jdev - 2020-01-02


  1. paul has left

  2. debacle has left

  3. wurstsalat has left

  4. serge90 has left

  5. serge90 has joined

  6. serge90 has left

  7. strar has left

  8. strar has joined

  9. strar has left

  10. strar has joined

  11. serge90 has joined

  12. kikuchiyo has left

  13. paul has joined

  14. strar has left

  15. strar has joined

  16. strar has left

  17. strar has joined

  18. A$T has joined

  19. A$T has left

  20. strar has left

  21. strar has joined

  22. kikuchiyo has joined

  23. kikuchiyo has left

  24. kikuchiyo has joined

  25. aj has joined

  26. pulkomandy has left

  27. UsL has joined

  28. pulkomandy has joined

  29. aj has left

  30. asterix has joined

  31. lovetox has joined

  32. kikuchiyo has left

  33. pulkomandy has left

  34. pulkomandy has joined

  35. pulkomandy has left

  36. pulkomandy has joined

  37. lovetox

    anyone knows of a totp/hotp client with GUI on linux?

  38. lovetox

    i only find commandline tools where i have to specify the key everytime again

  39. Zash

    I know only mobile variants, tho that's technically on Linux

  40. sonny has joined

  41. Link Mauve

    lovetox, can’t you store the key somewhere and pipe that into your CLI tool automatically?

  42. lovetox

    Link Mauve, i can imagine this works for you with your 500 keystrokes per minute

  43. lovetox

    i want a simple gui, where all my pages are listed, i click one button and get a new password for that page

  44. Zash

    Isn't the point that a second physical device is needed?

  45. Link Mauve

    lovetox, what is a page in this context?

  46. lovetox

    a website

  47. Zash

    wrap the cli in a script and pop up a dialog with zenity?

  48. lovetox

    ah foundone

  49. Zash

    https://github.com/search?q=totp+gui has a few results

  50. lovetox

    https://share.hoerist.com/philipp/DCspAml7xkgzvs6E/c8d69a41-a4e2-4a9b-95ed-2639bac231f9.png

  51. lovetox

    see something like that

  52. jonas’

    ahaha netcup

  53. jonas’

    that name is so unfortunate

  54. kikuchiyo has joined

  55. kikuchiyo has left

  56. asterix has left

  57. asterix has joined

  58. kikuchiyo has joined

  59. larma has left

  60. larma has joined

  61. kikuchiyo has left

  62. larma

    lovetox: some password managers can do that

  63. pulkomandy has left

  64. pulkomandy has joined

  65. larma

    Zash: it's not about a second device, it's about the second factor of ownership (having a physical device) in contrast to only knowledge (password)

  66. wurstsalat has joined

  67. kikuchiyo has joined

  68. lovetox has left

  69. lovetox has joined

  70. debacle has joined

  71. sonny has left

  72. pulkomandy has left

  73. pulkomandy has joined

  74. lovetox has left

  75. lovetox has joined

  76. lovetox

    i now try nginx, apache with its 10 folders, where X conf files live and all get imported on top of each other

  77. lovetox

    im trying since 20 minutes to disable hsts, and i simply cant do it

  78. lovetox

    not feeling it

  79. jonas’

    lovetox, you should join programming@chat.cluxia.eu, your questions are more on-topic there :)

  80. lovetox

    no join link :/

  81. jonas’

    lovetox, you should join xmpp:programming@chat.cluxia.eu?join, your questions are more on-topic there :)

  82. jonas’

    lies!

  83. lovetox

    i have to add a feature in Gajim where when you copy a groupchat it always makes join links

  84. lovetox

    and "," beeing allowed in URLs does things not make better

  85. lovetox

    :D

  86. lovetox

    this reminds me to make the url regex in Gajim better

  87. asterix has left

  88. lovetox

    something like if a space follows a "," ignore the ","

  89. asterix has joined

  90. asterix has left

  91. asterix has joined

  92. jonas’

    uh, that sounds like a smart rule

  93. Zash

    Punctuation at the end might work as a general rule

  94. lovetox starts to look at the code for that

  95. larma

    we have that in Dino now as well, though we don't handle ... yet

  96. Syndace has left

  97. Wojtek has joined

  98. larma

    one character might be not enough 😉

  99. larma

    also remember to count parenthesis if you don't do that already 😉

  100. Zash

    I wrote some code somewhere that strips brackets if there's a matching bracket just before the url

  101. Zash

    so (http://example.com/) works without including the )

  102. Syndace has joined

  103. jonas’

    > count parenthesis > regex -EIMPOSSIBLE

  104. debacle has left

  105. Zash

    count? no. just (.)(urlregexhere) and `if match[1] == "(" and stuff:endswith(")") then` strip that

  106. lovetox

    http://-.~_!$&'()*+,;=:%40:80%2f::::::@example.com

  107. lovetox

    valid uri :)

  108. jonas’

    but not common ;)

  109. jonas’

    though with browsers escaping ( and ) when copying to clipboard, I think it might even be viable to simply forbid () in URL regexes.

