jdev - 2022-02-09


  1. emus has left
  2. Millesimus has left
  3. thomaslewis has joined
  4. thomaslewis has left
  5. thomaslewis has joined
  6. thomaslewis has left
  7. thomaslewis has joined
  8. thomaslewis has left
  9. Millesimus has joined
  10. rq77 has joined
  11. Millesimus has left
  12. larma has left
  13. thomaslewis has joined
  14. thomaslewis has left
  15. wurstsalat has left
  16. rq77 has left
  17. SouL has left
  18. Millesimus has joined
  19. Millesimus has left
  20. qwestion has joined
  21. thomaslewis has joined
  22. thomaslewis has left
  23. thomaslewis has joined
  24. Millesimus has joined
  25. thomaslewis has left
  26. qwestion has left
  27. debacle has left
  28. qwestion has joined
  29. thomaslewis has joined
  30. Millesimus has left
  31. thomaslewis has left
  32. dormouse has joined
  33. Millesimus has joined
  34. xnamed has left
  35. Millesimus has left
  36. Millesimus has joined
  37. selurvedu has left
  38. Millesimus has left
  39. Kev has left
  40. Kev has joined
  41. Millesimus has joined
  42. Alastair Hogge has left
  43. Alastair Hogge has joined
  44. rafasaurus has left
  45. marc0s has left
  46. marc0s has joined
  47. rafasaurus has joined
  48. Yagizа has joined
  49. rafasaurus has left
  50. thomaslewis has joined
  51. qy has left
  52. qy has joined
  53. dezant has left
  54. dezant has joined
  55. marmistrz has left
  56. Alex has left
  57. Millesimus has left
  58. dezant has left
  59. pasdesushi has joined
  60. Millesimus has joined
  61. msavoritias has joined
  62. rafasaurus has joined
  63. marc0s has left
  64. marc0s has joined
  65. Millesimus has left
  66. Millesimus has joined
  67. qwestion has left
  68. atomicwatch has left
  69. atomicwatch has joined
  70. SouL has joined
  71. pasdesushi has left
  72. Millesimus has left
  73. pasdesushi has joined
  74. nephele has joined
  75. nephele has left
  76. nephele has joined
  77. me9 has joined
  78. serge90 has left
  79. nephele has left
  80. atomicwatch has left
  81. atomicwatch has joined
  82. wurstsalat has joined
  83. rafasaurus has left
  84. me9 has left
  85. rafasaurus has joined
  86. dezant has joined
  87. doge has left
  88. doge has joined
  89. jgart has left
  90. marc0s has left
  91. marc0s has joined
  92. marc0s has left
  93. marc0s has joined
  94. marc0s has left
  95. marc0s has joined
  96. nephele has joined
  97. emus has joined
  98. marc0s has left
  99. marc0s has joined
  100. marc0s has left
  101. marc0s has joined
  102. marc0s has left
  103. marc0s has joined
  104. marc0s has left
  105. marc0s has joined
  106. marc0s has left
  107. marc0s has joined
  108. marc0s has left
  109. marc0s has joined
  110. Laura has left
  111. nephele has left
  112. Laura has joined
  113. Alex has joined
  114. marmistrz has joined
  115. 9lakes has left
  116. marc0s has left
  117. marc0s has joined
  118. marc0s has left
  119. marc0s has joined
  120. 9lakes has joined
  121. homebeach has left
  122. Matrix Traveler (bot) has left
  123. Matrix Traveler (bot) has joined
  124. homebeach has joined
  125. marc0s has left
  126. marc0s has joined
  127. marc0s has left
  128. marc0s has joined
  129. marc0s has left
  130. marc0s has joined
  131. 9lakes has left
  132. marc0s has left
  133. marc0s has joined
  134. 9lakes has joined
  135. Kev has left
  136. 9lakes has left
  137. Kev has joined
  138. Kev has left
  139. Kev has joined
  140. marc0s has left
  141. marc0s has joined
  142. 9lakes has joined
  143. dormouse has left
  144. dormouse has joined
  145. Laura has left
  146. al has joined
  147. Laura has joined
  148. huhn has joined
  149. larma has joined
  150. xecks has joined
  151. mac has joined
  152. huhn has left
  153. marc0s has left
  154. marc0s has joined
  155. larma has left
  156. larma has joined
  157. debacle has joined
  158. huhn has joined
  159. dormouse has left
  160. dormouse has joined
  161. dormouse has left
  162. dormouse has joined
  163. dormouse has left
  164. 9lakes has left
  165. Millesimus has joined
  166. Wojtek has joined
  167. 9lakes has joined
  168. Millesimus has left
  169. 9lakes has left
  170. 9lakes has joined
  171. nephele has joined
  172. nephele has left
  173. nephele has joined
  174. nephele has left
  175. nephele has joined
  176. pep. How do I specify something that's still very much in use, when the document has evolved and this thing I want to specify "doesn't exist anymore" on paper but is still pretty much everywhere in practice
  177. thomaslewis has left
  178. mac has left
  179. pep. (oldmemo)
