jdev - 2021-04-30


  1. lovetox

    do you not write the software for master and slave?

  2. lovetox

    im not getting how a slave would just start talking to other slaves, if thats not in your application design

  3. lovetox

    hence why you would need to disallow it at another level

  4. zebizebi

    I have a question about omemo and its payload meta data: when you send a small message you can see the <payload> kdsf=</payload> is also small and when u type a long message the payload gets also long ( the message is gibberish because of the encryption ) but is this not meta data that you expose for an adversary? Like with PGP you send a small or big message it becomes automatically a big block of random data so you can't tell if the message was small or big.

  5. flow

    zebizebi, that is what SCE and OX have a random content random *length* rpad element

  6. flow

    https://xmpp.org/extensions/xep-0420.html#affix_elements

  7. jonas’

    uh, why random content?

  8. jonas’

    doesn’t one want padding to be known content to avoid sidechannels and stuff?

  9. flow

    maybe, but would deterministic content also not be ideal? sure, your crypto is already pretty weak if this is the case

  10. flow

    which kind of sidechannels are you thinking of? timing based ones? what is "and stuff"?

  11. jonas’

    this is just a vague memory from security classes

  12. flow

    and we also have a bunch of determinstic content already in the cleartext, the first element is even on a predictable position

  13. jonas’

    I’d have to look into it in more detail which I can’t right now because work

  14. flow

    sure, let me know if you find something

  15. flow

    we could also say, one-time random content, i.e. the content is decided once per "session". which feels like a compromise. but then again, I don't want to doctor more on the spec without some hard facts

  16. zebizebi

    jonas’

  17. zebizebi

    So I have to install SCE so the body of omemo gets randomized aswel?

  18. zebizebi

    I mean flow

  19. flow

    zebizebi, that's unfortunately now how it works. the currently widely used spec of OMEMO does not use SCE, the latest spec does use SCE but is not yet deployed

  20. flow

    zebizebi, that's unfortunately not how it works. the currently widely used spec of OMEMO does not use SCE, the latest spec does use SCE but is not yet deployed

  21. marc0s

    hi, is there any known usage or implementation of XEP-0161 "Abuse reporting" out there? I see the XEP marked as deferred, and neither prosody or ejabberd announce support for it. Is there (if known) because a lack of interest or maybe because it's something that can be better done "out of band"?

  22. marc0s

    my main use case would be to give the users the ability to report abuse or harassment from other network users

  23. zebizebi

    flow

  24. zebizebi

    can I send u a dm?

  25. lovetox

    where is all these admin commands defined setting / deleting MOTD etc

  26. lovetox

    is that in a XEP?

  27. mathieui

    lovetox, 0133 ?

  28. lovetox

    hm no thats just adhoc it seems

  29. lovetox

    but good to know that it also there exists

  30. lovetox

    i meant when you send a message to yourdomain/announce/motd

  31. Zash

    Is that even a XEP?

  32. lovetox

    Zash, thats was my question :D

  33. mathieui

    I don’t think that’s a XEP

  34. mathieui

    it is very ad-hoc

  35. mathieui

    (which is why ad-hoc commands exist :D)

  36. lovetox

    ok, Zash do you know if prosody supports that?

  37. Zash

    Probably stuff that early servers did before ad-hoc was invented

  38. Zash

    Prosody doesn't support either method out of the box, MOTD is changed via config. MattJ may have something in the works for Snikket.

  39. mathieui

    Zash, admin_adhoc is in the prosody main repo though

  40. Zash

    It doesn't do MOTD afaik

  41. MattJ

    Yeah, I plan to only support one of them... probably announce

  42. MattJ

    MOTD doesn't make much sense, especially these days

  43. MattJ

    Regardless of what it's called, the behaviour will be to send the message to everyone on the server, whether they are online or not

  44. MattJ

    And to be clear I mean ad-hoc, not the old /announce/motd

  45. Kev

    There used to be a ‘standard’ for doing admin type things, but I don’t think it was ever XEPpified.

  46. Kev

    It was just what jabberd1 did, so other early servers did too.

  47. lovetox

    ok thanks

  48. zebizebi

    lovetox what is an adhoc?

  49. zebizebi

    can I compare adhoc to LAN?

  50. zebizebi

    even the term LAN I dont understand it completely, I know its a local are network but can a LAN connection reach the internet or is it only locally without internet?

  51. Zash

    Ad-hoc commands, XEP-0050, a way of exposing commands without writing a specification about it. Kinda like web forms with form fields and dropdowns and such.

  52. Zash

    ad-hoc networks are something else

  53. zebizebi

    zash thanks for clearing it up also can you help me understanding adhoc network and is it like a LAN?

  54. zebizebi

    not that I understand LAN completely lol

  55. Zash

    adhoc mostly means it's without prior setup, something you make up on the spot, without preparation.

  56. zebizebi

    ok I get it and the LAN?

  57. lovetox

    zebizebi, these are surley things you can use the interent for, a place where much information is just a view keyboard strokes away

  58. Zash

    a LAN without prepared infrastructure, routers etc

  59. lovetox

    zebizebi, these are surley things you can use the internet for, a place where much information is just a view keyboard strokes away

  60. zebizebi

    lovetox I googled bunch of what a LAN is, and I read everytime different statements. I know that for example a modem or router is a LAN but I use my modem to connect to the internet right? But on another website I read LAN are only locally so they can not access the internet and that confuses me

  61. Zash

    It just means a small network

  62. Zash

    Seems a bit off-topic for the Jabber/XMPP Development channel don'tyouthink?

  63. zebizebi

    It is but I saw the adhoc thing and it remembered things that I did not understand