XSF logo XSF Discussion - 2018-10-15


  1. blabla has left
  2. dedekin has joined
  3. vanitasvitae has left
  4. j.r has joined
  5. j.r has joined
  6. moparisthebest has left
  7. moparisthebest has joined
  8. lskdjf has joined
  9. efrit has left
  10. guusdk has left
  11. Guus has left
  12. Guus has joined
  13. guusdk has joined
  14. lskdjf has joined
  15. SamWhited has left
  16. Steve Kille has left
  17. lskdjf has joined
  18. lskdjf has joined
  19. moparisthebest jonas’: unless/until Cisco takes it away haha
  20. intosi has joined
  21. intosi has joined
  22. daniel has joined
  23. andrey.g has left
  24. andrey.g has joined
  25. intosi has left
  26. intosi has joined
  27. intosi has left
  28. intosi has joined
  29. mrdoctorwho has joined
  30. mrdoctorwho has joined
  31. ta has joined
  32. Yagiza has joined
  33. mrdoctorwho has left
  34. mrdoctorwho has joined
  35. daniel has left
  36. daniel has joined
  37. daniel has left
  38. daniel has joined
  39. lorddavidiii has joined
  40. lumi has joined
  41. lskdjf has joined
  42. mimi89999 has left
  43. ta has left
  44. lumi has left
  45. alacer has joined
  46. Nekit has joined
  47. l has left
  48. l has joined
  49. moparisthebest has joined
  50. lskdjf has left
  51. lskdjf has joined
  52. alacer has left
  53. lskdjf has joined
  54. SamWhited has left
  55. lovetox has joined
  56. Valerian has joined
  57. daniel has left
  58. daniel has joined
  59. Valerian has left
  60. Valerian has joined
  61. Maranda has left
  62. Valerian has joined
  63. Maranda has joined
  64. Valerian has joined
  65. Valerian has left
  66. Valerian has joined
  67. daniel has left
  68. lovetox has left
  69. lovetox has joined
  70. lovetox has left
  71. lovetox has joined
  72. lorddavidiii has left
  73. lovetox has left
  74. lovetox has joined
  75. lovetox has left
  76. lovetox has joined
  77. lovetox has left
  78. lovetox has joined
  79. lovetox has left
  80. moparisthebest has left
  81. moparisthebest has joined
  82. intosi has left
  83. intosi has joined
  84. Valerian has left
  85. intosi has left
  86. intosi has joined
  87. lnj has joined
  88. andy has joined
  89. andy has left
  90. andy has joined
  91. Valerian has joined
  92. Valerian has left
  93. lnj has left
  94. lnj has joined
  95. Nekit has left
  96. lnj has left
  97. lnj has joined
  98. labdsf has left
  99. l has joined
  100. Valerian has joined
  101. Nekit has joined
  102. thorsten has left
  103. Zash has left
  104. intosi has left
  105. intosi has joined
  106. Nekit has left
  107. Nekit has joined
  108. intosi has left
  109. intosi has joined
  110. guusdk has left
  111. guusdk has joined
  112. Tobias has joined
  113. Tobias has joined
  114. guusdk has left
  115. guusdk has joined
  116. Zash has left
  117. intosi has left
  118. intosi has joined
  119. Zash has joined
  120. jonas’ anyone have a good suggestion how to validate that a listing of a service in disco#items is actually intended by the listed service? I’m asking in the context of muclumbus/search: it is easy for an adversary to list a service in their disco#items which is accessible via s2s, but which doesn’t want to be listed. For example, if someone wanted to host a "hidden" IRC gateway and someone else noted that, someone else could add it to their disco#items and thus un-hide it.
  121. intosi has joined
  122. tux has joined
  123. Kev has left
  124. winfried has left
  125. winfried has joined
  126. intosi has left
  127. intosi has joined
  128. labdsf has joined
  129. marc has joined
  130. Zash has left
  131. Alex has joined
  132. dedekin has left
  133. Alex has left
  134. Zash has joined
  135. labdsf has left
  136. labdsf has joined
  137. dedekin has joined
  138. dedekin has left
  139. dedekin has joined
  140. intosi has left
  141. intosi has joined
  142. marc has left
  143. UsL has left
  144. UsL has joined
  145. alacer has joined
  146. alacer has left
  147. Kev has left
  148. alacer has joined
  149. Alex has left
  150. mimi89999 has left
  151. Yagiza has left
  152. Yagiza has joined
  153. flow jonas’, you could possibly filter out items with an xmpp address not being a "child" address of the requested entity
  154. intosi has joined
  155. intosi has joined
  156. winfried has joined
  157. intosi has left
  158. intosi has joined
  159. jonas’ flow, how would one determine that?
