jdev - 2022-02-18


  1. nephele has joined

  2. kikuchiyo has left

  3. nephele has left

  4. emus has left

  5. SouL has left

  6. kikuchiyo has joined

  7. moparisthebest has joined

  8. debacle has left

  9. Zash has left

  10. thomaslewis has joined

  11. thomaslewis has left

  12. pasdesushi has left

  13. thomaslewis has joined

  14. thomaslewis has left

  15. thomaslewis has joined

  16. thomaslewis has left

  17. mac has left

  18. mac has joined

  19. larma has left

  20. cedar has left

  21. thomaslewis has joined

  22. thomaslewis has left

  23. cedar has joined

  24. mac has left

  25. mac has joined

  26. selurvedu has left

  27. Sam has left

  28. Sam has joined

  29. Yagizа has joined

  30. qwestion has left

  31. qwestion has joined

  32. qwestion has left

  33. qwestion has joined

  34. qwestion has left

  35. SouL has joined

  36. qwestion has joined

  37. qwestion has left

  38. qwestion has joined

  39. qwestion has left

  40. qwestion has joined

  41. qwestion has left

  42. qwestion has joined

  43. qwestion has left

  44. qwestion has joined

  45. qwestion has left

  46. qwestion has joined

  47. serge90 has left

  48. rafasaurus has left

  49. rafasaurus has joined

  50. atomicwatch has joined

  51. Millesimus has left

  52. qwestion has left

  53. qwestion has joined

  54. me9 has joined

  55. Millesimus has joined

  56. Millesimus has left

  57. marc0s has left

  58. marc0s has joined

  59. qwestion has left

  60. msavoritias has joined

  61. emus has joined

  62. marc0s has left

  63. marc0s has joined

  64. Millesimus has joined

  65. me9 has left

  66. qwestion has joined

  67. xecks has left

  68. wurstsalat has joined

  69. Vaulor has left

  70. Laura has left

  71. Laura has joined

  72. Alex has left

  73. debacle has joined

  74. qwestion has left

  75. Vaulor has joined

  76. goffi has joined

  77. lovetox has left

  78. lovetox has joined

  79. Alex has joined

  80. emus has left

  81. marc0s has left

  82. marc0s has joined

  83. marc0s has left

  84. marc0s has joined

  85. Martin has left

  86. Martin has joined

  87. goffi has left

  88. goffi has joined

  89. Dele Olajide has joined

  90. Dele Olajide has left

  91. Dele Olajide has joined

  92. emus has joined

  93. xecks has joined

  94. Dele Olajide has left

  95. Dele Olajide has joined

  96. Dele Olajide has left

  97. Dele Olajide has joined

  98. Laura has left

  99. Dele Olajide has left

  100. Laura has joined

  101. debacle has left

  102. pasdesushi has joined

  103. xecks has left

  104. kikuchiyo has left

  105. jubalh has left

  106. Vaulor has left

  107. Vaulor has joined

  108. nephele has joined

  109. kikuchiyo has joined

  110. nephele has left

  111. nephele has joined

  112. nephele has left

  113. marc0s has left

  114. marc0s has joined

  115. al has joined

  116. rafasaurus has left

  117. rafasaurus has joined

  118. jalal has left

  119. jalal has joined

  120. spectrum has left

  121. spectrum has joined

  122. nephele has joined

  123. nephele has left

  124. nephele has joined

  125. nephele has left

  126. nephele has joined

  127. nephele has left

  128. nephele has joined

  129. debacle has joined

  130. nephele has left

  131. Dele Olajide has joined

  132. Alex has left

  133. Alex has joined

  134. Zash has joined

  135. Dele Olajide has left

  136. Dele Olajide has joined

  137. Dele Olajide has left

  138. Dele Olajide has joined

  139. Dele Olajide has left

  140. Laura has left

  141. debacle has left

  142. nephele has joined

  143. nephele has left

  144. nephele has joined

  145. nephele has left

  146. Dele Olajide has joined

  147. nephele has joined

  148. nephele has left

  149. xecks has joined

  150. Dele Olajide has left

  151. Dele Olajide has joined

  152. Dele Olajide has left

  153. Dele Olajide has joined

  154. Dele Olajide has left