  110. lovetox

    its funny that there is no public available regex that can match all URIs in a text

  111. jonas’

    ~though with browsers escaping ( and ) when copying to clipboard, I think it might even be viable to simply forbid () in URL regexes.~ doesn’t seem to be the case (anymore?)

  112. lovetox

    there are some that are better than others

  113. Zash

    or http://[db8:f00::baa%eth0]:80/

  114. Zash

    are urls even regular?

  115. jonas’

    probably not

  116. Zash

    wasn't url parsing one of the first things mozilla rewrote in rust?

  117. lovetox

    so if you want to show clickable uris in your client, first accept you will not catch all valid urls :)

  118. lovetox

    from there you have a easier live

  119. lovetox

    from there you have a easier life

  120. lovetox

    but found testvectors if anyone is interested

  121. larma

    lovetox: you usually don't want to catch all URIs because *everything* is a valid uri

  122. larma

    You usually want to require a schema from a known set such that test:test is not linked

  123. larma

    or urn:xmpp:test should also not be linked

  124. Zash

    And not everything users expect to be clickable / links are valid URI/URLs either

  125. Zash

    www.example.com for example

  126. Zash

    or just example.com

  127. jonas’

    rocketchat highlights every string with one or more dots in it

  128. larma

    Zash: it is a valid uri, just not what the user expects it to be ;)

  129. Zash

    jonas’: aaaaaaah

  130. jonas’

    rocketchat highlights every string with one or more dots in it + ends in a list of TLDs they seem to have

  131. Zash

    that must be fun with random.typos you do on mobile where space and . are next to each other

  132. jonas’

    it doesn’t highlight `foo.usqlhsvue` for example

  133. jonas’

    but since ~everything is a TLD nowadays, it’s nearly indistinguishable

  134. Zash

    thanks icann, hope it was worth it

  135. Zash

    surely the root zone is available somewhere, or you can follow the nsec chain

  136. jonas’

    hm, why is the nxdomain reply for A fooouhaeuiae. not signed?

  137. Zash

    foodnetwork. 86398 IN NSEC football. NS DS RRSIG NSEC foodnetwork. 86398 IN RRSIG ....

  138. Zash

    looks signed to me

  139. jonas’

    hm, I blame the resolver

  140. jonas’

    hm, I blame the recursor

  141. jonas’

    I only get NSEC and RRSIG for NS queries

  142. jonas’

    yeah, recursor’s fault.

  143. pulkomandy has left

  144. pulkomandy has joined

  145. debacle has joined

  146. asterix has left

  147. asterix has joined

  148. pulkomandy has left

  149. pulkomandy has joined

  150. asterix has left

  151. asterix has joined

  152. lovetox

    so is there a good reason to use the traditional tcp connection

  153. lovetox

    instead of websocket, if its available?

  154. lovetox

    there are some points that make websocket very appealing

  155. lovetox

    first, the a websocket message is its own parsable document

  156. lovetox

    which removes a lot of complexity with having to buffer or stream input

  157. jonas’

    depends on your criteria for good reason

  158. jonas’

    I consider "doesn’t need an HTTP stack" a good reason

  159. lovetox

    second, websocket implements its own keepalive mechanism so you dont have to do that yourself with sending whitespaces

  160. lovetox

    jonas’, i dont understand that argument, you need a networking lib

  161. Zash

    TCP has a keepalive mechanism too, your argument is invalid

  162. jonas’

    lovetox, not talking about libraries

  163. jonas’

    talking about the amount of technical cruft stacked onto each other

  164. jonas’

    "Resource Exhaustion"

  165. asterix has left

  166. asterix has joined

  167. lovetox

    ok so there are no real cons to using websocket

  168. jonas’

    I think that *is* a real con.

  169. lovetox

    with bosh it was, that there is too much overhead

  170. lovetox

    and its complex to implement

  171. Zash

    Everything you stated as positive is negative if you ask me

  172. serge90 has left

  173. jonas’

    Zash, message delimiting would be nice for parsing, but using a stream parser is in any case better for limit enforcement

  174. lovetox

    jonas’, your argument depends on the env your develop, i can talk about mine, and adding libsoup as dependency which handles all my http stuff not just websocket