  160. jonas’ DNS-based? :/
  161. flow xmpp address based?
  162. flow and this means domainpart based
  163. flow but maybe I misunderstand the question
  164. flow and, yes, this becomes likely infeasiable if the domainpart is an IP address
  165. flow but if you example.org announce muc.foo.org, then I'd filter it
  166. jonas’ right, so DNS based
  167. jonas’ it should be zone based though, and that’s tricky to do
  168. jonas’ and many not even be generally correct.
  169. jonas’ *sigh*
  170. Kev has left
  171. Kev has left
  172. flow zone based?
  173. intosi has joined
  174. intosi has joined
  175. jonas’ you need to take into account authority breaks in DNS, i.e. delegations
  176. flow jonas’, I'm curious, has this turned out to be a practical problem? Did someone complain?
  177. jonas’ co.uk. should not be allowed to advertise stuff for fnord.co.uk ;-)
  178. jonas’ no, nobody complained yet, but I’d like to play it safe with resources like IRC gateways
  179. jonas’ which are easy to abuse
  180. jonas’ or may be easy to abuse
  181. jonas’ or something
  182. jonas’ pep. pre-emptively complained when I threw the idea of listing IRC gateways around in some MUC
  183. flow jonas’, I'm not sure about this, isn't the parent domain is always able to redirect your users?
  184. winfried has joined
  185. jonas’ flow, with an attack on DNS, yes.
  186. jonas’ with an attack on DNS, you can do a lot of things
  187. flow jonas’, no
  188. flow just because it's your parent domain
  189. flow you have to trust it anyways
  190. jonas’ I’d count "replace NS records with something I don’t intend them to be" as an attack :)
  191. jonas’ even if they have the power to do so by design
  192. flow so you trust them to not do that, but you don't trust them to announce your services?
  193. flow bbl, SIGFOOD
  194. jonas’ I think my preferred way would be to require the child-components disco#items to also include the parent-service, but that’s probably infeasible.
  195. jonas’ gl
  196. vanitasvitae has left
  197. vanitasvitae has joined
  198. alexde has joined
  199. thorsten has joined
  200. dedekin has left
  201. dedekin has joined
  202. pep. jonas’, really I shouldn't have to wait that you start listing them to filter traffic if I don't want people to use it, but you're the force pushing me to atm :P
  203. intosi has joined
  204. intosi has joined
  205. pep. I know my gateway is not used by anybody I don't want to, for the moment
  206. j.r has left
  207. j.r has joined
  208. ji-ef has joined
  209. alacer has left
  210. efrit has joined
  211. flow pep., if you don't want your gateway to be used by other entities on the network it surely provides an options to restrict its usage to local users only?
  212. intosi has joined
  213. intosi has joined
  214. Steve Kille has joined
  215. pep. flow, I want _some_ s2s users to be able to use it, so mod_firewall, plus additional tricks for disco#items maybe
  216. flow pep., allright, so whiteliste the entities that are allowed to use it. Doesn't that solve the problem?
  217. pep. probably, I just need to do it. I didn't need to until now
  218. flow (And I know that whitelisting can be tricky, depending on the used software. But hiding isn't a solution either)
  219. flow pep., I'd argue that you needed to do it before too
  220. Valerian has left
  221. Valerian has joined
  222. pep. Well I've been somewhat monitoring access to that and it's not being abused
  223. pep. But yeah I agree
  224. flow pep., that could change now, especially since you mentioned publicly that you run an open gateway :-P
  225. flow I think it is askin to running an open mail relay
  226. Valerian has left
  227. pep. I know
  228. flow *akin
  229. pep. I don't especially agree with the open mail relay thing
  230. pep. It's not like I was running an open j2j gateway
  231. pep. You could want to run an open IRC gateway, and some services do already
  232. pep. (And eventually I may open that gateway as well)
  233. intosi has joined
  234. Valerian has joined
  235. Valerian has left
  236. UsL has joined
  237. dedekin has left
  238. dedekin has joined
  239. matlag has left
  240. matlag has joined
  241. Zash has left
  242. efrit has left
  243. Zash has left
  244. jonas’ pep., I have a set of mod_firewall rules which do that (allow all local users + s2s whitelist)
  245. intosi has joined
  246. intosi has joined
  247. pep. jonas’, yeah, working on it
  248. jonas’ pep., %LIST whitelist: file:/etc/prosody/fw/data/biboumi-whitelist.txt %ZONE biboumi: irc.zombofant.net ::deliver ENTERING: biboumi ENTERING: $local NOT CHECK LIST: whitelist contains $<@from|bare> LOG=[debug] dropping inbound message to biboumi from $<@from|bare> BOUNCE=forbidden (You are not allowed to access this host.) ::deliver_remote LEAVING: biboumi NOT TYPE: error NOT CHECK LIST: whitelist contains $<@to|bare> LOG=[debug] dropping outbound message from biboumi to $<@to|bare> BOUNCE=forbidden (The destination is not authorized to access this host.)
