larmaZash: it's not about a second device, it's about the second factor of ownership (having a physical device) in contrast to only knowledge (password)
wurstsalathas joined
kikuchiyohas joined
lovetoxhas left
lovetoxhas joined
debaclehas joined
sonnyhas left
pulkomandyhas left
pulkomandyhas joined
lovetoxhas left
lovetoxhas joined
lovetoxi now try nginx, apache with its 10 folders, where X conf files live and all get imported on top of each other
lovetoxim trying since 20 minutes to disable hsts, and i simply cant do it
lovetoxnot feeling it
jonas’lovetox, you should join programming@chat.cluxia.eu, your questions are more on-topic there :)
lovetoxno join link :/
jonas’lovetox, you should join xmpp:programming@chat.cluxia.eu?join, your questions are more on-topic there :)
jonas’lies!
lovetoxi have to add a feature in Gajim where when you copy a groupchat it always makes join links
lovetoxand "," beeing allowed in URLs does things not make better
lovetox:D
lovetoxthis reminds me to make the url regex in Gajim better
asterixhas left
lovetoxsomething like if a space follows a "," ignore the ","
asterixhas joined
asterixhas left
asterixhas joined
jonas’uh, that sounds like a smart rule
ZashPunctuation at the end might work as a general rule
lovetoxstarts to look at the code for that
larmawe have that in Dino now as well, though we don't handle ... yet
Syndacehas left
Wojtekhas joined
larmaone character might be not enough 😉
larmaalso remember to count parenthesis if you don't do that already 😉
ZashI wrote some code somewhere that strips brackets if there's a matching bracket just before the url
Zashso (http://example.com/) works without including the )
Syndacehas joined
jonas’> count parenthesis
> regex
-EIMPOSSIBLE
debaclehas left
Zashcount? no. just (.)(urlregexhere) and `if match[1] == "(" and stuff:endswith(")") then` strip that
jonas’though with browsers escaping ( and ) when copying to clipboard, I think it might even be viable to simply forbid () in URL regexes.
lovetoxits funny that there is no public available regex that can match all URIs in a text
jonas’~though with browsers escaping ( and ) when copying to clipboard, I think it might even be viable to simply forbid () in URL regexes.~ doesn’t seem to be the case (anymore?)
lovetoxthere are some that are better than others
Zashor http://[db8:f00::baa%eth0]:80/
Zashare urls even regular?
jonas’probably not
Zashwasn't url parsing one of the first things mozilla rewrote in rust?
lovetoxso if you want to show clickable uris in your client, first accept you will not catch all valid urls :)
lovetoxfrom there you have a easier live
lovetoxfrom there you have a easier life
lovetoxbut found testvectors if anyone is interested
larmalovetox: you usually don't want to catch all URIs because *everything* is a valid uri
larmaYou usually want to require a schema from a known set such that test:test is not linked
larmaor urn:xmpp:test should also not be linked
ZashAnd not everything users expect to be clickable / links are valid URI/URLs either
Zashwww.example.com for example
Zashor just example.com
jonas’rocketchat highlights every string with one or more dots in it
larmaZash: it is a valid uri, just not what the user expects it to be ;)
Zashjonas’: aaaaaaah
jonas’rocketchat highlights every string with one or more dots in it + ends in a list of TLDs they seem to have
Zashthat must be fun with random.typos you do on mobile where space and . are next to each other
jonas’it doesn’t highlight `foo.usqlhsvue` for example
jonas’but since ~everything is a TLD nowadays, it’s nearly indistinguishable
Zashthanks icann, hope it was worth it
Zashsurely the root zone is available somewhere, or you can follow the nsec chain
jonas’hm, why is the nxdomain reply for A fooouhaeuiae. not signed?
Zashfoodnetwork. 86398 IN NSEC football. NS DS RRSIG NSEC
foodnetwork. 86398 IN RRSIG ....
