-
lovetox
anyone knows of a totp/hotp client with GUI on linux?
-
lovetox
i only find commandline tools where i have to specify the key everytime again
-
Zash
I know only mobile variants, tho that's technically on Linux
-
Link Mauve
lovetox, can’t you store the key somewhere and pipe that into your CLI tool automatically?
-
lovetox
Link Mauve, i can imagine this works for you with your 500 keystrokes per minute
-
lovetox
i want a simple gui, where all my pages are listed, i click one button and get a new password for that page
-
Zash
Isn't the point that a second physical device is needed?
-
Link Mauve
lovetox, what is a page in this context?
-
lovetox
a website
-
Zash
wrap the cli in a script and pop up a dialog with zenity?
-
lovetox
ah foundone
-
Zash
https://github.com/search?q=totp+gui has a few results
-
lovetox
https://share.hoerist.com/philipp/DCspAml7xkgzvs6E/c8d69a41-a4e2-4a9b-95ed-2639bac231f9.png
-
lovetox
see something like that
-
jonas’
ahaha netcup
-
jonas’
that name is so unfortunate
-
larma
lovetox: some password managers can do that
-
larma
Zash: it's not about a second device, it's about the second factor of ownership (having a physical device) in contrast to only knowledge (password)
-
lovetox
i now try nginx, apache with its 10 folders, where X conf files live and all get imported on top of each other
-
lovetox
im trying since 20 minutes to disable hsts, and i simply cant do it
-
lovetox
not feeling it
-
jonas’
lovetox, you should join programming@chat.cluxia.eu, your questions are more on-topic there :)✎ -
lovetox
no join link :/
-
jonas’
lovetox, you should join xmpp:programming@chat.cluxia.eu?join, your questions are more on-topic there :) ✏
-
jonas’
lies!
-
lovetox
i have to add a feature in Gajim where when you copy a groupchat it always makes join links
-
lovetox
and "," beeing allowed in URLs does things not make better
-
lovetox
:D
-
lovetox
this reminds me to make the url regex in Gajim better
-
lovetox
something like if a space follows a "," ignore the ","
-
jonas’
uh, that sounds like a smart rule
-
Zash
Punctuation at the end might work as a general rule
- lovetox starts to look at the code for that
-
larma
we have that in Dino now as well, though we don't handle ... yet
-
larma
one character might be not enough 😉
-
larma
also remember to count parenthesis if you don't do that already 😉
-
Zash
I wrote some code somewhere that strips brackets if there's a matching bracket just before the url
-
Zash
so (http://example.com/) works without including the )
-
jonas’
> count parenthesis > regex -EIMPOSSIBLE
-
Zash
count? no. just (.)(urlregexhere) and `if match[1] == "(" and stuff:endswith(")") then` strip that
-
lovetox
http://-.~_!$&'()*+,;=:%40:80%2f::::::@example.com
-
lovetox
valid uri :)
-
jonas’
but not common ;)
-
jonas’
though with browsers escaping ( and ) when copying to clipboard, I think it might even be viable to simply forbid () in URL regexes.✎ -
lovetox
its funny that there is no public available regex that can match all URIs in a text
-
jonas’
~though with browsers escaping ( and ) when copying to clipboard, I think it might even be viable to simply forbid () in URL regexes.~ doesn’t seem to be the case (anymore?) ✏
-
lovetox
there are some that are better than others
-
Zash
or http://[db8:f00::baa%eth0]:80/
-
Zash
are urls even regular?
-
jonas’
probably not
-
Zash
wasn't url parsing one of the first things mozilla rewrote in rust?