  180. Zash do we do Historical for those?
  181. pep. In particular, omemo vs pubsub#type
  182. pep. It's not historical
  183. pep. Is it
  184. Millesimus has joined
  185. Zash Historical might still technically be for things invented prior to the [XJ]SF and [XJ]EP procedure existed, but I'm thinking it could be used for things developed outside of the XSF and that would be good to have a stable reference for
  186. nephele has left
  187. Zash to document "this is a thing that some software are doing"
  188. pep. I'd say my case also doesn't fit in there, unless you want me to do the thing first, make it a de-facto standard that everybody will rant about, and then come back with it
  189. Zash For O(LD)MEMO that was done as a version so that it went into the attic, tho that seems like a weird thing
  190. Zash Or did I misunderstand the whole thing?
  191. jonas’ pep., put it in the omemo xep?
  192. Zash "This is your brain on meetings"
  193. pep. jonas’, the eu.siacs ns isn't a thing anymore
  194. pep. In the spec
  195. jonas’ welp
  196. Zash Link to https://xmpp.org/extensions/attic/xep-0384-0.3.0.html
  197. pep. Can I branch 0384-0.3.0? :P
  198. Millesimus has left
  199. Zash See, perhaps it should have been a Historical XEP?
  200. Millesimus has joined
  201. pep. Are we allowed to modify histerical xeps?
  202. jonas’ yes
  203. pep. Are we allowed to modify hysterical xeps?
  204. jonas’ is it worth the hassle to write even down what you intend to write down?
  205. pep. I was kinda asked to "because it's not specified" :/
  206. jonas’ so just don't do pubsub#type for omemo?
  207. jonas’ then it doesn't have to be specified :)
  208. jonas’ just migrate to newmemo
  209. pep. Yeah in 10 years
  210. jonas’ *shrug*
  211. larma has left
  212. pep. Anyway, it's interesting to know that there's no answer to this
  213. 9lakes has left
  214. jonas’ the OMEMO spec history is really unfortunate
  215. Zash understatement?
  216. pep. I think it would be the same with any other(?) if you change/update the NS.. I guess there could be a note in the spec like "In an earlier version of this spec blah blah, you can do this and that"
  217. pep. ("update" also meaning ":0" -> ":1" to me)
  218. pep. (it's not the same ns anymore)
  219. Zash implementation note?
  220. pep. Yeah
  221. pep. I'll fill something for that. Waiting to be shutdown somewhat..
  222. Wojtek has left
  223. Wojtek has joined
  224. rafasaurus has left
  225. spectrum has left
  226. antranigv has left
  227. pep. Also, I'm wondering if it's written anywhere (or should be written anywhere) to prefer purging nodes instead of deleting them
  228. pep. So that doesn't ruin the work/expectations of other clients. Say I start filling pubsub#type on my nodes and somebody comes in, yanks everything and recreates the node without the field. Unless obviously that's on purpose
  229. jonas’ I'd say other clients need to be able to deal with nodes not containing pubsub#tpye
  230. jonas’ I'd say other clients need to be able to deal with nodes not containing pubsub#type
  231. pep. Sure, that's not my point
  232. jonas’ it seems a bit futile in putting energy in polishing oldmemo that way then
  233. pep. Just that it'd kinda ruin the effort a client puts in
  234. pep. This doesn't just apply to OMEMO
  235. pep. It applies to everything pubsub
  236. al has left
  237. pep. Am I the only one seeing this as a generic issue? (purge/delete)