  155. Laura has joined

  156. al has left

  157. selurvedu has joined

  158. xecks has left

  159. PapaTutuWawa has joined

  160. Dele Olajide has joined

  161. Kev has left

  162. Kev has joined

  163. Dele Olajide has left

  164. Dele Olajide has joined

  165. Dele Olajide has left

  166. Dele Olajide has joined

  167. Wojtek has joined

  168. PapaTutuWawa has left

  169. Wojtek has left

  170. Wojtek has joined

  171. jubalh has joined

  172. thomaslewis has joined

  173. thomaslewis has left

  174. thomaslewis has joined

  175. thomaslewis has left

  176. Wojtek has left

  177. atomicwatch has left

  178. Wojtek has joined

  179. marc0s has left

  180. marc0s has joined

  181. atomicwatch has joined

  182. Wojtek has left

  183. homebeach has left

  184. Matrix Traveler (bot) has left

  185. Matrix Traveler (bot) has joined

  186. homebeach has joined

  187. Wojtek has joined

  188. xecks has joined

  189. Dele Olajide has left

  190. Wojtek has left

  191. Sam

    This is probably me being stupid, because I'm sure that I've done this before, but how do you get entity caps for the account JID? You're not likely to have a presence subscription to yourself and the stream feature is for the server, so if you need to check if your own account supports something you have to just do a disco#info request and can't cache the caps hash, I guess?

  192. mac has left

  193. xnamed has left

  194. 9lakes has left

  195. Zash

    Something about giving clients a pile of (jid, caps-hash) pairs is on my XEP wishlist.

  196. Zash

    I may even have a prototype somewhere, tho focused on e.g. components

  197. Wojtek has joined

  198. jalal has left

  199. Dele Olajide has joined

  200. jonas’

    Sam, I don't think that the account even gives you a disco#info caps hash

  201. Sam

    So I have to store features mapped to JIDs and features mapped to hashes mapped to JIDs? That doesn't seem ideal.

  202. Sam

    (but it tracks with how everything in XMPP is special cased; I also just discovered that there's *another* bookmarks compatibility thing I forgot about in 0411 and the whole time I was looking at conversations code it was actually using that and not the PEP native stuff, so I'm about ready to table flip and give up on developing an XMPP client at this point). Thanks for the confirmation anyways.

  203. Zash

    Hmm, JID→feature-set mapping seems sensible to have, no?

  204. Zash

    and caps hash can be derived from feature-set

  205. Sam

    Sure, it's sensible by itself, but not if I *also* have to do a JID->caps->feature-set and keep both and check both just in case a jid has or does not have caps

  206. Wojtek has left

  207. Zash

    What about the rare case of caps injection?

  208. qwestion has joined

  209. Sam

    What is caps injection?

  210. Zash

    or whatsitcalled, if someone manages to have two disco#info sets with the same caps

  211. Zash

    or whatsitcalled, if someone manages to have two disco#info sets with the same caps-hash

  212. Wojtek has joined

  213. Sam

    That would be bad, but it seems reasonable to assume the hash method is safe and that's not going to happen.

  214. Zash

    Wasn't the current disco#info and caps broken that way already due to something with separator characters?

  215. mac has joined

  216. Sam

    *facepalm* of course it would be, I'll have to look

  217. Sam

    There's a security considerations mention of caps poisoning, but it only mentions it for the legacy format (which I'm not bothering to support)

  218. jonas’

    "the legacy format"?

  219. jalal has joined

  220. Sam

    It's part of the spec. Caps was updated at some point so the spec contains a bunch of "how to be compatible with old caps" stuff

  221. jonas’

    to be clear: 0115 is still broken. 0390 is not broken, or at least I wouldn't know it was

  222. Sam

    0115 is broken but doesn't mention it anywhere?