-
lovetox
so if you want to show clickable uris in your client, first accept you will not catch all valid urls :)
-
lovetox
from there you have a easier live✎ -
lovetox
from there you have a easier life ✏
-
lovetox
but found testvectors if anyone is interested
-
larma
lovetox: you usually don't want to catch all URIs because *everything* is a valid uri
-
larma
You usually want to require a schema from a known set such that test:test is not linked
-
larma
or urn:xmpp:test should also not be linked
-
Zash
And not everything users expect to be clickable / links are valid URI/URLs either
-
Zash
www.example.com for example
-
Zash
or just example.com
-
jonas’
rocketchat highlights every string with one or more dots in it✎ -
larma
Zash: it is a valid uri, just not what the user expects it to be ;)
-
Zash
jonas’: aaaaaaah
-
jonas’
rocketchat highlights every string with one or more dots in it + ends in a list of TLDs they seem to have ✏
-
Zash
that must be fun with random.typos you do on mobile where space and . are next to each other
-
jonas’
it doesn’t highlight `foo.usqlhsvue` for example
-
jonas’
but since ~everything is a TLD nowadays, it’s nearly indistinguishable
-
Zash
thanks icann, hope it was worth it
-
Zash
surely the root zone is available somewhere, or you can follow the nsec chain
-
jonas’
hm, why is the nxdomain reply for A fooouhaeuiae. not signed?
-
Zash
foodnetwork. 86398 IN NSEC football. NS DS RRSIG NSEC foodnetwork. 86398 IN RRSIG ....
-
Zash
looks signed to me
-
jonas’
hm, I blame the resolver✎ -
jonas’
hm, I blame the recursor ✏
-
jonas’
I only get NSEC and RRSIG for NS queries
-
jonas’
yeah, recursor’s fault.
-
lovetox
so is there a good reason to use the traditional tcp connection
-
lovetox
instead of websocket, if its available?
-
lovetox
there are some points that make websocket very appealing
-
lovetox
first, the a websocket message is its own parsable document
-
lovetox
which removes a lot of complexity with having to buffer or stream input
-
jonas’
depends on your criteria for good reason
-
jonas’
I consider "doesn’t need an HTTP stack" a good reason
-
lovetox
second, websocket implements its own keepalive mechanism so you dont have to do that yourself with sending whitespaces
-
lovetox
jonas’, i dont understand that argument, you need a networking lib
-
Zash
TCP has a keepalive mechanism too, your argument is invalid
-
jonas’
lovetox, not talking about libraries
-
jonas’
talking about the amount of technical cruft stacked onto each other
-
jonas’
"Resource Exhaustion"
-
lovetox
ok so there are no real cons to using websocket
-
jonas’
I think that *is* a real con.
-
lovetox
with bosh it was, that there is too much overhead
-
lovetox
and its complex to implement
-
Zash
Everything you stated as positive is negative if you ask me
-
jonas’
Zash, message delimiting would be nice for parsing, but using a stream parser is in any case better for limit enforcement
-
lovetox
jonas’, your argument depends on the env your develop, i can talk about mine, and adding libsoup as dependency which handles all my http stuff not just websocket
-
lovetox
is not a con
-
jonas’
lovetox, except that you now have libsoup as dependency
-
jonas’
more code, more cpu cycles burnt
-
jonas’
you won’t get the Blauer Engel with that
-
lovetox
ok i hear you, but thats not a good "con" for me
-
lovetox
and dont know what you mean by limit enforcement
-
lovetox
but you can set a size limit on a websocket message
-
jonas’
lovetox, stanzas which try to exhaust resources in your stanza processing. this isn’t always easily covered with a size limit
-
jonas’
for example, if tree depth is very expensive in your processing, you can get very deep messages with few bytes
-
jonas’
you can catch this easily when using a stream paresr✎ -
jonas’
you can catch this easily when using a stream parser ✏
-
Zash
Let me tell you about the overhead and resource leaks of creating a parser for every message
-
lovetox
really? whats so expensive about a parser object?
-
lovetox
ah resource leaks
-
Zash
Bunch of allocations and callbacks and stuff for every message vs just feeding an existing parser
-
lovetox
good point, but websocket does not exclude stream parsing
-
lovetox
i can still do that
-
lovetox
but that pro is then gone :)
-
jonas’
(and once you have stream parsing, you also lose the size limit benefit)
-
Zash
Websockets would be nicer without the weird open and close elements. And the XOR masking madness
-
lovetox
jonas’, about http stack, i think there is no gui client or even xmpp client that is considered modern and can live without a http stack
-
jonas’
lovetox, yes, but I don’t need the HTTP stack for the XMPP connection.
-
jonas’
just for the HTTP things
-
Zash
Hammer says everything is a nail!
