XSF logo jdev - 2020-01-02


  1. paul has left
  2. debacle has left
  3. wurstsalat has left
  4. serge90 has left
  5. serge90 has joined
  6. serge90 has left
  7. strar has left
  8. strar has joined
  9. strar has left
  10. strar has joined
  11. serge90 has joined
  12. kikuchiyo has left
  13. paul has joined
  14. strar has left
  15. strar has joined
  16. strar has left
  17. strar has joined
  18. A$T has joined
  19. A$T has left
  20. strar has left
  21. strar has joined
  22. kikuchiyo has joined
  23. kikuchiyo has left
  24. kikuchiyo has joined
  25. aj has joined
  26. pulkomandy has left
  27. UsL has joined
  28. pulkomandy has joined
  29. aj has left
  30. asterix has joined
  31. lovetox has joined
  32. kikuchiyo has left
  33. pulkomandy has left
  34. pulkomandy has joined
  35. pulkomandy has left
  36. pulkomandy has joined
  37. lovetox anyone knows of a totp/hotp client with GUI on linux?
  38. lovetox i only find commandline tools where i have to specify the key everytime again
  39. Zash I know only mobile variants, tho that's technically on Linux
  40. sonny has joined
  41. Link Mauve lovetox, can’t you store the key somewhere and pipe that into your CLI tool automatically?
  42. lovetox Link Mauve, i can imagine this works for you with your 500 keystrokes per minute
  43. lovetox i want a simple gui, where all my pages are listed, i click one button and get a new password for that page
  44. Zash Isn't the point that a second physical device is needed?
  45. Link Mauve lovetox, what is a page in this context?
  46. lovetox a website
  47. Zash wrap the cli in a script and pop up a dialog with zenity?
  48. lovetox ah foundone
  49. Zash https://github.com/search?q=totp+gui has a few results
  50. lovetox https://share.hoerist.com/philipp/DCspAml7xkgzvs6E/c8d69a41-a4e2-4a9b-95ed-2639bac231f9.png
  51. lovetox see something like that
  52. jonas’ ahaha netcup
  53. jonas’ that name is so unfortunate
  54. kikuchiyo has joined
  55. kikuchiyo has left
  56. asterix has left
  57. asterix has joined
  58. kikuchiyo has joined
  59. larma has left
  60. larma has joined
  61. kikuchiyo has left
  62. larma lovetox: some password managers can do that
  63. pulkomandy has left
  64. pulkomandy has joined
  65. larma Zash: it's not about a second device, it's about the second factor of ownership (having a physical device) in contrast to only knowledge (password)
  66. wurstsalat has joined
  67. kikuchiyo has joined
  68. lovetox has left
  69. lovetox has joined
  70. debacle has joined
  71. sonny has left
  72. pulkomandy has left
  73. pulkomandy has joined
  74. lovetox has left
  75. lovetox has joined
  76. lovetox i now try nginx, apache with its 10 folders, where X conf files live and all get imported on top of each other
  77. lovetox im trying since 20 minutes to disable hsts, and i simply cant do it
  78. lovetox not feeling it
  79. jonas’ lovetox, you should join programming@chat.cluxia.eu, your questions are more on-topic there :)
  80. lovetox no join link :/
  81. jonas’ lovetox, you should join xmpp:programming@chat.cluxia.eu?join, your questions are more on-topic there :)
  82. jonas’ lies!
  83. lovetox i have to add a feature in Gajim where when you copy a groupchat it always makes join links
  84. lovetox and "," beeing allowed in URLs does things not make better
  85. lovetox :D
  86. lovetox this reminds me to make the url regex in Gajim better
  87. asterix has left
  88. lovetox something like if a space follows a "," ignore the ","
  89. asterix has joined
  90. asterix has left
  91. asterix has joined
  92. jonas’ uh, that sounds like a smart rule
  93. Zash Punctuation at the end might work as a general rule
  94. lovetox starts to look at the code for that
  95. larma we have that in Dino now as well, though we don't handle ... yet
  96. Syndace has left
  97. Wojtek has joined
  98. larma one character might be not enough 😉
  99. larma also remember to count parenthesis if you don't do that already 😉
  100. Zash I wrote some code somewhere that strips brackets if there's a matching bracket just before the url
  101. Zash so (http://example.com/) works without including the )
  102. Syndace has joined
  103. jonas’ > count parenthesis > regex -EIMPOSSIBLE
  104. debacle has left
  105. Zash count? no. just (.)(urlregexhere) and `if match[1] == "(" and stuff:endswith(")") then` strip that
  106. lovetox http://-.~_!$&'()*+,;=:%40:80%2f::::::@example.com
  107. lovetox valid uri :)
  108. jonas’ but not common ;)
  109. jonas’ though with browsers escaping ( and ) when copying to clipboard, I think it might even be viable to simply forbid () in URL regexes.