  249. intosi has left
  250. intosi has joined
  251. Valerian has joined
  252. ji-ef has left
  253. UsL has joined
  254. Link Mauve has joined
  255. Steve Kille has left
  256. tux has left
  257. UsL has joined
  258. intosi has left
  259. intosi has joined
  260. Zash has left
  261. ta has left
  262. intosi has left
  263. intosi has joined
  264. ThibG has left
  265. ThibG has joined
  266. guusdk has left
  267. guusdk has joined
  268. guusdk has left
  269. guusdk has joined
  270. guusdk has left
  271. guusdk has joined
  272. dedekin has left
  273. jjrh has left
  274. jjrh has joined
  275. lnj has left
  276. lnj has joined
  277. Alex has joined
  278. guusdk has left
  279. guusdk has joined
  280. guusdk has left
  281. guusdk has joined
  282. dedekin has joined
  283. pep. has left
  284. guusdk has left
  285. lumi has joined
  286. genofire has joined
  287. jjrh has left
  288. jjrh has joined
  289. guusdk has left
  290. guusdk has joined
  291. Steve Kille has left
  292. Steve Kille has joined
  293. edhelas has joined
  294. intosi has left
  295. intosi has joined
  296. Holger has left
  297. intosi has left
  298. intosi has joined
  299. !xsf_martin has joined
  300. Steve Kille has left
  301. jjrh has left
  302. jjrh has joined
  303. jjrh has left
  304. jjrh has joined
  305. mightyBroccoli has left
  306. mightyBroccoli has joined
  307. matlag has left
  308. matlag has joined
  309. Andrew Nenakhov has left
  310. Andrew Nenakhov has joined
  311. intosi has left
  312. intosi has joined
  313. mimi89999 has left
  314. Andrew Nenakhov has joined
  315. intosi has left
  316. intosi has joined
  317. intosi has joined
  318. intosi has joined
  319. l has joined
  320. Steve Kille has joined
  321. rion has left
  322. intosi has joined
  323. nyco has joined
  324. nyco has left
  325. pep. has left
  326. pep. has left
  327. pep. has joined
  328. lskdjf has joined
  329. pep. has left
  330. pep. has left
  331. andy has left
  332. Steve Kille has left
  333. matlag has left
  334. l has left
  335. l has joined
  336. matlag has joined
  337. intosi has left
  338. intosi has joined
  339. pep. has left
  340. Maranda has joined
  341. marc has joined
  342. labdsf has left
  343. matlag has left
  344. matlag has joined
  345. labdsf has joined
  346. intosi has left
  347. intosi has joined
  348. rion has left
  349. rion has left
  350. !xsf_martin has left
  351. !xsf_martin has joined
  352. Valerian has left
  353. efrit has joined
  354. dwd has left
  355. matlag has left
  356. matlag has joined
  357. efrit has left
  358. efrit has joined
  359. alacer has joined
  360. Steve Kille has joined
  361. alacer has left
  362. l has joined
  363. l has joined
  364. intosi has left
  365. intosi has joined
  366. UsL has left
  367. UsL has joined
  368. Guus has left
  369. intosi has left
  370. intosi has joined
  371. efrit has left
  372. rion has left
  373. rion has left
  374. matlag has left
  375. matlag has joined
  376. Alex has left
  377. waqas has left
  378. matlag has left
  379. jjrh has left
  380. jjrh has joined
  381. matlag has joined
  382. Alex has joined
  383. Alex has left
  384. genofire has left
  385. jjrh has left
  386. jjrh has joined
  387. jjrh has left
  388. jjrh has joined
  389. rion has left
  390. vanitasvitae has left
  391. intosi has left
  392. intosi has joined
  393. lskdjf has joined
  394. jjrh has left
  395. jjrh has joined
  396. peter has joined
  397. jjrh has left
  398. jjrh has joined
  399. genofire has joined
  400. intosi has left
  401. intosi has joined
  402. ta has joined
  403. j.r has left
  404. moparisthebest has left
  405. moparisthebest has joined
  406. j.r has joined
  407. Nekit has left
  408. Nekit has joined