  223. jonas’

    that seems accurate

  224. jonas’

    nothing stops you from stuffing a `>` in some var or so to generate a collision

  225. Sam

    Where can I find info about this? It seems *really* important that it be in the security considerations section or something

  226. jonas’

    mailing list post from 2008 or so

  227. Zash

    as usual 😱️

  228. Sam

    I really should just give up on XMPP, this is infuriating. Rage quitting for the day and will get back to this later. Thanks for letting me know.

  229. jonas’

    oh wow

  230. jonas’

    I *guessed* 2008

  231. jonas’

    it is in fact 2009, so I wasn't that far off

  232. jonas’

    https://mail.jabber.org/pipermail/security/2009-July/000812.html

  233. Zash

    https://xmpp.org/extensions/xep-0390.html#intro mentions it

  234. jonas’

    and the acknowledgements have a link to the mentioned mailing list post

  235. Zash

    You're right it should be added as a warning to '115

  236. jonas’

    hm, I should push for advancement of '390 and make us deprecate '115

  237. Zash

    More and more server forklift upgrade modules!

  238. Zash

    More and more server-side forklift upgrade modules!

  239. jonas’

    Sam, oh, so there's a bandaid in '115: > Note: If the four characters '&', 'l', 't', ';' appear consecutively in any of the factors of the verification string S (e.g., a service discovery identity of 'SomeClient&lt;http://jabber.org/protocol/muc') then that string of characters MUST be treated as literally '&lt;' and MUST NOT be converted to the character '<', because completing such a conversion would open the protocol to trivial attacks.

  240. jonas’

    but this is unclear, weird and I would be surprised if it was watertight (what about `&amp;lt;`?) or if everyone implements this correctly

  241. Zash

    :<

  242. Link Mauve

    Sam, 0411 has been superseded by 0402 though.

  243. Sam

    Link Mauve: yup, I'm using 0402. Turns out Other things are still using 0411 though.

  244. Sam

    (it also appears deprecated, not superseded, but that's a minor nit; it would just be easier to discover the new thing if we updated, that, might be worth doing at some point; adding it to my list of cleanup stuff to do / mail the list about)

  245. Link Mauve

    Superseded means another specification provides the same usecase, while deprecated and obsolete are statuses for the specification itself.

  246. Link Mauve

    A specification can be deprecated/obsoleted without any superseding one.

  247. Sam

    "deprecated but not superseded" I should say.

  248. Sam

    Oh, no, it is, nevermind

  249. Link Mauve

    The big red thing at the top mentions both.

  250. Link Mauve

    The one everyone conveniently skips. ^^'

  251. Sam

    I do the same thing every time (look at column headers for a "suprseded by" and don't read the boilerplate text that is different sometimes. Just a formatting thing.

  252. pulkomandy

    > The big red thing at the top mentions both. > The one everyone conveniently skips. ^^' The web trained us to ignore big flashing bright things because usually, they are ads and not relevant content (there is an ux study about this somewhere)

  253. Sam

    Anyways, regardless, back to the original issue: apparently I have to treat the account disco different from every other disco because I can't use caps for the first but can for everything else.

  254. jonas’

    Sam, no, you cannot use caps for MUC either, for instance

  255. jonas’

    (for instance)

  256. jonas’

    (nor for pubsub)

  257. Link Mauve

    For anything not sending you its presence.

  258. jonas’

    yeah

  259. jonas’

    Sam, FWIW, how I do it in aioxmpp is that the disco#info client code has a cache and the caps code listens for presences and injects stuff in the disco#info cache based on (validated) caps hash -> disco#info mappings (which it may also look up).

  260. jalal has left

  261. Link Mauve

    This is also how we do it in slixmpp fyi.

  262. Sam

    Cool, thank for confirming. I've got a lot of rewriting to do, but it's likely not happening this morning or I'm going to lose it. Time to step away from the computer and stop dealing with this for now. Thanks again.

  263. Wojtek has left

  264. Wojtek has joined

  265. nephele has joined

  266. jonas’

    pulkomandy, FTR, I skipped any kind of headers even before I started using the web ;)

  267. mac has left

  268. nephele has left

  269. Zash

    What's that, we need a deprecated+see-other-XEP metacombo?

