jdev - 2022-02-18

  1. nephele has joined
  2. kikuchiyo has left
  3. nephele has left
  4. emus has left
  5. SouL has left
  6. kikuchiyo has joined
  7. moparisthebest has joined
  8. debacle has left
  9. Zash has left
  10. thomaslewis has joined
  11. thomaslewis has left
  12. pasdesushi has left
  13. thomaslewis has joined
  14. thomaslewis has left
  15. thomaslewis has joined
  16. thomaslewis has left
  17. mac has left
  18. mac has joined
  19. larma has left
  20. cedar has left
  21. thomaslewis has joined
  22. thomaslewis has left
  23. cedar has joined
  24. mac has left
  25. mac has joined
  26. selurvedu has left
  27. Sam has left
  28. Sam has joined
  29. Yagizа has joined
  30. qwestion has left
  31. qwestion has joined
  32. qwestion has left
  33. qwestion has joined
  34. qwestion has left
  35. SouL has joined
  36. qwestion has joined
  37. qwestion has left
  38. qwestion has joined
  39. qwestion has left
  40. qwestion has joined
  41. qwestion has left
  42. qwestion has joined
  43. qwestion has left
  44. qwestion has joined
  45. qwestion has left
  46. qwestion has joined
  47. serge90 has left
  48. rafasaurus has left
  49. rafasaurus has joined
  50. atomicwatch has joined
  51. Millesimus has left
  52. qwestion has left
  53. qwestion has joined
  54. me9 has joined
  55. Millesimus has joined
  56. Millesimus has left
  57. marc0s has left
  58. marc0s has joined
  59. qwestion has left
  60. msavoritias has joined
  61. emus has joined
  62. marc0s has left
  63. marc0s has joined
  64. Millesimus has joined
  65. me9 has left
  66. qwestion has joined
  67. xecks has left
  68. wurstsalat has joined
  69. Vaulor has left
  70. Laura has left
  71. Laura has joined
  72. Alex has left
  73. debacle has joined
  74. qwestion has left
  75. Vaulor has joined
  76. goffi has joined
  77. lovetox has left
  78. lovetox has joined
  79. Alex has joined
  80. emus has left
  81. marc0s has left
  82. marc0s has joined
  83. marc0s has left
  84. marc0s has joined
  85. Martin has left
  86. Martin has joined
  87. goffi has left
  88. goffi has joined
  89. Dele Olajide has joined
  90. Dele Olajide has left
  91. Dele Olajide has joined
  92. emus has joined
  93. xecks has joined
  94. Dele Olajide has left
  95. Dele Olajide has joined
  96. Dele Olajide has left
  97. Dele Olajide has joined
  98. Laura has left
  99. Dele Olajide has left
  100. Laura has joined
  101. debacle has left
  102. pasdesushi has joined
  103. xecks has left
  104. kikuchiyo has left
  105. jubalh has left
  106. Vaulor has left
  107. Vaulor has joined
  108. nephele has joined
  109. kikuchiyo has joined
  110. nephele has left
  111. nephele has joined
  112. nephele has left
  113. marc0s has left
  114. marc0s has joined
  115. al has joined
  116. rafasaurus has left
  117. rafasaurus has joined
  118. jalal has left
  119. jalal has joined
  120. spectrum has left
  121. spectrum has joined
  122. nephele has joined
  123. nephele has left
  124. nephele has joined
  125. nephele has left
  126. nephele has joined
  127. nephele has left
  128. nephele has joined
  129. debacle has joined
  130. nephele has left
  131. Dele Olajide has joined
  132. Alex has left
  133. Alex has joined
  134. Zash has joined
  135. Dele Olajide has left
  136. Dele Olajide has joined
  137. Dele Olajide has left
  138. Dele Olajide has joined
  139. Dele Olajide has left
  140. Laura has left
  141. debacle has left
  142. nephele has joined
  143. nephele has left
  144. nephele has joined
  145. nephele has left
  146. Dele Olajide has joined
  147. nephele has joined
  148. nephele has left
