Yay! I am not alone! https://gist.github.com/ValdikSS/30f866602413c036e4e6924c1895b838
goffi
Ge0rG: you are not alone willing to improve clients, but you should understand that we (clients developers) have limited time and resources.
mathieui
I think Ge0rG understands that just as much as other client developers
Ge0rG
mathieui: or even more so.
Ge0rG
The last yaxim release has been two years ago.
Ge0rG
But I have good news to announce. I found a critical vulnerability in yaxim that requires an immediate release!
Zash
Nothing like a security issue to speed up the release schedule :D
mathieuislowly fades out in the background
Guushas left
manchohas left
Viniloxhas joined
Steve Killehas left
Guushas joined
Steve Killehas left
Guushas left
Guushas joined
intosihas left
intosihas joined
Guushas left
Guushas joined
Ge0rG
does anyone know if xabber is still considered as maintained?
Flow
Ge0rG: yes, gregory is very active
Flow
he's contributing to smack as well as commiting to xabber
Ge0rG
Flow: do you happen to have his jid?
manchohas left
Flow
No, I'd contact him via mail
Flow
btw, the development seems to happen in the 'develop' branch and not in 'master': https://github.com/redsolution/xabber-android/tree/develop
Flow
Which is a pitty as it makes the project appear inactive while it isn't
Flow
uh, grigory that is
Valerianhas left
Valerianhas joined
Ge0rGhas joined
Valerianhas left
Valerianhas joined
Steve Killehas left
liebrehas joined
Guushas left
Guushas joined
Valerianhas left
intosihas left
intosihas joined
danielhas left
danielhas joined
Sonnyhas left
Sonnyhas joined
kalkinhas left
Ge0rG
O tempora, o mores! Some mediated MUC invitations contain <x xmlns="jabber:x:conference"/>, despite not being required, others don't.
moparisthebesthas left
moparisthebesthas joined
Ge0rG
is that a groupchat 1.0 invitation?
Zash
Yes, and also direct MUC invitation.
Ge0rG
which have a different schema.
Ge0rG
the MUC code I inherited first checks for presence of <x xmlns="jabber:x:conference"/>, then parses <x xmlns="http://jabber.org/protocol/muc#user"><invite /></x>
Ge0rG
which is bound to fail on non-groupchat1-servers and for direct invitations
liebrehas left
Sonnyhas left
Steve Killehas left
Sonnyhas joined
Valerianhas joined
Sonnyhas left
Sonnyhas joined
Ge0rGhas left
Guushas left
Guushas joined
Guushas left
Guushas joined
Ge0rGhas left
Ge0rGhas left
intosihas left
intosihas joined
Ge0rGhas left
Yagizahas joined
manchohas left
Guushas left
Guushas joined
Alexhas left
Ge0rGhas left
jerehas joined
waqashas joined
SamWhitedhas left
SamWhitedhas joined
vanitasvitaehas left
daurnimatorhas left
Guushas left
Guushas joined
daurnimatorhas left
Steve Killehas left
Guushas left
Guushas joined
Steve Killehas joined
Sonnyhas left
Sonnyhas joined
Zash
fippo, do you have a socket library with MSG_PEEK support?
Ge0rGhas left
waqashas left
Alexhas joined
Tobias
Zash, it's supported by BSDs and Linux, end even abstraction libs like libuv
Zash
High level socket library*
Zash
LuaSocket doesn't afaik
SamWhitedhas left
SamWhitedhas joined
Tobias
libuv is pretty high level
fippo
zash: proper C and good old select() :-)
Ge0rGhas left
pep.has left
fippo
zash: it doesn't have to be peek. if you can get your first batch of tcp data and then decide whether to put it into openssl or your xml parser that is sufficient. i found peek very convenient for the way i dealt with openssl (not using bios... a decade later i know how to do that too :-))
manchohas left
daurnimatorhas left
daurnimatorhas left
Ge0rGhas left
moparisthebest
and that's a nifty feature, but I just let sslh handle all that for me
moparisthebest
because I don't want an xmpp server doing xml and TLS on 443, I want https, imaps, smtps, xmpps, ircs etc etc etc all on 443
Holger
sslh is nice indeed, except that it currently only supports select() or fork().