  110. lovetox its funny that there is no public available regex that can match all URIs in a text
  111. jonas’ ~though with browsers escaping ( and ) when copying to clipboard, I think it might even be viable to simply forbid () in URL regexes.~ doesn’t seem to be the case (anymore?)
  112. lovetox there are some that are better than others
  113. Zash or http://[db8:f00::baa%eth0]:80/
  114. Zash are urls even regular?
  115. jonas’ probably not
  116. Zash wasn't url parsing one of the first things mozilla rewrote in rust?
  117. lovetox so if you want to show clickable uris in your client, first accept you will not catch all valid urls :)
  118. lovetox from there you have a easier live
  119. lovetox from there you have a easier life
  120. lovetox but found testvectors if anyone is interested
  121. larma lovetox: you usually don't want to catch all URIs because *everything* is a valid uri
  122. larma You usually want to require a schema from a known set such that test:test is not linked
  123. larma or urn:xmpp:test should also not be linked
  124. Zash And not everything users expect to be clickable / links are valid URI/URLs either
  125. Zash www.example.com for example
  126. Zash or just example.com
  127. jonas’ rocketchat highlights every string with one or more dots in it
  128. larma Zash: it is a valid uri, just not what the user expects it to be ;)
  129. Zash jonas’: aaaaaaah
  130. jonas’ rocketchat highlights every string with one or more dots in it + ends in a list of TLDs they seem to have
  131. Zash that must be fun with random.typos you do on mobile where space and . are next to each other
  132. jonas’ it doesn’t highlight `foo.usqlhsvue` for example
  133. jonas’ but since ~everything is a TLD nowadays, it’s nearly indistinguishable
  134. Zash thanks icann, hope it was worth it
  135. Zash surely the root zone is available somewhere, or you can follow the nsec chain
  136. jonas’ hm, why is the nxdomain reply for A fooouhaeuiae. not signed?
  137. Zash foodnetwork. 86398 IN NSEC football. NS DS RRSIG NSEC foodnetwork. 86398 IN RRSIG ....
  138. Zash looks signed to me
  139. jonas’ hm, I blame the resolver
  140. jonas’ hm, I blame the recursor
  141. jonas’ I only get NSEC and RRSIG for NS queries
  142. jonas’ yeah, recursor’s fault.
  143. pulkomandy has left
  144. pulkomandy has joined
  145. debacle has joined
  146. asterix has left
  147. asterix has joined
  148. pulkomandy has left
  149. pulkomandy has joined
  150. asterix has left
  151. asterix has joined
  152. lovetox so is there a good reason to use the traditional tcp connection
  153. lovetox instead of websocket, if its available?
  154. lovetox there are some points that make websocket very appealing
  155. lovetox first, the a websocket message is its own parsable document
  156. lovetox which removes a lot of complexity with having to buffer or stream input
  157. jonas’ depends on your criteria for good reason
  158. jonas’ I consider "doesn’t need an HTTP stack" a good reason
  159. lovetox second, websocket implements its own keepalive mechanism so you dont have to do that yourself with sending whitespaces
  160. lovetox jonas’, i dont understand that argument, you need a networking lib
  161. Zash TCP has a keepalive mechanism too, your argument is invalid
  162. jonas’ lovetox, not talking about libraries
  163. jonas’ talking about the amount of technical cruft stacked onto each other
  164. jonas’ "Resource Exhaustion"
  165. asterix has left
  166. asterix has joined
  167. lovetox ok so there are no real cons to using websocket
  168. jonas’ I think that *is* a real con.
  169. lovetox with bosh it was, that there is too much overhead
  170. lovetox and its complex to implement
  171. Zash Everything you stated as positive is negative if you ask me
  172. serge90 has left
  173. jonas’ Zash, message delimiting would be nice for parsing, but using a stream parser is in any case better for limit enforcement
  174. lovetox jonas’, your argument depends on the env your develop, i can talk about mine, and adding libsoup as dependency which handles all my http stuff not just websocket
  175. lovetox is not a con
  176. jonas’ lovetox, except that you now have libsoup as dependency
  177. jonas’ more code, more cpu cycles burnt
  178. jonas’ you won’t get the Blauer Engel with that
  179. lovetox ok i hear you, but thats not a good "con" for me
  180. lovetox and dont know what you mean by limit enforcement
  181. lovetox but you can set a size limit on a websocket message
  182. serge90 has joined
  183. jonas’ lovetox, stanzas which try to exhaust resources in your stanza processing. this isn’t always easily covered with a size limit
  184. serge90 has left
  185. jonas’ for example, if tree depth is very expensive in your processing, you can get very deep messages with few bytes
  186. jonas’ you can catch this easily when using a stream paresr
  187. jonas’ you can catch this easily when using a stream parser
  188. serge90 has joined
  189. Zash Let me tell you about the overhead and resource leaks of creating a parser for every message
  190. lovetox really? whats so expensive about a parser object?