  409. intosi has left
  410. intosi has joined
  411. jjrh has left
  412. jjrh has joined
  413. jjrh has left
  414. jjrh has joined
  415. jjrh has left
  416. jjrh has joined
  417. matlag has left
  418. matlag has joined
  419. jjrh has left
  420. jjrh has joined
  421. ralphm has left
  422. ralphm has joined
  423. Andrew Nenakhov has left
  424. Steve Kille has left
  425. ji-ef has joined
  426. matlag has left
  427. matlag has joined
  428. waqas has joined
  429. blabla has left
  430. daniel has joined
  431. matlag has left
  432. matlag has joined
  433. Zash has left
  434. intosi has joined
  435. intosi has joined
  436. moparisthebest has joined
  437. intosi has left
  438. intosi has joined
  439. moparisthebest has joined
  440. lorddavidiii has joined
  441. lskdjf has joined
  442. karp has joined
  443. !xsf_martin has left
  444. guusdk has left
  445. guusdk has joined
  446. guusdk has left
  447. guusdk has joined
  448. l has left
  449. l has joined
  450. jonas’ hm, maybe it would make sense to require publicly listed gateways to publish contact information.
  451. labdsf has left
  452. !xsf_martin has joined
  453. Steve Kille has joined
  454. ta has left
  455. ta has joined
  456. Valerian has joined
  457. 404.city has joined
  458. moparisthebest has left
  459. moparisthebest has joined
  460. daniel has left
  461. daniel has joined
  462. Guus has left
  463. !xsf_martin has joined
  464. marc has left
  465. SamWhited has left
  466. !xsf_martin has joined
  467. alexde has left
  468. alexde has joined
  469. jere has joined
  470. ThibG has left
  471. ThibG has joined
  472. !xsf_martin has left
  473. lskdjf has joined
  474. dedekin has left
  475. l has left
  476. l has joined
  477. jere has left
  478. jere has joined
  479. dedekin has joined
  480. Alex has joined
  481. Alex has left
  482. thorsten has left
  483. jere has left
  484. ThibG has left
  485. ThibG has joined
  486. matlag has left
  487. matlag has joined
  488. intosi has joined
  489. intosi has joined
  490. intosi has left
  491. intosi has joined
  492. Alex has left
  493. lnj has left
  494. Valerian has left
  495. Valerian has joined
  496. Valerian has left
  497. jonas’ hrm, so there’s no way to detect MIXness of a group chat service from the identity alone?
  498. daniel has left
  499. intosi has joined
  500. intosi has joined
  501. labdsf has joined
  502. Guus has left
  503. daniel has joined
  504. flow jonas’, I think this is by design (but could be wrong)
  505. intosi has joined
  506. intosi has joined
  507. mrdoctorwho has joined
  508. alexde has left
  509. alexde has joined
  510. mrdoctorwho has joined
  511. blabla has left
  512. Steve Kille has left
  513. Guus has left
  514. edhelas has left
  515. edhelas has joined
  516. intosi has joined
  517. intosi has joined
  518. Ge0rG > hm, maybe it would make sense to require publicly listed gateways to publish contact information. jonas’: Contact Addresses would fit, but it must be in a server info dataform
  519. jonas’ Ge0rG, I’m confused
  520. jonas’ that’s exactly what I was talking about?
  521. jonas’ but you make it sound like it would be a problem
  522. matlag has left
  523. matlag has joined
  524. alexde has left
  525. alexde has joined
  526. waqas has left
  527. Ge0rG I'm not a disco specialist, do components come with a http://jabber.org/network/serverinfo record by default?
  528. jonas’ what is that?
  529. Zash xep 157 ?
  530. jonas’ ah, that
  531. jonas’ right
  532. jonas’ Ge0rG, probably not, but they should
  533. Ge0rG How many data forms can you fit into one query result?
  534. Zash Ge0rG: unbounded
  535. jonas’ Ge0rG, given that conference.jabber.org returns ALL the rooms in a single disco#items, I think we’re good.