  175. lovetox

    is not a con

  176. jonas’

    lovetox, except that you now have libsoup as dependency

  177. jonas’

    more code, more cpu cycles burnt

  178. jonas’

    you won’t get the Blauer Engel with that

  179. lovetox

    ok i hear you, but thats not a good "con" for me

  180. lovetox

    and dont know what you mean by limit enforcement

  181. lovetox

    but you can set a size limit on a websocket message

  182. serge90 has joined

  183. jonas’

    lovetox, stanzas which try to exhaust resources in your stanza processing. this isn’t always easily covered with a size limit

  184. serge90 has left

  185. jonas’

    for example, if tree depth is very expensive in your processing, you can get very deep messages with few bytes

  186. jonas’

    you can catch this easily when using a stream paresr

  187. jonas’

    you can catch this easily when using a stream parser

  188. serge90 has joined

  189. Zash

    Let me tell you about the overhead and resource leaks of creating a parser for every message

  190. lovetox

    really? whats so expensive about a parser object?

  191. lovetox

    ah resource leaks

  192. Zash

    Bunch of allocations and callbacks and stuff for every message vs just feeding an existing parser

  193. lovetox

    good point, but websocket does not exclude stream parsing

  194. lovetox

    i can still do that

  195. lovetox

    but that pro is then gone :)

  196. pulkomandy has left

  197. jonas’

    (and once you have stream parsing, you also lose the size limit benefit)

  198. Zash

    Websockets would be nicer without the weird open and close elements. And the XOR masking madness

  199. lovetox

    jonas’, about http stack, i think there is no gui client or even xmpp client that is considered modern and can live without a http stack

  200. jonas’

    lovetox, yes, but I don’t need the HTTP stack for the XMPP connection.

  201. jonas’

    just for the HTTP things

  202. Zash

    Hammer says everything is a nail!

  203. lovetox

    Zash, to be honest, normally you dont have to care about that, your websocket lib should

  204. jonas’

    I don’t want to live in a world where everything is passed over HTTP(S).

  205. Zash

    jonas’: same

  206. jonas’

    (although it would be a good tale to tell the (grand-)kids)

  207. jonas’

    ("back in ye olden days, where things were which were not JSON and not HTTP...")

  208. Zash

    Tell the story of why the number 443 is hard coded in the network stack

  209. pulkomandy has joined

  210. aj has joined

  211. pulkomandy

    Maybe when everything is inside https we can replace ipv4 with ipv6 and no one will notice

  212. asterix has left

  213. asterix has joined

  214. jonas’

    no, HTTP will just hard-codedly connect to 1.1.1.1 which does URL-level routing

  215. Zash

    Except thanks to SNI and ALPN there's no need to replace IP.

  216. Zash

    Just route on those

  217. jonas’

    Zash, ^5

  218. jonas’

    in the end, quad1 is cloudflare. everything goes through cloudflare either way.

  219. jonas’

    (okay, this turned way more realistic than I anticipated when I wrote my comment)

  220. sonny has joined

  221. Zash

    Better stop talking before you bring that nightmare closer to really than it already is

  222. Zash

    Better stop talking before you bring that nightmare closer to reality than it already is

  223. goffi has joined

  224. pulkomandy has left

  225. pulkomandy has joined

  226. aj has left

  227. pulkomandy has left

  228. pulkomandy has joined

  229. tsk has joined

  230. lovetox has left

  231. asterix has left

  232. asterix has joined

  233. lovetox has joined

  234. kikuchiyo has left

  235. pulkomandy has left

  236. asterix has left

  237. asterix has joined

  238. pulkomandy has joined

  239. UsL has left

  240. kikuchiyo has joined

  241. pulkomandy has left

  242. pulkomandy has joined

  243. Zash has left

  244. Zash has joined

  245. tsk has left

  246. tsk has joined

  247. lovetox has left

  248. asterix has left

  249. asterix has joined

  250. asterix has left

  251. asterix has joined

  252. asterix has left

  253. asterix has joined

  254. pulkomandy has left

  255. pulkomandy has joined

  256. tsk has left

  257. goffi has left

  258. goffi has joined

  259. asterix has left

  260. asterix has joined

  261. lovetox has joined

  262. asterix has left

  263. strar has left

  264. strar has joined

  265. lovetox has left

  266. lovetox has joined

  267. asterix has joined

  268. asterix has left

  269. asterix has joined

  270. asterix has left

  271. asterix has joined

  272. asterix has left

  273. asterix has joined

  274. asterix has left

  275. asterix has joined

  276. asterix has left

  277. asterix has joined

  278. asterix has left

  279. asterix has joined

  280. pulkomandy has left

  281. lovetox has left

  282. pulkomandy has joined

  283. asterix has left

  284. asterix has joined

  285. asterix has left

  286. asterix has joined

  287. asterix has left

  288. asterix has joined

  289. asterix has left

  290. asterix has joined

  291. asterix has left

  292. asterix has joined

  293. debacle has left

  294. lovetox has joined

  295. asterix has left

  296. asterix has joined

  297. kikuchiyo has left

  298. Wojtek has left

  299. asterix has left

  300. asterix has joined

  301. asterix has left

  302. asterix has joined

  303. debacle has joined

  304. pulkomandy has left

  305. Neustradamus has left

  306. asterix has left

  307. asterix has joined

  308. asterix has left

  309. asterix has joined

  310. pulkomandy has joined

  311. asterix has left

  312. asterix has joined

  313. dendang has joined

  314. tsk has joined

  315. lovetox

    is there a good reason to keep a BOSH impl as non-webclient, if you also have a websocket impl?