  149. xecks has joined
  150. Dele Olajide has left
  151. Dele Olajide has joined
  152. Dele Olajide has left
  153. Dele Olajide has joined
  154. Dele Olajide has left
  155. Laura has joined
  156. al has left
  157. selurvedu has joined
  158. xecks has left
  159. PapaTutuWawa has joined
  160. Dele Olajide has joined
  161. Kev has left
  162. Kev has joined
  163. Dele Olajide has left
  164. Dele Olajide has joined
  165. Dele Olajide has left
  166. Dele Olajide has joined
  167. Wojtek has joined
  168. PapaTutuWawa has left
  169. Wojtek has left
  170. Wojtek has joined
  171. jubalh has joined
  172. thomaslewis has joined
  173. thomaslewis has left
  174. thomaslewis has joined
  175. thomaslewis has left
  176. Wojtek has left
  177. atomicwatch has left
  178. Wojtek has joined
  179. marc0s has left
  180. marc0s has joined
  181. atomicwatch has joined
  182. Wojtek has left
  183. homebeach has left
  184. Matrix Traveler (bot) has left
  185. Matrix Traveler (bot) has joined
  186. homebeach has joined
  187. Wojtek has joined
  188. xecks has joined
  189. Dele Olajide has left
  190. Wojtek has left
  191. Sam This is probably me being stupid, because I'm sure that I've done this before, but how do you get entity caps for the account JID? You're not likely to have a presence subscription to yourself and the stream feature is for the server, so if you need to check if your own account supports something you have to just do a disco#info request and can't cache the caps hash, I guess?
  192. mac has left
  193. xnamed has left
  194. 9lakes has left
  195. Zash Something about giving clients a pile of (jid, caps-hash) pairs is on my XEP wishlist.
  196. Zash I may even have a prototype somewhere, tho focused on e.g. components
  197. Wojtek has joined
  198. jalal has left
  199. Dele Olajide has joined
  200. jonas’ Sam, I don't think that the account even gives you a disco#info caps hash
  201. Sam So I have to store features mapped to JIDs and features mapped to hashes mapped to JIDs? That doesn't seem ideal.
  202. Sam (but it tracks with how everything in XMPP is special cased; I also just discovered that there's *another* bookmarks compatibility thing I forgot about in 0411 and the whole time I was looking at conversations code it was actually using that and not the PEP native stuff, so I'm about ready to table flip and give up on developing an XMPP client at this point). Thanks for the confirmation anyways.
  203. Zash Hmm, JID→feature-set mapping seems sensible to have, no?
  204. Zash and caps hash can be derived from feature-set
  205. Sam Sure, it's sensible by itself, but not if I *also* have to do a JID->caps->feature-set and keep both and check both just in case a jid has or does not have caps
  206. Wojtek has left
  207. Zash What about the rare case of caps injection?
  208. qwestion has joined
  209. Sam What is caps injection?
  210. Zash or whatsitcalled, if someone manages to have two disco#info sets with the same caps
  211. Zash or whatsitcalled, if someone manages to have two disco#info sets with the same caps-hash
  212. Wojtek has joined
  213. Sam That would be bad, but it seems reasonable to assume the hash method is safe and that's not going to happen.
  214. Zash Wasn't the current disco#info and caps broken that way already due to something with separator characters?
  215. mac has joined
  216. Sam *facepalm* of course it would be, I'll have to look
  217. Sam There's a security considerations mention of caps poisoning, but it only mentions it for the legacy format (which I'm not bothering to support)
  218. jonas’ "the legacy format"?
