-
waqas
jonas’: XSLT isn't the only thing that's turing complete. I believe CSS is too. I think SVG might be. PDFs certainly are.
-
Neustradamus
https://matrix.org/blog/2019/04/11/security-incident/
-
moparisthebest
> However, if you use server-side encryption key backup (the default in Riot these days) or take manual key backups, you’ll be okay.
-
moparisthebest
Say what now
-
moparisthebest
Is that e2e where the server holds your key? Am I missing something???
-
waqas
moparisthebest: Search for "What is Key Backup?" on this page: https://webcache.googleusercontent.com/search?q=cache:4nsVLi1uc0AJ:https://about.riot.im/help+
-
waqas
If I'm reading that right, it means keys are encrypted via a password and stored on Riot's servers
-
moparisthebest
So then your chats are simply encrypted with a password and not a key? Why still pass keys around?
-
Arc
ugh. i am so over debating xmpp vs matrix.
-
Arc
or whatever new hotness is out
-
Ge0rG
https://upload.yax.im/upload/Y1CNWHyhNHs01sU8/Screenshot_20190412-074154_Firefox.jpg
-
Ge0rG
This is not how it's supposed to be, is it?
-
jonas’
waqas, CSS is turing complete? how that?
-
waqas
https://lemire.me/blog/2011/03/08/breaking-news-htmlcss-is-turing-complete/ — whether that's actually correct, I'll leave as an exercise for you
-
edhelas
https://github.com/matrix-org/matrix.org/issues/358
-
edhelas
ouch
-
Ge0rG
edhelas: there's a box full! https://github.com/matrix-org/matrix.org/issues/created_by/matrixnotorg
-
Guus
Yeah, it's pretty sad.
-
Arc
thanks for cheering me up
-
Guus
hi Arc!
-
Guus
how've you been?
-
Ge0rG
Everybody: harden your XMPP servers!
-
Seve
+1
-
Seve
Is a good warning for the rest of us
-
dwd
Oh, my.
-
Arc
Guus: great. I applied to add MIX to Prosody for a gsoc project
-
Arc
so that's a thing :-)
-
Guus
I've noticed 🙂
-
Arc
ive been reading up on MIX
-
Seve
And still alive?
- Seve jokes
-
Arc
actually Im liking what im seeing.
-
Seve
Nice.
-
Arc
MIX looks pretty clean, overall.
-
Arc
I haven't exactly grokked how jingle is intended to work over it..
-
dwd
Arc, It mostly is, but there's some details that are off, and it's still a fork-lift.
-
Arc
dwd: sure. thats expected. but I assume that changes that happen from this point will be minor and easily trackable
-
Arc
vs earlier when there was legitimate concern (and retrospectively, prophetic) that MIX would undergo an almost complete rewrite
-
Ge0rG
speaking of forklifts... is anyone working on IM-NG?
-
dwd
Arc, Maybe... I certainly think implementing it will shake a lot out. I'd like to see ESL and Andrew Nenakhov put their ideas on the table and see if we could merge in some of their experiences.
-
Arc
you mean the new serverless E2E decentralized chat system running on blockchain that some gen-z'er "invented"?
-
dwd
Arc, No, Erlang Solutions have a MUC-lite (I think) over XMPP in Mongoose IM. Andrew Nenakhov is Xabber, and other something similar-but-different.
-
Arc
ah ok.
-
dwd
Arc, Both, AFAIK, run without the home server being aware, so less fork-lifty. I think the user's home server being aware is very useful, but I'm worried about it being mandatory.
-
Arc
yea I was concerned to learn that the users XMPP server needed to be updated. that's concerning.
-
dwd
"benefits from" I think is a winner. "needs" is a blocker.
-
Arc
hmm.
-
Arc
well I'm happy to grab a pitchfork.
-
Arc
i mean, er, to start some heavy lifting, not in a frankenstein sense with torches
-
Arc
(I reserve the option to switch the meaning of that lol)
-
Ge0rG
dwd: have all the "needs" issues been sorted out? I've stopped taking care at some point, after repeating my arguments didn't lead to the results I hoped for.
-
Guus
hehe
-
Arc
but seriously I love the concept behind MIX and have been wanting to work on it for awhile.
-
Arc
all the better to be paid for the work
-
dwd
Ge0rG, I genuinely don't remember your arguments.
-
Ge0rG
dwd: me neither. There were things about making it possible to expose a MUC-style API and about who's storing the authoritative MAM archive
-
Ge0rG
also things like putting MIXes into the roster.
-
dwd
Ge0rG, The MUC interop was sorted. MAM cropped up recently, it's currently meant to be on the user's server sometimes and sometimes the MAM itself.
-
Arc
KISS
-
dwd
Ge0rG, And I think it's still a special roster thing.
-
Ge0rG
sometimes is the best kind of specification.
-
Ge0rG
dwd: special roster things require user server support to work.
-
Ge0rG
and break all the pre-mix clients.
-
Ge0rG
But I've made that argument, repeatedly, years ago.
-
dwd
Ge0rG, That's the smallest part of the server support, really.
-
dwd
Ge0rG, FWIW, Andrew Nenakhov's thing in Xabber also puts group chats into the roster. That alone doesn't strike me as a terrible thing, as long as they behave mostly like other roster entries.
-
Ge0rG
dwd: if it is such a small part, I'm sure we can figure out an alternative approach that is not a "needed" in your above sense.
-
dwd
Ge0rG, Yes, sure. Or we can ensure that on a naive server you can plonk a MIX into the roster without ill-effect to your server or other clients.
-
Arc
here's the crux of it - if there's sorting to be done for client, or client's server capabilities that are needed, lets get it sorted now. because the longer we mosh on it the longer it'll take to get that software updated.
-
Arc
Ge0rG: how does MIX break pre-mix clients? Wouldn't you just not be able to use MIX unless it had a muc-mirror setup?
-
Guus
dwd whenever I try to send messages to your JID, I'm getting "Sorry, an error occurred: <remote-server-not-found xmlns="urn:ietf:params:xml:ns:xmpp-stanzas"/>"
-
dwd
Guus, My abuse filtering is working perfectly? ;-)
-
Seve
Haha
-
Ge0rG
dwd: yes. This would be great. But the put-it-in-roster approach essentially guarantees that MIX elements get exposed to pre-MIX clients, and I'm not sure you can test them all for brekage
-
Guus
it probably is.
-
dwd
Guus, More seriously, that and many other things are on my todo list.
-
Guus
still, I'd like to abuse you.
-
Ge0rG
Arc: when a client goes online, its presence-available gets sent to the MIX, so the client will be probably automatically subscribed to all MIX traffic
-
Guus
Can I have a quick chat in private? 🙂
-
Guus
(also: how?)
-
Ge0rG
Guus: MUC-PMs!
-
dwd
Guus, I have sent messages to your other account.
-
Guus
oh, is that enabled here? we disabled it on ignite for abuse
-
Ge0rG
Guus: you disabled yourself for abuse?
-
Guus
... no?
-
Guus
(maybe I should)