  316. jonas’

    I don’t think there’s a good reason to keep a http-based impl on a non-webclient

  317. jonas’

    but if anything, you should probably keep BOSH over websocket. someone said that on-list in the discussion about the 2020 compliance suites

  318. lovetox

    that argument was about page reloads in browsers

  319. Zash

    BOSH is probably more compatible with random weird web middleboxes

  320. lovetox

    does not concern desktop clients

  321. Zash

    The kind that the weird websocket XOR masking was meant to defeat and prevent from doing funking weirdness.

  322. jonas’

    lovetox, no

  323. jonas’

    maybe it was at a different place, too

  324. jonas’

    I think someone had some (at least anecdotal) data that BOSH is the most-likely to succeed mechanism in troublesome networks

  325. jonas’

    can’t find it though, and I don’t really want to argue in favour of any http-crap

  326. Zash

    jonas’, how do you feel about direct tls on port 443?

  327. jonas’

    Zash, similarly bad

  328. jonas’

    but not as bad as websockets

  329. Zash

    I have it deployed, which means free fuzzing by random web spiders

  330. Zash

    ALPN even! mod_net_multiplex \o/

  331. asterix has left

  332. asterix has joined

  333. lovetox

    i think may people use bosh because they hope to circumvent some firewalls

  334. lovetox

    not sure if websockets can be used for that

  335. Zash

    depending on the firewall you can get past by having normal xmpp on port 80 or 443, or direct tls, websocket on 443, and bosh should be the most compatible

  336. lovetox

    no probably not, because xmpp protocol is already announced in the header

  337. Zash

    depends if it's just port based or a full on http proxy

  338. lovetox

    hm, no this should work the http message is tls encrypted

  339. lovetox

    so how would a firewall know its an xmpp server

  340. pulkomandy has left

  341. moparisthebest

    I specifically wrote XEP-0368 because my work proxy let me connect to any TLS but only if it was on port 443

  342. Zash

    name in cert being jabber.something or xmpp.something?

  343. pulkomandy has joined

  344. lovetox

    yeah but in that case bosh does also not help

  345. moparisthebest

    and whatever firewall-from-hell they implemented that with is surely some black box that other orgs also have

  346. lovetox

    im still thinking about reasons to keep bosh

  347. Zash

    moparisthebest, open a change request with the department of ports

  348. moparisthebest

    I just yell at my desk instead, same effect

  349. lovetox

    my whole websocket code is 120 lines of code

  350. lovetox

    and thats boilerplate included

  351. lovetox

    so from that angle i really love websockets :)

  352. moparisthebest

    I think like Zash said, there likely exists HTTP middleboxes that would allow through BOSH and not Websocket

  353. Zash

    lovetox, how much code to tunnel XMPP over DNS?

  354. moparisthebest

    XMPP over DNS over XMPP ?

  355. moparisthebest

    XoDoX

  356. Zash

    Eh, why does searching for TCP over DNS give me HTTP servers?

  357. jonas’

    lovetox, you forgot to count all the thousand lines of code in the HTTP stack on top of TCP

  358. moparisthebest

    Zash, https://code.kryo.se/iodine/ is the only one I know of

  359. Zash

    Found now

  360. Zash

    First hit was https://github.com/boazsegev/iodine

  361. asterix has left

  362. asterix has joined

  363. tsk has left

  364. lovetox has left

  365. rion has left

  366. rion has joined

  367. asterix has left

  368. asterix has joined

  369. debacle has left

  370. Neustradamus has joined

  371. Marc Laporte has joined

  372. Marc Laporte has left

  373. dendang has left

  374. sonny has left

  375. sonny has joined

  376. sonny has left

  377. sonny has joined

  378. strar has left

  379. strar has joined

  380. dendang has joined

  381. strar has left

  382. debacle has joined

  383. strar has joined

  384. sonny has left

  385. pulkomandy has left

  386. pulkomandy has joined

  387. paul has left

  388. asterix

    I do use bosh because at my work there is a port based firewall that prevent me to connect to normal XMPP port.

  389. asterix has left

  390. kikuchiyo has joined

  391. goffi has left