-
lovetox
Zash, to be honest, normally you dont have to care about that, your websocket lib should
-
jonas’
I don’t want to live in a world where everything is passed over HTTP(S).
-
Zash
jonas’: same
-
jonas’
(although it would be a good tale to tell the (grand-)kids)
-
jonas’
("back in ye olden days, where things were which were not JSON and not HTTP...")
-
Zash
Tell the story of why the number 443 is hard coded in the network stack
-
pulkomandy
Maybe when everything is inside https we can replace ipv4 with ipv6 and no one will notice
-
jonas’
no, HTTP will just hard-codedly connect to 1.1.1.1 which does URL-level routing
-
Zash
Except thanks to SNI and ALPN there's no need to replace IP.
-
Zash
Just route on those
-
jonas’
Zash, ^5
-
jonas’
in the end, quad1 is cloudflare. everything goes through cloudflare either way.
-
jonas’
(okay, this turned way more realistic than I anticipated when I wrote my comment)
-
Zash
Better stop talking before you bring that nightmare closer to really than it already is✎ -
Zash
Better stop talking before you bring that nightmare closer to reality than it already is ✏
-
lovetox
is there a good reason to keep a BOSH impl as non-webclient, if you also have a websocket impl?
-
jonas’
I don’t think there’s a good reason to keep a http-based impl on a non-webclient
-
jonas’
but if anything, you should probably keep BOSH over websocket. someone said that on-list in the discussion about the 2020 compliance suites
-
lovetox
that argument was about page reloads in browsers
-
Zash
BOSH is probably more compatible with random weird web middleboxes
-
lovetox
does not concern desktop clients
-
Zash
The kind that the weird websocket XOR masking was meant to defeat and prevent from doing funking weirdness.
-
jonas’
lovetox, no
-
jonas’
maybe it was at a different place, too
-
jonas’
I think someone had some (at least anecdotal) data that BOSH is the most-likely to succeed mechanism in troublesome networks
-
jonas’
can’t find it though, and I don’t really want to argue in favour of any http-crap
-
Zash
jonas’, how do you feel about direct tls on port 443?
-
jonas’
Zash, similarly bad
-
jonas’
but not as bad as websockets
-
Zash
I have it deployed, which means free fuzzing by random web spiders
-
Zash
ALPN even! mod_net_multiplex \o/
-
lovetox
i think may people use bosh because they hope to circumvent some firewalls
-
lovetox
not sure if websockets can be used for that
-
Zash
depending on the firewall you can get past by having normal xmpp on port 80 or 443, or direct tls, websocket on 443, and bosh should be the most compatible
-
lovetox
no probably not, because xmpp protocol is already announced in the header
-
Zash
depends if it's just port based or a full on http proxy
-
lovetox
hm, no this should work the http message is tls encrypted
-
lovetox
so how would a firewall know its an xmpp server
-
moparisthebest
I specifically wrote XEP-0368 because my work proxy let me connect to any TLS but only if it was on port 443
-
Zash
name in cert being jabber.something or xmpp.something?
-
lovetox
yeah but in that case bosh does also not help
-
moparisthebest
and whatever firewall-from-hell they implemented that with is surely some black box that other orgs also have
-
lovetox
im still thinking about reasons to keep bosh
-
Zash
moparisthebest, open a change request with the department of ports
-
moparisthebest
I just yell at my desk instead, same effect
-
lovetox
my whole websocket code is 120 lines of code
-
lovetox
and thats boilerplate included
-
lovetox
so from that angle i really love websockets :)
-
moparisthebest
I think like Zash said, there likely exists HTTP middleboxes that would allow through BOSH and not Websocket
-
Zash
lovetox, how much code to tunnel XMPP over DNS?
-
moparisthebest
XMPP over DNS over XMPP ?
-
moparisthebest
XoDoX
-
Zash
Eh, why does searching for TCP over DNS give me HTTP servers?
-
jonas’
lovetox, you forgot to count all the thousand lines of code in the HTTP stack on top of TCP
-
moparisthebest
Zash, https://code.kryo.se/iodine/ is the only one I know of
-
Zash
Found now
-
Zash
First hit was https://github.com/boazsegev/iodine
-
asterix
I do use bosh because at my work there is a port based firewall that prevent me to connect to normal XMPP port.