  219. jalal has joined
  220. Sam It's part of the spec. Caps was updated at some point so the spec contains a bunch of "how to be compatible with old caps" stuff
  221. jonas’ to be clear: 0115 is still broken. 0390 is not broken, or at least I wouldn't know it was
  222. Sam 0115 is broken but doesn't mention it anywhere?
  223. jonas’ that seems accurate
  224. jonas’ nothing stops you from stuffing a `>` in some var or so to generate a collision
  225. Sam Where can I find info about this? It seems *really* important that it be in the security considerations section or something
  226. jonas’ mailing list post from 2008 or so
  227. Zash as usual 😱️
  228. Sam I really should just give up on XMPP, this is infuriating. Rage quitting for the day and will get back to this later. Thanks for letting me know.
  229. jonas’ oh wow
  230. jonas’ I *guessed* 2008
  231. jonas’ it is in fact 2009, so I wasn't that far off
  232. jonas’ https://mail.jabber.org/pipermail/security/2009-July/000812.html
  233. Zash https://xmpp.org/extensions/xep-0390.html#intro mentions it
  234. jonas’ and the acknowledgements have a link to the mentioned mailing list post
  235. Zash You're right it should be added as a warning to '115
  236. jonas’ hm, I should push for advancement of '390 and make us deprecate '115
  237. Zash More and more server forklift upgrade modules!
  238. Zash More and more server-side forklift upgrade modules!
  239. jonas’ Sam, oh, so there's a bandaid in '115: > Note: If the four characters '&', 'l', 't', ';' appear consecutively in any of the factors of the verification string S (e.g., a service discovery identity of 'SomeClient&lt;http://jabber.org/protocol/muc') then that string of characters MUST be treated as literally '&lt;' and MUST NOT be converted to the character '<', because completing such a conversion would open the protocol to trivial attacks.
  240. jonas’ but this is unclear, weird and I would be surprised if it was watertight (what about `&amp;lt;`?) or if everyone implements this correctly
  241. Zash :<
  242. Link Mauve Sam, 0411 has been superseded by 0402 though.
  243. Sam Link Mauve: yup, I'm using 0402. Turns out Other things are still using 0411 though.
  244. Sam (it also appears deprecated, not superseded, but that's a minor nit; it would just be easier to discover the new thing if we updated, that, might be worth doing at some point; adding it to my list of cleanup stuff to do / mail the list about)
  245. Link Mauve Superseded means another specification provides the same usecase, while deprecated and obsolete are statuses for the specification itself.
  246. Link Mauve A specification can be deprecated/obsoleted without any superseding one.
  247. Sam "deprecated but not superseded" I should say.
  248. Sam Oh, no, it is, nevermind
  249. Link Mauve The big red thing at the top mentions both.
  250. Link Mauve The one everyone conveniently skips. ^^'
  251. Sam I do the same thing every time (look at column headers for a "suprseded by" and don't read the boilerplate text that is different sometimes. Just a formatting thing.
  252. pulkomandy > The big red thing at the top mentions both. > The one everyone conveniently skips. ^^' The web trained us to ignore big flashing bright things because usually, they are ads and not relevant content (there is an ux study about this somewhere)
  253. Sam Anyways, regardless, back to the original issue: apparently I have to treat the account disco different from every other disco because I can't use caps for the first but can for everything else.
  254. jonas’ Sam, no, you cannot use caps for MUC either, for instance
  255. jonas’ (for instance)
  256. jonas’ (nor for pubsub)
  257. Link Mauve For anything not sending you its presence.
  258. jonas’ yeah
  259. jonas’ Sam, FWIW, how I do it in aioxmpp is that the disco#info client code has a cache and the caps code listens for presences and injects stuff in the disco#info cache based on (validated) caps hash -> disco#info mappings (which it may also look up).
  260. jalal has left
  261. Link Mauve This is also how we do it in slixmpp fyi.
  262. Sam Cool, thank for confirming. I've got a lot of rewriting to do, but it's likely not happening this morning or I'm going to lose it. Time to step away from the computer and stop dealing with this for now. Thanks again.
  263. Wojtek has left
  264. Wojtek has joined
  265. nephele has joined
  266. jonas’ pulkomandy, FTR, I skipped any kind of headers even before I started using the web ;)
  267. mac has left
  268. nephele has left
  269. Zash What's that, we need a deprecated+see-other-XEP metacombo?
  270. jonas’ check in the xslt if there's any superseded by?