  238. Link Mauve I don’t think I’ve ever seen it being an issue.
  239. Link Mauve Maybe it is for OMEMO, which I don’t use.
  240. Link Mauve But for everything else PubSub, clients do the sensible thing.
  241. pep. Let's forget about OMEMO for a sec, that's not the point
  242. pep. I should have waited 24h before I started another topic
  243. pep. Link Mauve, and hmm, I do remember some devs discovering purge (gajim?) and being happy that it exists and that it can be used instead of delete. Might have been for avatars or the like, I don't remember the details
  244. pep. Say for privacy settings and whatnot
  245. pep. So if this dev didn't know about this, I don't want to imagine how many people getting into XMPP don't either.
  246. antranigv has joined
  247. 9lakes has joined
  248. Laura has left
  249. jonas’ pep., I just refused (deferred) to follow your topic change. You would've gotten the same comment if you hadn't written the other line.
  250. 9lakes has left
  251. pep. That doesn't answer my question really but ok. Link Mauve does, but I'm not sure I agree that clients "just do the sensible thing" (I have an example with gajim -- I can find logs again -- and gajim is not any client)
  252. pep. Or when gajim also used to reset max_items to 1, clearing microblog nodes. Or something similar
  253. pep. Mistakes happen, surely, but it'd be nice to guard against them somehow
  254. nephele has joined
  255. Millesimus has left
  256. nephele has left
  257. nephele has joined
  258. pasdesushi has left
  259. pep. Would that fit modernxmpp btw? (or anywhere else?) Or will this just live as tribal knowledge
  260. goffi has left
  261. larma has joined
  262. pasdesushi has joined
  263. nephele has left
  264. Laura has joined
  265. doge has left
  266. pasdesushi has left
  267. pasdesushi has joined
  268. homebeach has left
  269. Matrix Traveler (bot) has left
  270. Matrix Traveler (bot) has joined
  271. homebeach has joined
  272. mac has joined
  273. pep. has left
  274. pep. has joined
  275. xnamed has joined
  276. dormouse has joined
  277. Stefan Yes, more information in the implementation notes + Appendix H: Revision History. Change namespace to urn:xmpp:omemo:1 -> Change namespace from eu..... to urn:xmpp:omemo:1 This would be very helpful.
  278. mac has left
  279. huhn has left
  280. dormouse has left
  281. xnamed has left
  282. xnamed has joined
  283. Millesimus has joined
  284. nephele has joined
  285. 9lakes has joined
  286. marc0s has left
  287. marc0s has joined
  288. nephele has left
  289. pasdesushi has left
  290. pasdesushi has joined
  291. nephele has joined
  292. nephele has left
  293. nephele has joined
  294. nephele has left
  295. huhn has joined
  296. J Marinaro has left
  297. nephele has joined
  298. mac has joined
  299. transfusion has left
  300. transfusion has joined
  301. nephele has left
  302. nephele has joined
  303. antranigv has left
  304. nephele has left
  305. nephele has joined
  306. dezant has left
  307. huhn has left
  308. marc0s has left
  309. marc0s has joined
  310. nephele has left
  311. nephele has joined
  312. Millesimus has left
  313. nephele has left
  314. dezant has joined
  315. marc0s has left
  316. marc0s has joined
  317. marc0s has left
  318. marc0s has joined
  319. marc0s has left
  320. marc0s has joined
  321. Millesimus has joined
  322. Wojtek has left
  323. Wojtek has joined
  324. 9lakes has left
  325. 9lakes has joined
  326. antranigv has joined
  327. nephele has joined
  328. nephele has left
  329. nephele has joined
  330. pasdesushi has left
  331. nephele has left
  332. nephele has joined
  333. nephele has left
  334. nephele has joined
  335. nephele has left
  336. nephele has joined
  337. pasdesushi has joined
  338. dezant has left
  339. J Marinaro has joined
  340. goffi has joined
  341. PapaTutuWawa has joined
  342. nephele has left
  343. nephele has joined
  344. dezant has joined
  345. atomicwatch has left
  346. cdcode has joined
  347. marc0s has left
  348. marc0s has joined
  349. nephele has left
  350. moparisthebest other than gajim and pidgin, is anyone aware of other clients using _xmppconnect ?
