-
jonasw
will there be anything interesting going on XSF-wise on the Chemitzer Linux Tage?
-
Ge0rG
Oh, it's that time again. I don't think there are any plans, but I'm going there
-
jonasw
I’ll be there too, I think. Not sure which day(s) yet, gotta check the schedule of the event and my own :)
-
Flow
Any BOSH experts in here who can/want comment on https://github.com/igniterealtime/jbosh/pull/4 ?
-
Zash
jonasw: What where when?
-
Flow
zash: CLT in Karl-Marx-Stadt, err, chemnitz: https://chemnitzer.linux-tage.de/2017/de
-
Flow
Ge0rG, daniel and I where there last year
-
mathieui
§W 5
-
MattJ
Flow, the logic failure is that the client doesn't need to wait for an acknowledgement before it can send more requests (putting aside the normal BOSH rules about multiple open requests)
-
dwd
Flow, What PR#4 is saying doesn't immediately seem wrong - that one could use HTTP responses as acks - but the code doesn't appear to do this, and also what MattJ says.
-
Flow
Thanks MattJ, dwd. I think OPs main problem is using BOSH with only one (processing) thread. That will always cause a delay in one of the directions (if I'm not mistaken).
-
Zash
Blocking HTTP requests?
-
daniel
Guus: re that openfire connection issue. Is there a chance that the the upgrade somehow caused sasl mechanisms to vanish
-
daniel
Let's say sha1 disappearing for example
-
Zash
http://download.igniterealtime.org/openfire/docs/latest/changelog.html
-
Flow
Zash: blocking http requests?
-
Zash
daniel: some SCRAM changes there, maybe
-
Zash
Flow: Send HTTP request, wait for response before continuing with processing, have a bad time.
-
Flow
well that's what I think is happening in case only one thread is used with jbosh
-
Zash
Oh it's a client side library?
-
Zash
The coffee, it does nothing :|
-
Zash
Hey, Guus or dwd, does Openfire still do DIGEST-MD5?
-
Zash
Given the recent rush to hate on SHA-1, I'm impressed that nobody cares that DIGEST-MD5 is still around.
-
daniel
Zash: well the 24 hours news cycle and the general alarmism applies to it security news as well
-
Holger
My university's server offers only PLAIN so I'm on the safe side.
-
Link Mauve
<3
-
Flow
PSA: Google announces today the accepted GSOC orgs
-
Flow
In 2 h 45 minutes
-
dwd
Zash, DIGEST-MD5's security state hasn't really changed; the biggest weakness remains that you can churn through a lot of MD5's each second, and DIGEST-MD5 only uses three per cycle.
-
dwd
Zash, The fact it uses MD5 is *almost* irrelevant.
-
jonasw
isn’t it with DIGEST-MD5 that, like with PLAIN, it is enough to listen in on the connection to be able to authenticate as that user later?
-
jonasw
(I haven’t looked into it; it has been deprecated so I didn’t bother implementing it)
- Zash glares at daniel
-
Tobias
not to forget the interop issues with digest-md5
-
Zash
dwd: I'm sure we'll receive bug reports about SCRAM-SHA-1 being terrible because SHA-1 is broken soon.
-
dwd
Tobias, Oh, there are lots of problems. But using MD5 isn't really one of them.
-
dwd
jonasw, No, it's not subject to replay.
-
Tobias
dwd, reply with "Patches welcome!" :)
-
Zash
What about active MITM?
-
dwd
Zash, No channel binding, so yeah, an active MITM can work.
-
dwd
Zash, But couldn't replay, still.
-
Zash
dwd: I remember there being issues with SCRAM if you could get a client to try to auth with you.
-
dwd
Zash, Only in as much as you can potentially brute-force the SHA-1 and extract the plaintext equiv in a reasonable timeframe these days.
-
Flow
narf, google doesn't mention 17:00 UTC any more
-
daniel
Flow: the time line still says 1600Z
-
Flow
daniel: here → https://summerofcode.withgoogle.com/how-it-works/ ?
-
jonasw
How it works: 1. we freeze your browser because you’re not using chromium (jk)
-
daniel
Flow, https://developers.google.com/open-source/gsoc/timeline
-
Link Mauve
jonasw, loaded quite fast here on Firefox nightly.
-
jonasw
Link Mauve: it behaves oddly when XHR is forbidden :)
-
jonasw
(it blocks instead of reacting on the error O_o)
-
Link Mauve
Weird.
-
jonasw
yes.
-
Kev
https://summerofcode.withgoogle.com/organizations/6327289865306112/
-
intosi
\o/
-
dwd
\o/
-
daniel
Awesome
-
dwd
Tobias, Want to tweet something from @xmpp?
-
dwd
(Assuming Tobias is an Approved Tweeter)
-
Kev
I believe he is, yes. I need to get those credentials from Bear at some point.
-
Tobias
sure
-
Tobias
although i don't have any cerdentials
-
intosi
We won't hold it against you.
-
arc
Kev: did you get the email yet?
-
Kev
arc: Nope.
-
Kev
I just went straight to the source :)
-
arc
and?
-
Kev
Kev 17:01 https://summerofcode.withgoogle.com/organizations/6327289865306112/
-
arc
nice
-
arc
copyleft games is in too
-
arc
i'll cross-link xsf on our ideas page for related organizations
-
dwd
I got the email, came here, and Kev had already posted.
-
arc
Kev: you should link xmpp related orgs on the ideas page. it helps steer students in the right direction while they're looking ;-)
-
kaboom
are there any restrictions which project/persons can become a gsoc mentor for xsf?
-
Kev
arc: If there's stuff you think I should do, can yo umail please?
-
Kev
I'm in the office until Wed night, so my mind is highly lossy at the moment.
-
Kev
And now to dinner...
-
Ge0rG
Wow, the white house forbids staff to use Signal. http://www.politico.com/story/2017/02/sean-spicer-targets-own-staff-in-leak-crackdown-235413
-
moparisthebest
Ge0rG, as usual the media gets it wrong, the headline anyway, isn't it they were forbidden from leaking private info, meh
-
moparisthebest
that's how I read it anyhow, either way no mention of xmpp/conversations/omemo in there and I don't know whether to be happy or sad about it lol
-
mimi89999
I heart "fake news" more often in the last several months/year than during my entire life until the election crisis.
-
mathieui
because "fake news" were just called "lies" before then
-
Link Mauve
Or conspiracy theories.✎ -
Link Mauve
Or “conspiracy theories”. ✏