  271. 9lakes has joined
  272. Sam It's in the appendix as well; I'm going to submit a PR to add it to the top in a (hopefully?) more visible way too before I head out
  273. me9 has joined
  274. Sam Okay, I fixed at least the most minor of the things that have been bothering me this morning. I feel slightly better: https://github.com/xsf/xeps/pull/1167
  275. jalal has joined
  276. Link Mauve The big bright red place was not enough?
  277. Vaulor has left
  278. Link Mauve “Developers desiring similar functionality are advised to implement the protocol that supersedes this one (XEP-0402).” ← here.
  279. Sam It's easier to pull data out of a table quickly than it is to find it in paragraph
  280. Link Mauve “Developers desiring similar functionality are advised to implement the protocol that supersedes this one (XEP-0402).” ← here.
  281. Link Mauve “Developers desiring similar functionality are advised to implement the protocol that supersedes this one (XEP-0402).” ← here.
  282. homebeach has left
  283. Matrix Traveler (bot) has left
  284. Matrix Traveler (bot) has joined
  285. homebeach has joined
  286. Sam Plus this is a standard warning so you don't expect it to change so you glance right over it and don't read it because you've read it a thousand times before and it doesn't include a link at the end
  287. Dele Olajide has left
  288. Sam (or at least, I do)
  289. 9lakes has left
  290. Dele Olajide has joined
  291. Dele Olajide has left
  292. Dele Olajide has joined
  293. Dele Olajide has left
  294. mac has joined
  295. marc0s has left
  296. marc0s has joined
  297. pasdesushi has left
  298. pasdesushi has joined
  299. Dele Olajide has joined
  300. Dele Olajide has left
  301. qwestion has left
  302. jubalh has left
  303. jonas’ Sam, I like it, thanks!
  304. jonas’ will be in the next round of XEP rebuilds (tuesday)
  305. Vaulor has joined
  306. Millesimus has left
  307. Sam jonas’: Thanks, that should fix me always missing that anyways
  308. cedar has left
  309. selurvedu has left
  310. selurvedu has joined
  311. cedar has joined
  312. J Marinaro has left
  313. emus has left
  314. xnamed has joined
  315. xnamed has left
  316. mac has left
  317. emus has joined
  318. xnamed has joined
  319. Laura has left
  320. mac has joined
  321. Laura has joined
  322. xecks has left
  323. xecks has joined
  324. me9 has left
  325. Dele Olajide has joined
  326. qwestion has joined
  327. Yagizа has left
  328. J Marinaro has joined
  329. Wojtek has left
  330. jubalh has joined
  331. Millesimus has joined
  332. Dele Olajide has left
  333. debacle has joined
  334. jubalh has left
  335. alacer has joined
  336. alacer has left
  337. alacer has joined
  338. jubalh has joined
  339. cedar has left
  340. cedar has joined
  341. jubalh has left
  342. alacer has left
  343. jubalh has joined
  344. cedar has left
  345. cedar has joined
  346. PapaTutuWawa has joined
  347. xecks has left
  348. mac has left
  349. emus has left
  350. xecks has joined
  351. emus has joined
  352. me9 has joined
  353. Sam How are others defending against the pre-image attacks listed in this email from earlier? I'm back at my desk now and I can do the note the XEP mentions for attack 1, but as the email mentioned I see no way it's possible to defend against some of the others. Attack 4 can be worked around, but are people doing that? the XEP doesn't even mention that one.
  354. jonas’ probably not
  355. Zash By not worrying too much about it, I imagine.
  356. jonas’ Sam, there's a reason I made XEP-0390 after all
  357. Zash You could also separate caches
  358. Sam yah, that's what I suspected. That's unfortunate. Maybe it's not worth actually implementing the fix since there will be other trivial ones that can't be fixed.