  270. jonas’

    check in the xslt if there's any superseded by?

  271. 9lakes has joined

  272. Sam

    It's in the appendix as well; I'm going to submit a PR to add it to the top in a (hopefully?) more visible way too before I head out

  273. me9 has joined

  274. Sam

    Okay, I fixed at least the most minor of the things that have been bothering me this morning. I feel slightly better: https://github.com/xsf/xeps/pull/1167

  275. jalal has joined

  276. Link Mauve

    The big bright red place was not enough?

  277. Vaulor has left

  278. Link Mauve

    “Developers desiring similar functionality are advised to implement the protocol that supersedes this one (XEP-0402).” ← here.

  279. Sam

    It's easier to pull data out of a table quickly than it is to find it in paragraph

  280. Link Mauve

    “Developers desiring similar functionality are advised to implement the protocol that supersedes this one (XEP-0402).” ← here.

  281. Link Mauve

    “Developers desiring similar functionality are advised to implement the protocol that supersedes this one (XEP-0402).” ← here.

  282. homebeach has left

  283. Matrix Traveler (bot) has left

  284. Matrix Traveler (bot) has joined

  285. homebeach has joined

  286. Sam

    Plus this is a standard warning so you don't expect it to change so you glance right over it and don't read it because you've read it a thousand times before and it doesn't include a link at the end

  287. Dele Olajide has left

  288. Sam

    (or at least, I do)

  289. 9lakes has left

  290. Dele Olajide has joined

  291. Dele Olajide has left

  292. Dele Olajide has joined

  293. Dele Olajide has left

  294. mac has joined

  295. marc0s has left

  296. marc0s has joined

  297. pasdesushi has left

  298. pasdesushi has joined

  299. Dele Olajide has joined

  300. Dele Olajide has left

  301. qwestion has left

  302. jubalh has left

  303. jonas’

    Sam, I like it, thanks!

  304. jonas’

    will be in the next round of XEP rebuilds (tuesday)

  305. Vaulor has joined

  306. Millesimus has left

  307. Sam

    jonas’: Thanks, that should fix me always missing that anyways

  308. cedar has left

  309. selurvedu has left

  310. selurvedu has joined

  311. cedar has joined

  312. J Marinaro has left

  313. emus has left

  314. xnamed has joined

  315. xnamed has left

  316. mac has left

  317. emus has joined

  318. xnamed has joined

  319. Laura has left

  320. mac has joined

  321. Laura has joined

  322. xecks has left

  323. xecks has joined

  324. me9 has left

  325. Dele Olajide has joined

  326. qwestion has joined

  327. Yagizа has left

  328. J Marinaro has joined

  329. Wojtek has left

  330. jubalh has joined

  331. Millesimus has joined

  332. Dele Olajide has left

  333. debacle has joined

  334. jubalh has left

  335. alacer has joined

  336. alacer has left

  337. alacer has joined

  338. jubalh has joined

  339. cedar has left

  340. cedar has joined

  341. jubalh has left

  342. alacer has left

  343. jubalh has joined

  344. cedar has left

  345. cedar has joined

  346. PapaTutuWawa has joined

  347. xecks has left

  348. mac has left

  349. emus has left

  350. xecks has joined

  351. emus has joined

  352. me9 has joined

  353. Sam

    How are others defending against the pre-image attacks listed in this email from earlier? I'm back at my desk now and I can do the note the XEP mentions for attack 1, but as the email mentioned I see no way it's possible to defend against some of the others. Attack 4 can be worked around, but are people doing that? the XEP doesn't even mention that one.

  354. jonas’

    probably not

  355. Zash

    By not worrying too much about it, I imagine.

  356. jonas’

    Sam, there's a reason I made XEP-0390 after all

  357. Zash

    You could also separate caches

  358. Sam

    yah, that's what I suspected. That's unfortunate. Maybe it's not worth actually implementing the fix since there will be other trivial ones that can't be fixed.