  191. lovetox ah resource leaks
  192. Zash Bunch of allocations and callbacks and stuff for every message vs just feeding an existing parser
  193. lovetox good point, but websocket does not exclude stream parsing
  194. lovetox i can still do that
  195. lovetox but that pro is then gone :)
  196. pulkomandy has left
  197. jonas’ (and once you have stream parsing, you also lose the size limit benefit)
  198. Zash Websockets would be nicer without the weird open and close elements. And the XOR masking madness
  199. lovetox jonas’, about http stack, i think there is no gui client or even xmpp client that is considered modern and can live without a http stack
  200. jonas’ lovetox, yes, but I don’t need the HTTP stack for the XMPP connection.
  201. jonas’ just for the HTTP things
  202. Zash Hammer says everything is a nail!
  203. lovetox Zash, to be honest, normally you dont have to care about that, your websocket lib should
  204. jonas’ I don’t want to live in a world where everything is passed over HTTP(S).
  205. Zash jonas’: same
  206. jonas’ (although it would be a good tale to tell the (grand-)kids)
  207. jonas’ ("back in ye olden days, where things were which were not JSON and not HTTP...")
  208. Zash Tell the story of why the number 443 is hard coded in the network stack
  209. pulkomandy has joined
  210. aj has joined
  211. pulkomandy Maybe when everything is inside https we can replace ipv4 with ipv6 and no one will notice
  212. asterix has left
  213. asterix has joined
  214. jonas’ no, HTTP will just hard-codedly connect to 1.1.1.1 which does URL-level routing
  215. Zash Except thanks to SNI and ALPN there's no need to replace IP.
  216. Zash Just route on those
  217. jonas’ Zash, ^5
  218. jonas’ in the end, quad1 is cloudflare. everything goes through cloudflare either way.
  219. jonas’ (okay, this turned way more realistic than I anticipated when I wrote my comment)
  220. sonny has joined
  221. Zash Better stop talking before you bring that nightmare closer to really than it already is
  222. Zash Better stop talking before you bring that nightmare closer to reality than it already is
  223. goffi has joined
  224. pulkomandy has left
  225. pulkomandy has joined
  226. aj has left
  227. pulkomandy has left
  228. pulkomandy has joined
  229. tsk has joined
  230. lovetox has left
  231. asterix has left
  232. asterix has joined
  233. lovetox has joined
  234. kikuchiyo has left
  235. pulkomandy has left
  236. asterix has left
  237. asterix has joined
  238. pulkomandy has joined
  239. UsL has left
  240. kikuchiyo has joined
  241. pulkomandy has left
  242. pulkomandy has joined
  243. Zash has left
  244. Zash has joined
  245. tsk has left
  246. tsk has joined
  247. lovetox has left
  248. asterix has left
  249. asterix has joined
  250. asterix has left
  251. asterix has joined
  252. asterix has left
  253. asterix has joined
  254. pulkomandy has left
  255. pulkomandy has joined
  256. tsk has left
  257. goffi has left
  258. goffi has joined
  259. asterix has left
  260. asterix has joined
  261. lovetox has joined
  262. asterix has left
  263. strar has left
  264. strar has joined
  265. lovetox has left
  266. lovetox has joined
  267. asterix has joined
  268. asterix has left
  269. asterix has joined
  270. asterix has left
  271. asterix has joined
  272. asterix has left
  273. asterix has joined
  274. asterix has left
  275. asterix has joined
  276. asterix has left
  277. asterix has joined
  278. asterix has left
  279. asterix has joined
  280. pulkomandy has left
  281. lovetox has left
  282. pulkomandy has joined
  283. asterix has left
  284. asterix has joined
  285. asterix has left
  286. asterix has joined
  287. asterix has left
  288. asterix has joined
  289. asterix has left
  290. asterix has joined
  291. asterix has left
  292. asterix has joined
  293. debacle has left
  294. lovetox has joined
  295. asterix has left
  296. asterix has joined
  297. kikuchiyo has left
  298. Wojtek has left
  299. asterix has left
  300. asterix has joined
  301. asterix has left
  302. asterix has joined
  303. debacle has joined
  304. pulkomandy has left
  305. Neustradamus has left
  306. asterix has left
  307. asterix has joined
  308. asterix has left
  309. asterix has joined
  310. pulkomandy has joined
  311. asterix has left
  312. asterix has joined
  313. dendang has joined
  314. tsk has joined
  315. lovetox is there a good reason to keep a BOSH impl as non-webclient, if you also have a websocket impl?