mhterreshas left
Holger
It should just use libev or something ...
moparisthebest
he's very receptive to patches Holger, wink wink :)
moparisthebest
haproxy supposedly supports doing the same stuff and I think it uses libev and zero-copy stuff etc
moparisthebest
I haven't tried it though
Zash
libev, libuv, libevent hrrrrr
Holger
moparisthebest: :-) Yes I was going to add libev support next time I'm bored.
Tobias
Zash, yeah...all the same stuff that requires to give up runtime control :/
Zash
I'll just write my own network lib, with hookers, and blackjack!
Holger
moparisthebest: Should be really simple.
Tobias
bite my shiny little network lib :P
moparisthebest
I'm hoping you get bored soon Holger , the sslh code is rather nice for C in my opinion, I'm not really a C developer
Zash
Why hasn't that moved into systemd yet?
Tobias
how can you judge the niceness of C code, when you're not really a C developer?
I mean, I write C code sometimes, but I'm primarily a Java developer
moparisthebest
and some C code makes me wince and other looks nice :)
Zash
Tobias: TLS support in the socket activation bits of the init system? Surely you can get a few CVEs out of that?
Tobias
Zash, but it seems they go for low hanging CVEs instead of complicated TLS/socket CVEs ...as soon as OpenSSL and systemd reach the same code quality level they could merge that in...running OpenSSL code in PID 1, a dream come true
intosi
moparisthebest: isn't that true in any language?
moparisthebest
intosi, yes of course, I was only commenting that in my opinion the sslh code looked like nice C code
intosi
Bad coders will create awful code, no matter how nice the language. C doesn't only hand you the gun, it detaults to pointing it at your feet, making bad coding that much more obvious, but bad devs will go at lenghts to point guns towards feet.
waqashas joined
kaboomhas joined
kaboomhas left
kaboomhas joined
kaboomhas left
jubalhhas joined
Guushas left
Guushas joined
winfriedhas joined
winfriedhas joined
jcbrandhas left
mimi89999has left
jubalhhas left
xyzhas joined
jubalhhas joined
tim@boese-ban.dehas left
Guushas left
Guushas joined
Ge0rGhas left
mimi89999has left
mimi89999has left
mimi89999has joined
mimi89999has left
mimi89999has left
mimi89999has joined
xyzhas left
Yagizahas left
danielhas left
danielhas joined
Ge0rG
intosi: C is rather easy to use correctly when compared to C++
manchohas left
Zash
pointer to pointer to array of pointer to structs full of pointers to pointers hurts my head tho
danielhas left
danielhas joined
Holger
Actually it's one of the few languages that feels like it more or less completely fits into my brain.
Holger
Unlike these C++/Scala/whatever monsters.
Zash
Sure, yeah. C and Lua <3
Zash
C with moderate use of pointer indirection :)
Holger
Yes C and Lua, and Erlang falls into that category as well :-) Most others don't.
Sonnyhas left
Sonnyhas joined
Ge0rG
Zash: arrays in C are a lie!
kalkin
You guys should try forth. Its so easy to implement it itself in asm.
Zash
Ge0rG: No, all memory is a giant array.
kalkin
It's minimal and your software ends up written in a DSL like language which makes fits your software
kalkin
S/makes//
Zash
So many languages. So few ideas about what to do with them.
Ge0rG
kalkin: I've written a robot control application in Z80 Forth some 20 years ago. Most find some time to blog it
Zashthrows a handfull of tiny magnetic rings at Ge0rG
intosi
Wait, I need to fix things on my SPARC, glad Openboot has forth built in ;)
xyzhas joined
Ge0rG
Zash: damn it, you just made me realize that /me notifications in yaxim are broken.