  359. homebeach has left

  360. Matrix Traveler (bot) has left

  361. Matrix Traveler (bot) has joined

  362. homebeach has joined

  363. Link Mauve

    I usually try to make sure to have one cache per JID, which somewhat defeats the point.

  364. Link Mauve

    I also try to advocate for XEP-0390, but with few results so far.

  365. Link Mauve

    I made a Prosody module which gives 0390 hashes to every local user which has published caps.

  366. Zash

    Doesn't defeat the point, I think, you reduce traffic to 1 query per client/change at least.

  367. Link Mauve

    Yeah.

  368. Zash

    And it's probably possible to store the data efficiently, if you e.g. use the '390 algorithm or some XML normalization to deduplicate the disco#info payloads

  369. Zash

    As in, use it internally

  370. PapaTutuWawa has left

  371. jubalh has left

  372. SouL has left

  373. qwestion has left

  374. nephele has joined

  375. xnamed has left

  376. nephele has left

  377. nephele has joined

  378. SouL has joined

  379. nephele has left

  380. nephele has joined

  381. nephele has left

  382. nephele has joined

  383. nephele has left

  384. xnamed has joined

  385. paul has left

  386. jubalh has joined

  387. paul has joined

  388. SouL has left

  389. SouL has joined

  390. me9 has left

  391. atomicwatch has left

  392. xecks has left

  393. xecks has joined

  394. nephele has joined

  395. qwestion has joined

  396. nephele has left

  397. nephele has joined

  398. nephele has left

  399. mathieui

    do we have some kind of consensus-ish view on how media cards should be standardized in XMPP?

  400. mathieui

    (the main issue here in my opinion is privacy considerations, should a server proxy/cache media if it can, what should be the default, etc)

  401. Zash

    do we have some kind of definition of what "media cards" are?

  402. Link Mauve

    mod_ogp’s kind?

  403. mathieui

    I think twitter has the gist of it, declined differently on all the different platforms though of course, https://developer.twitter.com/en/docs/twitter-for-websites/cards/overview/abouts-cards

  404. pasdesushi has left

  405. pasdesushi has joined

  406. mathieui

    Link Mauve, yeah, somewhat

  407. mathieui

    ofc there is also the question of embedding media & players, which is done through iframes in the various web things

  408. Link Mauve

    Right, we can’t really have iframes in poezio.

  409. Link Mauve

    … or can we?

  410. mathieui

    DON’T

  411. Link Mauve

    :3

  412. jalal has left

  413. Link Mauve

    I think what we’re really lacking in poezio so far is WebGL.

  414. Link Mauve

    Thankfully, I have a half-block backend in GLFW, using a render node directly!

  415. mathieui

    can’t we run a virtual display with llvmpipe enabled, then run a webgl-capable browser in fullscreen and take 30 screenshots a second, converted to half-blocks?

  416. Link Mauve

    https://linkmauve.fr/files/wayland-screenshot-2019-12-24_20-54-26.png

  417. Link Mauve

    Oh wow, that old!

  418. Link Mauve

    mathieui, nah, llvmpipe is too slow, I’d rather poezio use my server’s GPU!

  419. Link Mauve

    And as that one game once said…

  420. Link Mauve

    https://linkmauve.fr/files/wayland-screenshot-2020-08-23_01-05-06.png

  421. jonas’

    mplayer has a libaa backend

  422. Link Mauve

    And mpv has --vo=tct, which was my source of inspiration. :)

  423. Link Mauve

    If I still had a Khronos sponsorship, I could have added an EGL platform for the terminal!

  424. contrapunctus has left

  425. thomaslewis has joined

  426. xecks has left

  427. xecks has joined

  428. thomaslewis has left

  429. qwestion has left

  430. qwestion has joined

  431. qwestion has left

  432. qwestion has joined

  433. larma has joined

  434. nephele has joined

  435. Laura has left

  436. Laura has joined

  437. nephele has left

  438. Alex has left

  439. nephele has joined

  440. nephele has left

  441. nephele has joined

  442. nephele has left

  443. nephele has joined

  444. msavoritias has left

  445. nephele has left

  446. SouL has left

  447. larma has left

  448. goffi has left