  351. 9lakes has left
  352. mac has left
  353. me9 has joined
  354. flow don't you have the same issue with the http lookup method?
  355. Zash no because https
  356. flow ahh, yes
  357. flow luckily, smack appears to only implement the http lookup method, and not (yet) _xmppconnect
  358. atomicwatch has joined
  359. dezant has left
  360. 9lakes has joined
  361. moparisthebest does it enforce https when doing the lookup ?
  362. Zash I suppose there's not much point in adding _xmppconnect checking support to prosodyctl then
  363. moparisthebest because indeed you can't trust it with regular http either
  364. cdcode has left
  365. Zash Isn't that mandated by whatever defined /.well-known/host-meta ?
  366. Zash Beware HTTP redirects tho
  367. moparisthebest not much is because this was in those young carefree days when non-TLS was ok!
  368. moparisthebest the websocket rfc does say: > Thus, the connection endpoint is still authenticated, and the delegation is secure as long as the Web-host Metadata file is retrieved via HTTPS.
  369. nephele has joined
  370. nephele has left
  371. nephele has joined
  372. nephele has left
  373. huhn has joined
  374. thomaslewis has joined
  375. thomaslewis has left
  376. atomicwatch has left
  377. antranigv has left
  378. atomicwatch has joined
  379. dezant has joined
  380. atomicwatch has left
  381. Wojtek has left
  382. Wojtek has joined
  383. Wojtek has left
  384. Wojtek has joined
  385. atomicwatch has joined
  386. Neustradamus has left
  387. SyrupThinker has joined
  388. me9 has left
  389. marc0s has left
  390. marc0s has joined
  391. PapaTutuWawa has left
  392. Neustradamus has joined
  393. nephele has joined
  394. thomaslewis has joined
  395. nephele has left
  396. nephele has joined
  397. thomaslewis has left
  398. nephele has left
  399. nephele has joined
  400. SyrupThinker has left
  401. nephele has left
  402. nephele has joined
  403. thomaslewis has joined
  404. atomicwatch has left
  405. thomaslewis has left
  406. nephele has left
  407. nephele has joined
  408. nephele has left
  409. nephele has joined
  410. atomicwatch has joined
  411. nephele has left
  412. nephele has joined
  413. nephele has left
  414. nephele has joined
  415. spectrum has joined
  416. nephele has left
  417. cyril has joined
  418. jgart has joined
  419. nephele has joined
  420. nephele has left
  421. nephele has joined
  422. larma has left
  423. nephele has left
  424. nephele has joined
  425. nephele has left
  426. transfusion has left
  427. transfusion has joined
  428. Wojtek has left
  429. Wojtek has joined
  430. antranigv has joined
  431. nephele has joined
  432. nephele has left
  433. me9 has joined
  434. PapaTutuWawa has joined
  435. dezant has left
  436. dezant has joined
  437. marc0s has left
  438. marc0s has joined
  439. marc0s has left
  440. marc0s has joined
  441. selurvedu has joined
  442. lovetox sooo, what does this mean, we should not use the dns method?
  443. marc0s has left
  444. marc0s has joined
  445. moparisthebest lovetox, well, do you enforce DNSSEC for it now? and how do you validate the certificate ?
  446. mac has joined
  447. selurvedu has left
  448. moparisthebest and which if any domain do you send in SNI
  449. moparisthebest I expect the answer to be "the websocket library takes care of this" in which case you are vulnerable to MITM
  450. lovetox of course we pass the library just the url
  451. lovetox there is nothing more to configure
  452. lovetox except the protocoll "xmpp"
  453. lovetox i could implement the https method, but makes everything again more complicated
  454. nephele has joined
  455. nephele has left
  456. me9 has left
  457. marc0s has left
  458. marc0s has joined
  459. dezant has left
  460. marc0s has left
  461. marc0s has joined
  462. Millesimus has left
  463. mac has left
  464. Millesimus has joined
  465. mac has joined
  466. antranigv has left
  467. moparisthebest lovetox, so right now if _xmppconnect.example.org pointed to wss://evil.com/xmpp and evil.com presented a valid cert for evil.com you'd just trust it and go on ?
