will there be anything interesting going on XSF-wise on the Chemitzer Linux Tage?
Guushas left
jonaswhas left
Zashhas left
Valerianhas joined
Guushas left
Tobiashas joined
xnyhpshas left
efrithas joined
xnyhpshas left
goffihas joined
waqashas left
brahas left
Valerianhas left
xnyhpshas left
xnyhpshas left
Guushas left
efrithas joined
nicolas.veritehas joined
suzyohas joined
uchas left
uchas joined
Guushas left
Guushas joined
vurpohas left
vurpohas joined
moparisthebesthas left
moparisthebesthas joined
Ge0rG
Oh, it's that time again. I don't think there are any plans, but I'm going there
Tobiashas joined
jonasw
I’ll be there too, I think. Not sure which day(s) yet, gotta check the schedule of the event and my own :)
vurpohas left
vurpohas joined
suzyohas left
tobiashas joined
jubalhhas joined
blipphas left
blipphas joined
dwdhas joined
Guushas left
Guushas joined
SouLhas joined
SouLhas joined
Steve Killehas left
Steve Killehas left
Steve Killehas joined
uchas left
uchas joined
jubalhhas left
mhterreshas joined
intosihas joined
Valerianhas joined
suzyohas joined
Kevhas joined
mhterreshas left
mhterreshas joined
jcbrandhas joined
winfriedhas left
suzyohas left
Yagizahas joined
Flowhas joined
Valerianhas left
Valerianhas joined
Martinhas joined
vurpohas left
vurpohas joined
blipphas left
Alexhas joined
danielhas left
danielhas joined
jubalhhas joined
uchas joined
uchas joined
uchas left
uchas joined
uchas left
uchas joined
Alexhas left
uchas joined
uchas joined
winfriedhas left
Yagizahas joined
Guushas left
Guushas joined
jubalhhas joined
Zashhas joined
Flow
Any BOSH experts in here who can/want comment on https://github.com/igniterealtime/jbosh/pull/4 ?
Zash
jonasw: What where when?
Flow
zash: CLT in Karl-Marx-Stadt, err, chemnitz: https://chemnitzer.linux-tage.de/2017/de
Flow
Ge0rG, daniel and I where there last year
mathieui
§W 5
Manchohas left
MattJ
Flow, the logic failure is that the client doesn't need to wait for an acknowledgement before it can send more requests (putting aside the normal BOSH rules about multiple open requests)
dwd
Flow, What PR#4 is saying doesn't immediately seem wrong - that one could use HTTP responses as acks - but the code doesn't appear to do this, and also what MattJ says.
jerehas joined
Yagizahas left
Flow
Thanks MattJ, dwd. I think OPs main problem is using BOSH with only one (processing) thread. That will always cause a delay in one of the directions (if I'm not mistaken).
jerehas left
jerehas joined
Guushas left
Guushas joined
SouLhas joined
vurpohas left
vurpohas joined
Zash
Blocking HTTP requests?
Valerianhas left
uchas left
tobiashas left
uchas left
uchas joined
Valerianhas joined
Zashhas left
Manchohas left
Zashhas joined
sonnyhas left
vurpohas left
vurpohas joined
uchas left
uchas joined
uchas left
uchas joined
suzyohas joined
uchas left
uchas joined
Alexhas joined
uchas left
uchas joined
vurpohas left
uchas left
uchas joined
uchas left
uchas joined
daniel
Guus: re that openfire connection issue. Is there a chance that the the upgrade somehow caused sasl mechanisms to vanish
Flow: Send HTTP request, wait for response before continuing with processing, have a bad time.
Flow
well that's what I think is happening in case only one thread is used with jbosh
Zash
Oh it's a client side library?
Zash
The coffee, it does nothing :|
Zash
Hey, Guus or dwd, does Openfire still do DIGEST-MD5?
Zash
Given the recent rush to hate on SHA-1, I'm impressed that nobody cares that DIGEST-MD5 is still around.
sonnyhas left
daniel
Zash: well the 24 hours news cycle and the general alarmism applies to it security news as well
Holger
My university's server offers only PLAIN so I'm on the safe side.
Link Mauve
<3
Flow
PSA: Google announces today the accepted GSOC orgs
vurpohas left
vurpohas joined
nyconycohas joined
Flow
In 2 h 45 minutes
dwd
Zash, DIGEST-MD5's security state hasn't really changed; the biggest weakness remains that you can churn through a lot of MD5's each second, and DIGEST-MD5 only uses three per cycle.
waqashas joined
dwd
Zash, The fact it uses MD5 is *almost* irrelevant.
jonasw
isn’t it with DIGEST-MD5 that, like with PLAIN, it is enough to listen in on the connection to be able to authenticate as that user later?
jonasw
(I haven’t looked into it; it has been deprecated so I didn’t bother implementing it)
Zashglares at daniel
Tobias
not to forget the interop issues with digest-md5
vurpohas left
vurpohas joined
Zash
dwd: I'm sure we'll receive bug reports about SCRAM-SHA-1 being terrible because SHA-1 is broken soon.
dwd
Tobias, Oh, there are lots of problems. But using MD5 isn't really one of them.
dwd
jonasw, No, it's not subject to replay.
Tobias
dwd, reply with "Patches welcome!" :)
Zash
What about active MITM?
dwd
Zash, No channel binding, so yeah, an active MITM can work.
dwd
Zash, But couldn't replay, still.
uchas left
uchas joined
Zash
dwd: I remember there being issues with SCRAM if you could get a client to try to auth with you.
dwd
Zash, Only in as much as you can potentially brute-force the SHA-1 and extract the plaintext equiv in a reasonable timeframe these days.
vurpohas left
vurpohas joined
nicolas.veritehas left
kalkinhas joined
suzyohas left
jonaswhas left
Valerianhas left
Valerianhas joined
kaboomhas joined
suzyohas joined
Alexhas left
uchas left
Guushas left
uchas joined
Guushas joined
uchas left
uchas joined
winfriedhas joined
uchas left
tobiashas left
kaboomhas left
kaboomhas joined
SouLhas left
SouLhas left
sonnyhas joined
suzyohas left
uchas joined
kaboomhas left
suzyohas joined
nicolas.veritehas joined
vurpohas left
vurpohas joined
nicolas.veritehas left
Alexhas joined
Yagizahas joined
vurpohas left
vurpohas joined
xnyhpshas left
vurpohas left
vurpohas joined
SouLhas joined
xnyhpshas left
SouLhas left
SouLhas joined
kaboomhas joined
vurpohas left
vurpohas joined
winfriedhas left
sezuanhas left
sonnyhas joined
Zashhas left
Zashhas joined
nycohas left
sonnyhas left
Valerianhas left
Flow
narf, google doesn't mention 17:00 UTC any more
vurpohas left
vurpohas joined
danielhas left
sonnyhas joined
danielhas joined
jerehas joined
daniel
Flow: the time line still says 1600Z
Flow
daniel: here → https://summerofcode.withgoogle.com/how-it-works/ ?
xnyhpshas left
jonasw
How it works: 1. we freeze your browser because you’re not using chromium (jk)