Zash
Ge0rG: You are welcome
SamWhitedhas left
Lancehas joined
xyzhas left
Ge0rG
Zash: thanks! βΊοΈ
Zash
Ge0rG: Speaking of which, is Yaxim still built with Smack versions from before SCRAM was implemented?
Holgerhas left
SamWhitedhas left
dwd
Both major C++ projects I've done recently went sailing through COverity et al without anything major being found. OTOH, their C dependencies were pretty scary.
danielhas left
danielhas joined
danielhas left
danielhas joined
Ge0rG
Zash: smack 3.something
danielhas left
danielhas joined
blipphas left
blipphas joined
brahas left
Valerianhas left
Valerianhas joined
danielhas left
danielhas joined
brahas joined
danielhas left
danielhas joined
Valerianhas left
danielhas left
danielhas joined
Alexhas left
danielhas left
danielhas joined
mimi89999has left
holgerhas joined
holgerhas left
holgerhas joined
holgerhas left
holgerhas joined
holgerhas left
Lancehas left
Steve Killehas left
Steve Killehas left
Sonnyhas left
Sonnyhas joined
Steve Killehas joined
brahas left
brahas joined
brahas left
brahas joined
brahas left
brahas joined
brahas left
brahas joined
danielhas left
danielhas joined
danielhas left
danielhas joined
SamWhitedhas left
danielhas left
danielhas joined
Sonnyhas left
Sonnyhas joined
archas left
archas joined
Sonnyhas left
Sonnyhas joined
brahas left
Steve Killehas left
manchohas left
danielhas left
Sonnyhas left
Sonnyhas joined
danielhas joined
Valerianhas joined
danielhas left
danielhas joined
brahas joined
Valerianhas left
Valerianhas joined
Guushas left
Guushas joined
daurnimatorhas left
danielhas left
brahas left
brahas joined
danielhas joined
intosihas left
danielhas left
danielhas joined
Guushas left
Guushas joined
Guushas left
Sonnyhas left
Sonnyhas joined
Guushas joined
danielhas left
danielhas joined
Sonnyhas left
Sonnyhas joined
jubalhhas joined
intosihas joined
manchohas left
Flowhas joined
danielhas left
danielhas joined
Guushas left
Guushas joined
jubalhhas left
Guushas left
Guushas joined
bearhas joined
pep.has left
Flowhas left
intosihas left
liebrehas joined
liebrehas left
Valerianhas left
intosihas joined
Alexhas left
lonerzhas joined
archas left
archas joined
Alexhas joined
Flowhas joined
Flowhas left
dwdhas left
Ge0rGhas left
lonerzhas left
Alexhas left
Ge0rGhas left
Alexhas joined
jubalhhas joined
jubalhhas left
intosihas left
jubalhhas joined
Guushas left
Guushas joined
waqashas left
waqashas joined
SamWhitedhas left
intosihas joined
SamWhitedhas left
SamWhitedhas joined
SamWhitedhas left
SamWhitedhas joined
Tobias
i don't get the value of default ports if you have a requirement for SRV lookup anyway
pep.has left
jubalhhas joined
intosihas left
Flowhas joined
MattJ
I don't get the value of ports if you tunnel everything over 443
intosihas joined
Tobias
I don't get the value of firewalls, if you move all applications to a single port
manchohas left
Tobias
MattJ, was more refering to standards ML discussion about new direct TLS only ports for C2S and S2S xmpp
SamWhitedhas left
SamWhitedhas joined
goffihas left
blipphas left
blipphas joined
moparisthebesthas joined
intosihas left
Ge0rG
the bike shedding debate about whether real tls is more securer than start tls?
Ge0rG
we all know that startssl is insecure since it was bought by China
intosihas joined
Flowhas joined
moparisthebest
Tobias: yea I don't think default ports are useful there either