  359. homebeach has left
  360. Matrix Traveler (bot) has left
  361. Matrix Traveler (bot) has joined
  362. homebeach has joined
  363. Link Mauve I usually try to make sure to have one cache per JID, which somewhat defeats the point.
  364. Link Mauve I also try to advocate for XEP-0390, but with few results so far.
  365. Link Mauve I made a Prosody module which gives 0390 hashes to every local user which has published caps.
  366. Zash Doesn't defeat the point, I think, you reduce traffic to 1 query per client/change at least.
  367. Link Mauve Yeah.
  368. Zash And it's probably possible to store the data efficiently, if you e.g. use the '390 algorithm or some XML normalization to deduplicate the disco#info payloads
  369. Zash As in, use it internally
  370. PapaTutuWawa has left
  371. jubalh has left
  372. SouL has left
  373. qwestion has left
  374. nephele has joined
  375. xnamed has left
  376. nephele has left
  377. nephele has joined
  378. SouL has joined
  379. nephele has left
  380. nephele has joined
  381. nephele has left
  382. nephele has joined
  383. nephele has left
  384. xnamed has joined
  385. paul has left
  386. jubalh has joined
  387. paul has joined
  388. SouL has left
  389. SouL has joined
  390. me9 has left
  391. atomicwatch has left
  392. xecks has left
  393. xecks has joined
  394. nephele has joined
  395. qwestion has joined
  396. nephele has left
  397. nephele has joined
  398. nephele has left
  399. mathieui do we have some kind of consensus-ish view on how media cards should be standardized in XMPP?
  400. mathieui (the main issue here in my opinion is privacy considerations, should a server proxy/cache media if it can, what should be the default, etc)
  401. Zash do we have some kind of definition of what "media cards" are?
  402. Link Mauve mod_ogp’s kind?
  403. mathieui I think twitter has the gist of it, declined differently on all the different platforms though of course, https://developer.twitter.com/en/docs/twitter-for-websites/cards/overview/abouts-cards
  404. pasdesushi has left
  405. pasdesushi has joined
  406. mathieui Link Mauve, yeah, somewhat
  407. mathieui ofc there is also the question of embedding media & players, which is done through iframes in the various web things
  408. Link Mauve Right, we can’t really have iframes in poezio.
  409. Link Mauve … or can we?
  410. mathieui DON’T
  411. Link Mauve :3
  412. jalal has left
  413. Link Mauve I think what we’re really lacking in poezio so far is WebGL.
  414. Link Mauve Thankfully, I have a half-block backend in GLFW, using a render node directly!
  415. mathieui can’t we run a virtual display with llvmpipe enabled, then run a webgl-capable browser in fullscreen and take 30 screenshots a second, converted to half-blocks?
  416. Link Mauve https://linkmauve.fr/files/wayland-screenshot-2019-12-24_20-54-26.png
  417. Link Mauve Oh wow, that old!
  418. Link Mauve mathieui, nah, llvmpipe is too slow, I’d rather poezio use my server’s GPU!
  419. Link Mauve And as that one game once said…
  420. Link Mauve https://linkmauve.fr/files/wayland-screenshot-2020-08-23_01-05-06.png
  421. jonas’ mplayer has a libaa backend
  422. Link Mauve And mpv has --vo=tct, which was my source of inspiration. :)
  423. Link Mauve If I still had a Khronos sponsorship, I could have added an EGL platform for the terminal!
  424. contrapunctus has left
  425. thomaslewis has joined
  426. xecks has left
  427. xecks has joined
  428. thomaslewis has left
  429. qwestion has left
  430. qwestion has joined
  431. qwestion has left
  432. qwestion has joined
  433. larma has joined
  434. nephele has joined
  435. Laura has left
  436. Laura has joined
  437. nephele has left
  438. Alex has left
  439. nephele has joined
  440. nephele has left
  441. nephele has joined
  442. nephele has left
  443. nephele has joined
  444. msavoritias has left
  445. nephele has left
  446. SouL has left
  447. larma has left
  448. goffi has left