sb0 will soon open altium designer again16:26
sb0why didn't they simply have a normal file->open dialog box?!?16:28
sb0oh and saving a project file is the same crap. you can't select a path...16:30
sb0but you can zip and unzip files from the menu. useful feature, that.16:31
sb0seriously even setting the name of the project file is a struggle16:43
sb0right click on it, and it proposes "New directory"16:44
sb0wtf16:44
sb0ah, re. the library you have to 1) go in eeschema preferences 2) add it specifically in the list of libraries. adding the search path is not enough.16:50
sb0phew16:50
sb0usual open source UI design16:50
wpwrak;-)16:59
wpwrakhint: when you begin your project, save the "preferences". that's your .pro16:59
wpwrakthen exit eeschema and add libraries directly to the .pro file17:00
wpwraklikewise for cvpcb and pcbnew17:00
wpwrakwarning: pcbnew will delete the libs you added for cvpcb and replace them with the default list17:00
wpwrakso make sure you keep an up to date copy of your .pro around (e.g., in git)17:01
wpwrakand yes, agreed on the suckishness of library handling17:01
wpwrakcountless hour of expert work must have been poured into pessimizing the user experience there ...17:01
sb0I think I'll soon cut my losses and get back to altium17:09
sb0now trying to create a footprint, and I can't even figure out how to open the damn footprint editor17:09
sb0since they put the schematic symbol editor in the eeschema tools menu, I thought they would put the footprint editor in the pcbnew tool menu, but NO17:11
sb0that would be intuitive17:11
apeletelarsc: are you there17:12
wpwrakdon't use the footprint editor. use fped.17:12
wpwrakthe footprint editor is somewhere there but it really really sucks17:13
sb0I'm also noticing that Gerber export is missing from "Fabrication Outputs" in pcbnew. since this is the feature that everyone is going to use to make any PCB, it's only logical they hid it somewhere else, preferably in another tool...17:14
larscapelete: yes17:15
sb0oh, it's an ICON17:16
sb0whoa17:16
sb0did anyone, like, thought about the UI? or did every programmer add some option here and there, without any coordination and in the way that was easiest to code?17:17
larscsb0: they a strong belivers in natural evolution of UIs rather than intelligent designed UIs ;)17:18
larscsurvival of well works at least somehow17:18
wpwrakgerber is in "plot" 17:19
wpwrak(neo900) drums, please ! 359 and crossed 75 kEUR.17:21
wpwrakdos1: what kind of marketing stunt did you guys just pull off ? :)17:21
dos1wpwrak: woah, just looked few minutes ago and it was 35817:22
dos1wpwrak: do you have some kind of automated notifications of something? :D17:22
apeletelarsc: so, about dma on jz4740_mmc.c17:22
dos1well... we're working on marketing stunt right now, but I guess that doesn't count :P17:22
apeletewas wondering where I can put a breakpoint or printf to see the beginning of data transfers in dmaengine17:22
apeletelarsc: my problem being the error on line 112 here: http://paste.debian.net/96293/17:23
dos1recently I've been only pointing to Neo900 in comments under some "PiPhone" and Firefox OS articles17:24
apeletelarsc: I4m basically trying to pinpoint what is being transfered (from which src address to which dst address) to see what is going wrong17:25
wpwrakdos1: maybe someone else mentioned and it went viral17:25
apeletelarsc: but I don't understand (yet) dmaengine inner workings :-/17:25
wpwrakdos1: or some new atrocities by NSA have been revealed :)17:25
dos1quick googling doesn't reveal anything big about neo900, but haven't checked about nsa yet :)17:26
dos1btw. I noticed that on 4chan's /g/ there's already a "Obligatory link to Neo900" meme each time N900 is mentioned :D17:27
wpwrakwhoopa, cirrus just ate wolfson17:27
sb0of course, copy/paste in the footprint editor would be luxury17:28
wpwraksb0: told you that you should use fped :)17:28
wpwrakfped is admittedly a bit more challenging. i.e., you have to have an idea of what you're about to do, instead of just doodling away17:29
dos1woah, *.bbc.co.uk just asked my browser to present my user certificate to it17:29
dos1it's the first time I've seen anything like that outside of StartTLS page17:29
dos1but I'm not sure why they want it there... I just clicked on "Wolfson Microelectronics is to be taken over by Cirrus Logic" link in google :x17:30
wpwrakprobably to enhance their user tracking ...17:33
wpwraknext, you'll only get to see google ads if you can _prove_ that you're you17:34
dos1canceled it and it just loaded the page; no errors, no "you didn't authorized; do it to improve your experience!", just nothing17:35
larscwpwrak: internetausweiss und internetfuehrerschein bitte17:36
apeletelarsc: forgot about the actual code, it's here: http://git.seketeli.net/cgit/~apelete/qi-kernel.git/log/?h=jz4740-dma17:39
larscapelete: jz4740_dma_start_transfer() starts the transfer17:39
apeletelarsc: yes, but that just calls dmaengine, right ?17:40
apeleteso the problem lies somewhere in the data passed to dmaengine I guess17:40
larscapelete: no, that's in the dma engine driver17:41
larscwhere the transfer is physically started17:41
apeleteach so, I should break on jz4740_dma_start_transfer() then17:44
apeletesilly me, so that's what mth was trying to tell me last time...17:44
wpwraknew22:39
--- Wed Apr 30 201400:00

Generated by irclog2html.py 2.9.2 by Marius Gedminas - find it at mg.pov.lt!