-
Ge0rG
Yay! I am not alone! https://gist.github.com/ValdikSS/30f866602413c036e4e6924c1895b838
-
goffi
Ge0rG: you are not alone willing to improve clients, but you should understand that we (clients developers) have limited time and resources.
-
mathieui
I think Ge0rG understands that just as much as other client developers
-
Ge0rG
mathieui: or even more so.
-
Ge0rG
The last yaxim release has been two years ago.
-
Ge0rG
But I have good news to announce. I found a critical vulnerability in yaxim that requires an immediate release!
-
Zash
Nothing like a security issue to speed up the release schedule :D
- mathieui slowly fades out in the background
-
Ge0rG
does anyone know if xabber is still considered as maintained?
-
Flow
Ge0rG: yes, gregory is very active
-
Flow
he's contributing to smack as well as commiting to xabber
-
Ge0rG
Flow: do you happen to have his jid?
-
Flow
No, I'd contact him via mail
-
Flow
btw, the development seems to happen in the 'develop' branch and not in 'master': https://github.com/redsolution/xabber-android/tree/develop
-
Flow
Which is a pitty as it makes the project appear inactive while it isn't
-
Flow
uh, grigory that is
-
Ge0rG
O tempora, o mores! Some mediated MUC invitations contain <x xmlns="jabber:x:conference"/>, despite not being required, others don't.
-
Ge0rG
is that a groupchat 1.0 invitation?
-
Zash
Yes, and also direct MUC invitation.
-
Ge0rG
which have a different schema.
-
Ge0rG
the MUC code I inherited first checks for presence of <x xmlns="jabber:x:conference"/>, then parses <x xmlns="http://jabber.org/protocol/muc#user"><invite /></x>
-
Ge0rG
which is bound to fail on non-groupchat1-servers and for direct invitations
-
Zash
fippo, do you have a socket library with MSG_PEEK support?
-
Tobias
Zash, it's supported by BSDs and Linux, end even abstraction libs like libuv
-
Zash
High level socket library*
-
Zash
LuaSocket doesn't afaik
-
Tobias
libuv is pretty high level
-
fippo
zash: proper C and good old select() :-)
-
fippo
zash: it doesn't have to be peek. if you can get your first batch of tcp data and then decide whether to put it into openssl or your xml parser that is sufficient. i found peek very convenient for the way i dealt with openssl (not using bios... a decade later i know how to do that too :-))
-
moparisthebest
and that's a nifty feature, but I just let sslh handle all that for me
-
moparisthebest
because I don't want an xmpp server doing xml and TLS on 443, I want https, imaps, smtps, xmpps, ircs etc etc etc all on 443
-
Holger
sslh is nice indeed, except that it currently only supports select() or fork().
-
Holger
It should just use libev or something ...
-
moparisthebest
he's very receptive to patches Holger, wink wink :)
-
moparisthebest
haproxy supposedly supports doing the same stuff and I think it uses libev and zero-copy stuff etc
-
moparisthebest
I haven't tried it though
-
Zash
libev, libuv, libevent hrrrrr
-
Holger
moparisthebest: :-) Yes I was going to add libev support next time I'm bored.
-
Tobias
Zash, yeah...all the same stuff that requires to give up runtime control :/
-
Zash
I'll just write my own network lib, with hookers, and blackjack!
-
Holger
moparisthebest: Should be really simple.
-
Tobias
bite my shiny little network lib :P
-
moparisthebest
I'm hoping you get bored soon Holger , the sslh code is rather nice for C in my opinion, I'm not really a C developer
-
Zash
Why hasn't that moved into systemd yet?
-
Tobias
how can you judge the niceness of C code, when you're not really a C developer?
-
Tobias
Zash, too few CVE potential✎ -
Tobias
Zash, too small CVE potential ✏
-
moparisthebest
I mean, I write C code sometimes, but I'm primarily a Java developer
-
moparisthebest
and some C code makes me wince and other looks nice :)
-
Zash
Tobias: TLS support in the socket activation bits of the init system? Surely you can get a few CVEs out of that?
-
Tobias
Zash, but it seems they go for low hanging CVEs instead of complicated TLS/socket CVEs ...as soon as OpenSSL and systemd reach the same code quality level they could merge that in...running OpenSSL code in PID 1, a dream come true
-
intosi
moparisthebest: isn't that true in any language?
-
moparisthebest
intosi, yes of course, I was only commenting that in my opinion the sslh code looked like nice C code
-
intosi
Bad coders will create awful code, no matter how nice the language. C doesn't only hand you the gun, it detaults to pointing it at your feet, making bad coding that much more obvious, but bad devs will go at lenghts to point guns towards feet.
-
Ge0rG
intosi: C is rather easy to use correctly when compared to C++
-
Zash
pointer to pointer to array of pointer to structs full of pointers to pointers hurts my head tho
-
Holger
Actually it's one of the few languages that feels like it more or less completely fits into my brain.
-
Holger
Unlike these C++/Scala/whatever monsters.
-
Zash
Sure, yeah. C and Lua <3
-
Zash
C with moderate use of pointer indirection :)
-
Holger
Yes C and Lua, and Erlang falls into that category as well :-) Most others don't.
-
Ge0rG
Zash: arrays in C are a lie!
-
kalkin
You guys should try forth. Its so easy to implement it itself in asm.
-
Zash
Ge0rG: No, all memory is a giant array.
-
kalkin
It's minimal and your software ends up written in a DSL like language which makes fits your software
-
kalkin
S/makes//
-
Zash
So many languages. So few ideas about what to do with them.
-
Ge0rG
kalkin: I've written a robot control application in Z80 Forth some 20 years ago. Most find some time to blog it
-
Ge0rG
*must
-
MattJ
http://angg.twu.net/miniforth-article.html
-
kalkin
https://github.com/nornagon/jonesforth/blob/master/jonesforth.S
-
kalkin
Ge0rG: π
-
Ge0rG
Zash: each memory, but not all memory! π
-
Ge0rG
God, I'm old.
- Zash throws a handfull of tiny magnetic rings at Ge0rG
-
intosi
Wait, I need to fix things on my SPARC, glad Openboot has forth built in ;)
-
Ge0rG
Zash: damn it, you just made me realize that /me notifications in yaxim are broken.
-
Zash
Ge0rG: You are welcome
-
Ge0rG
Zash: thanks! βΊοΈ
-
Zash
Ge0rG: Speaking of which, is Yaxim still built with Smack versions from before SCRAM was implemented?
-
dwd
Both major C++ projects I've done recently went sailing through COverity et al without anything major being found. OTOH, their C dependencies were pretty scary.
-
Ge0rG
Zash: smack 3.something
-
Tobias
i don't get the value of default ports if you have a requirement for SRV lookup anyway
-
MattJ
I don't get the value of ports if you tunnel everything over 443
-
Tobias
I don't get the value of firewalls, if you move all applications to a single port
-
Tobias
MattJ, was more refering to standards ML discussion about new direct TLS only ports for C2S and S2S xmpp
-
Ge0rG
the bike shedding debate about whether real tls is more securer than start tls?
-
Ge0rG
we all know that startssl is insecure since it was bought by China
-
moparisthebest
Tobias: yea I don't think default ports are useful there either
-
Ge0rG
just default to 443!
-
moparisthebest
There you go Ge0rG ! :-) you are getting it now