moparisthebestHa this is the same argument as the one against e2e earlier https://www.quakenet.org/articles/99-trust-is-not-transitive-or-why-irc-over-ssl-is-pointless
Neustradamushas joined
efrithas left
zinidhas left
zinidhas joined
efrithas joined
lskdjfhas joined
danielhas left
danielhas joined
la|r|mahas joined
danielhas left
danielhas joined
efrithas left
efrithas joined
Neustradamushas left
Neustradamushas joined
Neustradamushas left
Neustradamushas joined
la|r|mahas joined
lskdjfhas joined
Guushas left
la|r|mahas left
la|r|mahas joined
Guushas left
Guushas left
tim@boese-ban.dehas joined
Valerianhas left
la|r|mahas joined
danielhas left
nycohas left
Wiktorhas left
Wiktorhas joined
danielhas joined
lskdjfhas joined
Valerianhas joined
jerehas joined
efrithas left
Valerianhas left
uchas joined
zinidmoparisthebest: seems like the dude only concerned about mitm?
SamWhitedhas left
goffihas joined
andrey.ghas joined
ralphmhas left
Guushas left
Guushas left
stefandxmhas left
winfriedhas joined
uchas joined
jubalhhas joined
Yagizahas joined
uchas joined
zinidhas left
Guushas left
ralphmhas left
bearhas left
Flowhas joined
bearhas joined
jubalhhas joined
intosihas left
intosihas joined
Flowhas left
Guushas left
ralphmhas left
uchas joined
mimi89999has joined
ralphmhas left
bearhas left
bearhas joined
ralphmhas left
sonnyhas left
sonnyhas joined
zinidhas left
sonnyhas left
sonnyhas joined
ralphmhas joined
sonnyhas joined
sonnyhas joined
sonnyhas joined
sonnyhas joined
sonnyhas joined
sonnyhas joined
andrey.ghas left
sonnyhas joined
sonnyhas joined
sonnyhas left
sonnyhas joined
sonnyhas joined
sonnyhas joined
blablahas joined
sonnyhas joined
sonnyhas joined
vanitasvitaeHi! Awesome to see that JET is now experimental :D I noticed some formatting issues in the pdf though. The table under §5 is crippled. Since this is likely to occure elsewhere as well, I thought I'd bring that to your attention :)
Ge0rGvanitasvitae: the best approach is probably to open an issue on the xeps repo. Or even to provide a patch ;)
blablahas left
vanitasvitaeGuus told me, that SamWhited and jonasw are doing some work on this, so let me ping you :)
vanitasvitaeI'm not familiar with the pdf build process, so I think I'll just open an issue (if there is none yet)
sonnyhas joined
sonnyhas left
sonnyhas joined
GuusI don't think they're still actively working on it - but things did change recently.
sonnyhas left
sonnyhas joined
sonnyhas joined
sonnyhas joined
sonnyhas joined
sonnyhas joined
vanitasvitaeI opened https://github.com/xsf/xeps/issues/521
sonnyhas left
sonnyhas joined
sonnyhas left
sonnyhas joined
sonnyhas left
sonnyhas joined
sonnyhas left
sonnyhas joined
sonnyhas left
sonnyhas joined
sonnyhas left
sonnyhas joined
jonaswnobody is familiar with the pdf build process :D
jonaswyeah, I doubt we can do anything about that
jonasw(looking at the issue)
jonaswit’s simply too wide for the PDF output
ralphmhas left
vanitasvitaeyeah, I guess you're right
jonaswideally editors would proofread the PDF output and ensure that it is nice, but ...
jonaswI’m actually more inclined to terminate PDF output altogether than doing that ;-)
vanitasvitaeIn that case there is not much to do I guess :D
vanitasvitaeBut pdfs are so nice... :D
jonaswI prefer the HTML version, esp. since Sams recent CSS fixes
jonaswone of the few things I prefer to have in my browser over a separate application
Guusvanitasvitae: can you replace the namespace by a (shorter) reference to a namespace, somehow?
jonaswthat would probably do the trick, yes
vanitasvitaemaybe get rid of the "-"s as a first step?
vanitasvitaeand shorten "nopadding" to "nopad"?
Guushey, the logo on the PDF (first page), looks weird
Guusit's the old / broken logo, but also has black colors for the outside bits, instead of the blue?
vanitasvitaethats an issue with firefox I think
sonnyhas joined
jonaswweird
jonaswno
sonnyhas joined
Guusmight be, but I'm using Chrome :)
sonnyhas joined
jonaswit’s also in the original PDF of the logo
jonaswsuper weird
vanitasvitaethe logo is rendered differently in pdf viewers and browsers I think
vanitasvitaeat least I noticed that some time ago
jonaswcan’t easily fix that though, because the PDF includes the "XMPP" text for which I don’t have the font I think
jonaswno, it is definitely also in the source files, vanitasvitae
Guuswhat format is the source?
jonaswthis is extremely ugly https://sotecware.net/images/dont-puush-me/FHNZUlDByHqPUgjwj1Cq2EhPat6zvV5sfbTtJ__tlLI.png
jonaswPDF
Guusbah
jonaswI can try to mess with it to embed the new logo in that, should be doable
vanitasvitaePDF missing the main purpose of its existence :D
GuusI've got SVGs for the logo, but not the text
jonaswhow did you make xmpp.png then?
jonaswby hand?