  536. jonas’ (and I think you can see when muclumbus queries conference.jabber.org in the traffic graphs because it creates a fun spike)
  537. Ge0rG Zash: speaking of real life implementations.
  538. jonas’ (and then it discards the result due to malformed JIDs *shrug*)
  539. Zash this kills the terminal
  540. Zash Ge0rG: You can have more than one dataform, like you can have more than one identity and more than one feature
  541. Zash I think I've seen at most two forms
  542. Zash ... maybe I did that myself tho, not sure
  543. Ge0rG Zash: I've had a look into how poezio processes such a response. I vaguely kept my sanity.
  544. jonas’ Ge0rG, https://lab.louiz.org/louiz/biboumi/issues/3388 ;-)
  545. matlag has left
  546. matlag has joined
  547. Ge0rG jonas’: 👍
  548. intosi has joined
  549. Steve Kille has joined
  550. Steve Kille has left
  551. Zash jonas’: I was about to open an issue in biboumi for 157 but was distracted and now someone already did it
  552. jonas’ "someone" :)
  553. Zash SOMEONE
  554. blabla has left
  555. ThibG has left
  556. ThibG has joined
  557. l has joined
  558. l has joined
  559. Zash Hm, do MUCs commonly have 157?
  560. intosi has joined
  561. Ge0rG Zash: I can't imagine. Should they?
  562. Zash Why not?
  563. jonas’ Ge0rG, a contact for an admin when you’re facing an attack in one of your room seems useful
  564. Maranda They could..
  565. Maranda I honestly never put contact info on components
  566. Ge0rG jonas’: on the MUC domain? Sure, would be good
  567. Maranda (as long as you dont service the muc alone)
  568. Yagiza has left
  569. Maranda (i suppose ppl will look at the upper level domain info)
  570. jonas’ that’s not a good thing to do automatedly though
  571. pep. I have that server_contact loaded on every single vhost/component fwiw
  572. l has joined
  573. l has joined
  574. blabla has left
  575. matlag has left
  576. matlag has joined
  577. matlag has left
  578. matlag has joined
  579. labdsf has left
  580. labdsf has joined
  581. Maranda I have it integrated in mod_disco but not every component will use it so (also external components wont at all) it can be tricky for those anyways
  582. intosi has joined
  583. intosi has joined
  584. intosi has left
  585. intosi has joined
  586. intosi has joined
  587. intosi has joined
  588. matlag has left
  589. matlag has joined
  590. valo has left
  591. valo has joined
  592. labdsf has left
  593. labdsf has joined
  594. labdsf has left
  595. labdsf has joined
  596. Steve Kille has left
  597. lorddavidiii has left
  598. jjrh has left
  599. jjrh has joined
  600. jjrh has left
  601. jjrh has joined
  602. intosi has joined
  603. intosi has joined
  604. alexde has left
  605. alexde has joined
  606. matlag has left
  607. matlag has joined
  608. 404.city has left
  609. 404.city has joined
  610. marc has joined
  611. intosi has joined
  612. dedekin has left
  613. jjrh has left
  614. jjrh has joined
  615. jjrh has left
  616. jjrh has joined
  617. 404.city has left
  618. alexde has left
  619. Steve Kille has left
  620. jjrh has left
  621. jjrh has joined
  622. labdsf has left
  623. lnj has left
  624. Steve Kille has joined
  625. ji-ef has joined
  626. SamWhited has left
  627. labdsf has joined
  628. Nekit has joined
  629. Steve Kille has left
  630. Steve Kille has joined
  631. intosi has left
  632. intosi has joined
  633. ThibG has joined
  634. ThibG has joined
  635. Maranda has left
  636. matlag has left
  637. matlag has joined
  638. marc has left
  639. intosi has joined
  640. intosi has joined
  641. lorddavidiii has joined
  642. lnj has left
  643. waqas has joined
  644. lnj has left
  645. js has joined
  646. jjrh has left
  647. jjrh has joined
  648. matlag has left
  649. matlag has joined
  650. lorddavidiii has left
  651. matlag has left
  652. matlag has joined
  653. lumi has left
  654. Zash has left
  655. blabla has left
  656. thorsten has left
  657. thorsten has joined
  658. matlag has left
  659. matlag has joined
  660. matlag has left
  661. matlag has joined
  662. intosi has left
  663. Zash has left
  664. intosi has joined
  665. MattJ has joined
  666. blabla has left
  667. blabla has joined
  668. lskdjf has joined
  669. Alex has joined
  670. Alex has left
  671. peter has left
  672. Andrew Nenakhov has left
  673. Andrew Nenakhov has left
  674. Andrew Nenakhov has joined
  675. Syndace has joined
  676. intosi has left
  677. intosi has joined
  678. peter has joined
  679. UsL has left
  680. lskdjf has joined
  681. lskdjf has joined
  682. matlag has left
  683. matlag has joined