  468. moparisthebest I mean that's what I expect, but it's vulnerable to MITM :(
  469. Link Mauve has left
  470. lovetox yes
  471. nephele has joined
  472. moparisthebest it's only ok with DNSSEC, so I think I'm going to propose removing the DNS method alltogether from that XEP
  473. Link Mauve has joined
  474. nephele has left
  475. lovetox yes, i dont see how any websocket library will support this
  476. Zash Tho cache poisoning attacks isn't _that_ easy to pull off
  477. moparisthebest if you go https, which of the 2 methods would you pick? XML or json ?
  478. moparisthebest (or both?)
  479. marc0s has left
  480. marc0s has joined
  481. lovetox json
  482. moparisthebest I unfortunately also think that's more sensible
  483. lovetox because python, and json maps to python dicts
  484. lovetox :)
  485. moparisthebest well and which do you think 100% of web clients pick? :/
  486. moparisthebest I think I'll also propose getting rid of the XML method and see how that goes :P
  487. moparisthebest in the short term you might want to disable DNS websocket discovery to avoid mitm :/
  488. moparisthebest wonder what pidgin does and how to get ahold of them...
  489. Zash xmpp:devel@conference.pidgin.im?join
  490. larma has joined
  491. moparisthebest didn't expect that
  492. Millesimus has left
  493. lovetox i also checked another python websocket lib, they also dont support this
  494. lovetox tls is always verified against the uri
  495. Link Mauve lovetox, note that the JSON method is optional, and the RDF one is mandatory.
  496. moparisthebest my rust websocket lib lets me pass in an already open+validated TLS connection, so I *can* validate against the proper domain
  497. Link Mauve So some servers (such as JabberFR’s) only provide a RDF file.
  498. moparisthebest but no web servers support this
  499. Millesimus has joined
  500. mac has left
  501. moparisthebest which is a bigger problem
  502. moparisthebest ugh it's true https://datatracker.ietf.org/doc/html/rfc7395#section-4
  503. antranigv has joined
  504. lovetox yeah then i will use xml
  505. lovetox i will not do 2 https requests
  506. mac has joined
  507. Zash (pipeline?)
  508. thomaslewis has joined
  509. rafasaurus has joined
  510. thomaslewis has left
  511. lovetox hm i abstracted that pretty good away, i can easily exchange the dns discovery for a https disovery
  512. lovetox and push this as a security update
  513. moparisthebest nice!
  514. Millesimus has left
  515. nephele has joined
  516. moparisthebest oh no, tigase probably supports it, any tigase devs about? https://github.com/tigase/tigase-http-api/blob/2346fb8d4f7adf09707554dc16976f8e87f77548/src/main/groovy/tigase/http/modules/dnswebservice/DnsResolver.java#L168
  517. nephele has left
  518. moparisthebest adium...
  519. moparisthebest https://github.com/search?p=3&q=_xmppconnect&type=Code if anyone wants to help :)
  520. Zash Wojtek, or try xmpp:tigase@muc.tigase.org?join maybe
  521. moparisthebest oh no https://github.com/xmppjs/xmpp.js/blob/63aecc49157980f6d68cc58605cf8a3fef664a2a/packages/resolve/lib/dns.js
  522. Zash DoH?
  523. moparisthebest 14 years ago, maybe it's not being used? :crosses-fingers: https://github.com/HSSANN/jabber-net/blob/1b4e73417523426e854dd97b1b73ebc7e2876f0f/jabber/connection/HttpStanzaStream.cs
  524. xnamed has left
  525. moparisthebest 99% of the github search results are libpurple
  526. Zash purple clones?
  527. moparisthebest active on the play store https://github.com/BombusMod/BombusMod/blob/6672861668979fb3612ea5933d437f68c1df4931/src/main/java/io/DnsSrvResolver.java
  528. moparisthebest it's mostly libpurple forks or copy/pasted into various clients and/or adium forks etc
  529. lovetox can one have a cert which is valid for 2 domains, as in a.org and b.org?