  316. jonas’ I don’t think there’s a good reason to keep a http-based impl on a non-webclient
  317. jonas’ but if anything, you should probably keep BOSH over websocket. someone said that on-list in the discussion about the 2020 compliance suites
  318. lovetox that argument was about page reloads in browsers
  319. Zash BOSH is probably more compatible with random weird web middleboxes
  320. lovetox does not concern desktop clients
  321. Zash The kind that the weird websocket XOR masking was meant to defeat and prevent from doing funking weirdness.
  322. jonas’ lovetox, no
  323. jonas’ maybe it was at a different place, too
  324. jonas’ I think someone had some (at least anecdotal) data that BOSH is the most-likely to succeed mechanism in troublesome networks
  325. jonas’ can’t find it though, and I don’t really want to argue in favour of any http-crap
  326. Zash jonas’, how do you feel about direct tls on port 443?
  327. jonas’ Zash, similarly bad
  328. jonas’ but not as bad as websockets
  329. Zash I have it deployed, which means free fuzzing by random web spiders
  330. Zash ALPN even! mod_net_multiplex \o/
  331. asterix has left
  332. asterix has joined
  333. lovetox i think may people use bosh because they hope to circumvent some firewalls
  334. lovetox not sure if websockets can be used for that
  335. Zash depending on the firewall you can get past by having normal xmpp on port 80 or 443, or direct tls, websocket on 443, and bosh should be the most compatible
  336. lovetox no probably not, because xmpp protocol is already announced in the header
  337. Zash depends if it's just port based or a full on http proxy
  338. lovetox hm, no this should work the http message is tls encrypted
  339. lovetox so how would a firewall know its an xmpp server
  340. pulkomandy has left
  341. moparisthebest I specifically wrote XEP-0368 because my work proxy let me connect to any TLS but only if it was on port 443
  342. Zash name in cert being jabber.something or xmpp.something?
  343. pulkomandy has joined
  344. lovetox yeah but in that case bosh does also not help
  345. moparisthebest and whatever firewall-from-hell they implemented that with is surely some black box that other orgs also have
  346. lovetox im still thinking about reasons to keep bosh
  347. Zash moparisthebest, open a change request with the department of ports
  348. moparisthebest I just yell at my desk instead, same effect
  349. lovetox my whole websocket code is 120 lines of code
  350. lovetox and thats boilerplate included
  351. lovetox so from that angle i really love websockets :)
  352. moparisthebest I think like Zash said, there likely exists HTTP middleboxes that would allow through BOSH and not Websocket
  353. Zash lovetox, how much code to tunnel XMPP over DNS?
  354. moparisthebest XMPP over DNS over XMPP ?
  355. moparisthebest XoDoX
  356. Zash Eh, why does searching for TCP over DNS give me HTTP servers?
  357. jonas’ lovetox, you forgot to count all the thousand lines of code in the HTTP stack on top of TCP
  358. moparisthebest Zash, https://code.kryo.se/iodine/ is the only one I know of
  359. Zash Found now
  360. Zash First hit was https://github.com/boazsegev/iodine
  361. asterix has left
  362. asterix has joined
  363. tsk has left
  364. lovetox has left
  365. rion has left
  366. rion has joined
  367. asterix has left
  368. asterix has joined
  369. debacle has left
  370. Neustradamus has joined
  371. Marc Laporte has joined
  372. Marc Laporte has left
  373. dendang has left
  374. sonny has left
  375. sonny has joined
  376. sonny has left
  377. sonny has joined
  378. strar has left
  379. strar has joined
  380. dendang has joined
  381. strar has left
  382. debacle has joined
  383. strar has joined
  384. sonny has left
  385. pulkomandy has left
  386. pulkomandy has joined
  387. paul has left
  388. asterix I do use bosh because at my work there is a port based firewall that prevent me to connect to normal XMPP port.
  389. asterix has left
  390. kikuchiyo has joined
  391. goffi has left