Zashlooks signed to me
jonas’hm, I blame the resolver
jonas’hm, I blame the recursor
jonas’I only get NSEC and RRSIG for NS queries
jonas’yeah, recursor’s fault.
pulkomandyhas left
pulkomandyhas joined
debaclehas joined
asterixhas left
asterixhas joined
pulkomandyhas left
pulkomandyhas joined
asterixhas left
asterixhas joined
lovetoxso is there a good reason to use the traditional tcp connection
lovetoxinstead of websocket, if its available?
lovetoxthere are some points that make websocket very appealing
lovetoxfirst, the a websocket message is its own parsable document
lovetoxwhich removes a lot of complexity with having to buffer or stream input
jonas’depends on your criteria for good reason
jonas’I consider "doesn’t need an HTTP stack" a good reason
lovetoxsecond, websocket implements its own keepalive mechanism so you dont have to do that yourself with sending whitespaces
lovetoxjonas’, i dont understand that argument, you need a networking lib
ZashTCP has a keepalive mechanism too, your argument is invalid
jonas’lovetox, not talking about libraries
jonas’talking about the amount of technical cruft stacked onto each other
jonas’"Resource Exhaustion"
asterixhas left
asterixhas joined
lovetoxok so there are no real cons to using websocket
jonas’I think that *is* a real con.
lovetoxwith bosh it was, that there is too much overhead
lovetoxand its complex to implement
ZashEverything you stated as positive is negative if you ask me
serge90has left
jonas’Zash, message delimiting would be nice for parsing, but using a stream parser is in any case better for limit enforcement
lovetoxjonas’, your argument depends on the env your develop, i can talk about mine, and adding libsoup as dependency which handles all my http stuff not just websocket
lovetoxis not a con
jonas’lovetox, except that you now have libsoup as dependency
jonas’more code, more cpu cycles burnt
jonas’you won’t get the Blauer Engel with that
lovetoxok i hear you, but thats not a good "con" for me
lovetoxand dont know what you mean by limit enforcement
lovetoxbut you can set a size limit on a websocket message
serge90has joined
jonas’lovetox, stanzas which try to exhaust resources in your stanza processing. this isn’t always easily covered with a size limit
serge90has left
jonas’for example, if tree depth is very expensive in your processing, you can get very deep messages with few bytes
jonas’you can catch this easily when using a stream paresr
jonas’you can catch this easily when using a stream parser
serge90has joined
ZashLet me tell you about the overhead and resource leaks of creating a parser for every message
lovetoxreally? whats so expensive about a parser object?
lovetoxah resource leaks
ZashBunch of allocations and callbacks and stuff for every message vs just feeding an existing parser
lovetoxgood point, but websocket does not exclude stream parsing
lovetoxi can still do that
lovetoxbut that pro is then gone :)
pulkomandyhas left
jonas’(and once you have stream parsing, you also lose the size limit benefit)
ZashWebsockets would be nicer without the weird open and close elements. And the XOR masking madness
lovetoxjonas’, about http stack, i think there is no gui client or even xmpp client that is considered modern and can live without a http stack
jonas’lovetox, yes, but I don’t need the HTTP stack for the XMPP connection.
jonas’just for the HTTP things
ZashHammer says everything is a nail!
lovetoxZash, to be honest, normally you dont have to care about that, your websocket lib should
jonas’I don’t want to live in a world where everything is passed over HTTP(S).
Zashjonas’: same
jonas’(although it would be a good tale to tell the (grand-)kids)
jonas’("back in ye olden days, where things were which were not JSON and not HTTP...")
ZashTell the story of why the number 443 is hard coded in the network stack
pulkomandyhas joined
ajhas joined
pulkomandyMaybe when everything is inside https we can replace ipv4 with ipv6 and no one will notice
asterixhas left
asterixhas joined
jonas’no, HTTP will just hard-codedly connect to 1.1.1.1 which does URL-level routing
ZashExcept thanks to SNI and ALPN there's no need to replace IP.
ZashJust route on those
jonas’Zash, ^5
jonas’in the end, quad1 is cloudflare. everything goes through cloudflare either way.