  530. Zash yes
  531. flow yes
  532. Zash subjectAlternativeNames can contain any number of identities
  533. lovetox ok, i knew wildcard, and subdomains, but was unsure about completely different ones
  534. lovetox :)
  535. Zash you can put a video of you playing with your cat in there
  536. moparisthebest what in the world https://github.com/poVoq/converse_wp/blob/5df09d931fb5b70a0fd854a006c5623240677aeb/conversejs.php#L140
  537. moparisthebest lovetox, but SNI only lets you request a cert valid for 1 domain, which is fun
  538. Millesimus has joined
  539. moparisthebest active project https://github.com/JustOxlamon/TwoRatChat/blob/8f75fa37f84367d7bc0fe9b61e0ff3554eda8c58/JabberNet-2.1.0.710/jabber/connection/HttpStanzaStream.cs#L107
  540. Link Mauve has left
  541. Link Mauve has joined
  542. mac has left
  543. 9lakes has left
  544. thomaslewis has joined
  545. 9lakes has joined
  546. mac has joined
  547. Wojtek has left
  548. thomaslewis has left
  549. thomaslewis has joined
  550. thomaslewis has left
  551. xnamed has joined
  552. Millesimus has left
  553. pasdesushi has left
  554. marc0s has left
  555. marc0s has joined
  556. thomaslewis has joined
  557. pasdesushi has joined
  558. thomaslewis has left
  559. Millesimus has joined
  560. atomicwatch has left
  561. moparisthebest no one has confirmed in pidgin muc yet, but looks to me like it supports BOSH only and is indeed vulnerable to mitm https://keep.imfreedom.org/pidgin/pidgin/file/tip/libpurple/protocols/jabber/bosh.c#l97
  562. moparisthebest unfortunately that looks like the biggest attack surface :'(
  563. moparisthebest (making at least pidgin, adium, chatty, thunderbird, and what else vulnerable ?)
  564. marc0s has left
  565. marc0s has joined
  566. Yagizа has left
  567. atomicwatch has joined
  568. me9 has joined
  569. msavoritias has left
  570. thomaslewis has joined
  571. thomaslewis has left
  572. Link Mauve has left
  573. thomaslewis has joined
  574. thomaslewis has left
  575. 9lakes has left
  576. 9lakes has joined
  577. Link Mauve has joined
  578. thomaslewis has joined
  579. me9 has left
  580. thomaslewis has left
  581. larma has left
  582. larma has joined
  583. marc0s has left
  584. marc0s has joined
  585. marc0s has left
  586. marc0s has joined
  587. marc0s has left
  588. marc0s has joined
  589. larma has left
  590. larma has joined
  591. larma has left
  592. larma has joined
  593. marmistrz has left
  594. mac has left
  595. homebeach has left
  596. Matrix Traveler (bot) has left
  597. Matrix Traveler (bot) has joined
  598. homebeach has joined
  599. marmistrz has joined
  600. marc0s has left
  601. marc0s has joined
  602. marmistrz has left
  603. atomicwatch has left
  604. PapaTutuWawa has left
  605. Alex has left
  606. thomaslewis has joined
  607. Mjolnir Archon has left
  608. Maranda has left
  609. thomaslewis has left
  610. marc0s has left
  611. marc0s has joined
  612. goffi has left
  613. emus has left
  614. Mjolnir Archon has joined
  615. Maranda has joined
  616. qwestion has joined
  617. SouL has left
  618. SouL has joined
  619. qwestion has left
  620. qwestion has joined
  621. huhn has left
  622. thomaslewis has joined
  623. thomaslewis has left
  624. pasdesushi has left
  625. thomaslewis has joined
  626. thomaslewis has left
  627. thomaslewis has joined
  628. thomaslewis has left
  629. debacle has left
  630. debacle has joined
  631. spectrum has left
  632. wurstsalat has left
  633. Pete has left