jonas’(okay, this turned way more realistic than I anticipated when I wrote my comment)
sonnyhas joined
ZashBetter stop talking before you bring that nightmare closer to really than it already is
ZashBetter stop talking before you bring that nightmare closer to reality than it already is
goffihas joined
pulkomandyhas left
pulkomandyhas joined
ajhas left
pulkomandyhas left
pulkomandyhas joined
tskhas joined
lovetoxhas left
asterixhas left
asterixhas joined
lovetoxhas joined
kikuchiyohas left
pulkomandyhas left
asterixhas left
asterixhas joined
pulkomandyhas joined
UsLhas left
kikuchiyohas joined
pulkomandyhas left
pulkomandyhas joined
Zashhas left
Zashhas joined
tskhas left
tskhas joined
lovetoxhas left
asterixhas left
asterixhas joined
asterixhas left
asterixhas joined
asterixhas left
asterixhas joined
pulkomandyhas left
pulkomandyhas joined
tskhas left
goffihas left
goffihas joined
asterixhas left
asterixhas joined
lovetoxhas joined
asterixhas left
strarhas left
strarhas joined
lovetoxhas left
lovetoxhas joined
asterixhas joined
asterixhas left
asterixhas joined
asterixhas left
asterixhas joined
asterixhas left
asterixhas joined
asterixhas left
asterixhas joined
asterixhas left
asterixhas joined
asterixhas left
asterixhas joined
pulkomandyhas left
lovetoxhas left
pulkomandyhas joined
asterixhas left
asterixhas joined
asterixhas left
asterixhas joined
asterixhas left
asterixhas joined
asterixhas left
asterixhas joined
asterixhas left
asterixhas joined
debaclehas left
lovetoxhas joined
asterixhas left
asterixhas joined
kikuchiyohas left
Wojtekhas left
asterixhas left
asterixhas joined
asterixhas left
asterixhas joined
debaclehas joined
pulkomandyhas left
Neustradamushas left
asterixhas left
asterixhas joined
asterixhas left
asterixhas joined
pulkomandyhas joined
asterixhas left
asterixhas joined
dendanghas joined
tskhas joined
lovetoxis there a good reason to keep a BOSH impl as non-webclient, if you also have a websocket impl?
jonas’I don’t think there’s a good reason to keep a http-based impl on a non-webclient
jonas’but if anything, you should probably keep BOSH over websocket. someone said that on-list in the discussion about the 2020 compliance suites
lovetoxthat argument was about page reloads in browsers
ZashBOSH is probably more compatible with random weird web middleboxes
lovetoxdoes not concern desktop clients
ZashThe kind that the weird websocket XOR masking was meant to defeat and prevent from doing funking weirdness.
jonas’lovetox, no
jonas’maybe it was at a different place, too
jonas’I think someone had some (at least anecdotal) data that BOSH is the most-likely to succeed mechanism in troublesome networks
jonas’can’t find it though, and I don’t really want to argue in favour of any http-crap
Zashjonas’, how do you feel about direct tls on port 443?
jonas’Zash, similarly bad
jonas’but not as bad as websockets
ZashI have it deployed, which means free fuzzing by random web spiders
ZashALPN even! mod_net_multiplex \o/
asterixhas left
asterixhas joined
lovetoxi think may people use bosh because they hope to circumvent some firewalls
lovetoxnot sure if websockets can be used for that
Zashdepending on the firewall you can get past by having normal xmpp on port 80 or 443, or direct tls, websocket on 443, and bosh should be the most compatible
lovetoxno probably not, because xmpp protocol is already announced in the header
Zashdepends if it's just port based or a full on http proxy
lovetoxhm, no this should work the http message is tls encrypted
lovetoxso how would a firewall know its an xmpp server
pulkomandyhas left
moparisthebestI specifically wrote XEP-0368 because my work proxy let me connect to any TLS but only if it was on port 443
Zashname in cert being jabber.something or xmpp.something?
pulkomandyhas joined
lovetoxyeah but in that case bosh does also not help
moparisthebestand whatever firewall-from-hell they implemented that with is surely some black box that other orgs also have
lovetoxim still thinking about reasons to keep bosh
Zashmoparisthebest, open a change request with the department of ports
moparisthebestI just yell at my desk instead, same effect
lovetoxmy whole websocket code is 120 lines of code
lovetoxand thats boilerplate included
lovetoxso from that angle i really love websockets :)
moparisthebestI think like Zash said, there likely exists HTTP middleboxes that would allow through BOSH and not Websocket
Zashlovetox, how much code to tunnel XMPP over DNS?
moparisthebestXMPP over DNS over XMPP ?
moparisthebestXoDoX
ZashEh, why does searching for TCP over DNS give me HTTP servers?
jonas’lovetox, you forgot to count all the thousand lines of code in the HTTP stack on top of TCP
moparisthebestZash, https://code.kryo.se/iodine/ is the only one I know of
ZashFound now
ZashFirst hit was https://github.com/boazsegev/iodine
asterixhas left
asterixhas joined
tskhas left
lovetoxhas left
rionhas left
rionhas joined
asterixhas left
asterixhas joined
debaclehas left
Neustradamushas joined
Marc Laportehas joined
Marc Laportehas left
dendanghas left
sonnyhas left
sonnyhas joined
sonnyhas left
sonnyhas joined
strarhas left
strarhas joined
dendanghas joined
strarhas left
debaclehas joined
strarhas joined
sonnyhas left
pulkomandyhas left
pulkomandyhas joined
paulhas left
asterixI do use bosh because at my work there is a port based firewall that prevent me to connect to normal XMPP port.