Guusyeah, I erased the logo, copied in a newly generated one from SVG using the correct size
jonaswokay
Guusinterestingly, the page headers also have a (very small) logo, where the colors are correct.
jonaswyupp
jonaswthose are two different files
jonaswpatching them now
Guusthanks :)
GuusI'm somewhat surprised that the source components are PDFs themselves. Then again, I know nothing.
jonaswthat’s usual for LaTeX
jonaswyou can only have PDF as vector format without extra packages when building with {pdf,xe,lua}latex
jonaswbut I guess that’s what you get from opening PDFn with inkscape
Guusthose appear to be printing masters
Guusit's probably what the original authors of the PDF generation had available at the time
jonaswmaking a test build with patched PDFs
jonasw(now I in fact wonder if all built PDFs contain the whole printing master...)
jonasw(or if something is smart enough to crop that out)
jonasw(which I doubt, because it’s pdflatex we’re speaking about)
jonaswwell, xelatex
Guushow big is it? If it's just a fraction of the total size, I wouldn't bother improving it further
jonaswa few kiB
jonaswI was just wondering conceptually
jonaswbecause that’s essentially the XMPP Corporate Design ;-)
jonaswthereifixedit: https://sotecware.net/files/noindex/xep-0391.pdf cc @ Guus
ralphmhas left
nycohas left
Guusfun fact: the font used for the 'XMPP' text in our logo is also used in 2001: A Space Odyssey, for the interface of HAL. :)
Guusah, much better, thanks!
jonaswlet’s push that
Flowhas joined
jonaswnow I get the feeling that I did already quite a lot today! :-)
Guusand it's only 10 am :)
jonaswexactly!
Guuswanna pop over to jdev and see if you have feedback on my question there? :)
Guusoh, you already were there :)
Flowhas left
jonaswthere you go ;-)
Guustx :)
jubalhhas joined
Ge0rGIt's 10 AM and I feel like weekend already
jonaswGe0rG, good news: weekend for me already. wait. that’s only good news for me. sorry.
Guusyou just told us you were available.
Guusthat might've been a mistake :P
Flowhas joined
jonaswGuus, do you have power over the dockerhup by now? If so, does that include the xeps builds? That’d be good to know.
KevHe does, yes.
jonaswgreat. Just in case there are issues again, but I suspect now that we don’t source stuff from sourceforge anymore, it should be fine
Guus(what Kev said)
Flowhas joined
andrey.ghas joined
lumihas joined
Alexhas joined
waqashas left
jubalhhas joined
Flowhas left
Flowhas joined
ralphmhas left
vanitasvitaehas left
Ge0rGhas left
Wiktorhas joined
Yagizahas left
uchas joined
ralphmhas left
zinidhas left
Tobiashas joined
zinidhas left
Yagizahas joined
Holgerhas left
vanitasvitaehas left
vanitasvitaehas left
vanitasvitaehas joined
jerehas joined
Guushas left
Guushas left
iiro.laihohas joined
andrey.ghas left
jubalhhas joined
andrey.ghas joined
intosihas left
jubalhhas left
jubalhhas joined
Guushas left
Guushas joined
lumihas joined
uchas joined
valohas joined
xnyhpshas left
zinidhas left
lskdjfhas joined
intosihas joined
xnyhpshas left
Tobiashas joined
lumihas joined
la|r|mahas joined
jubalhhas left
Kevhas left
Kevhas left
Kevhas left
Kevhas joined
Kevhas left
Guushas left
la|r|mahas joined
uchas joined
Zashhas left
ralphmhas left
mimi89999has joined
uchas joined
stefandxmhas joined
valohas joined
Zashhas left
mimi89999has joined
Yagizahas joined
Zashhas left
lumihas left
ralphmhas joined
mimi89999has joined
winfriedhas joined
stefandxmhas left
Guushas left
sonnyhas joined
uchas joined
Zashhas left
Zashhas left
sonnyhas joined
mimi89999has joined
jjrhhas left
jjrhhas left
winfriedhas joined
jubalhhas joined
Zashhas left
Yagizahas joined
ralphmhas left
uchas joined
jjrhhas left
Guushas left
jjrhhas left
jjrhhas left
jubalhhas left
Flowdwd: What was the motivation for renaming the 'mechanism' to 'task' in SASL2?
winfriedhas joined
KevIIRC because it can do things other than present SASL mechs. I could be wrong.
Flowk, thanks
dwdIt also can't do the things mechanisms do. Like change the authorization identifier. Plus they need one to start.
Flowcan <task> could also contain a SASL mech?
dwdDoubtful.
FlowWasn' t one idea that multiple mechs could be chained with SASL2?
Guusdid you use two different clients just now, dwd?
Guusyour nickname had different colors in Spark
dwdGuus, Conversations for both those (Gajim for this one). Probably Conversations was detached; it looks like it injected a delay stamp.
dwdFlow, So yes, the idea originally was that all these things are SASL mechs. But in practise, when developing, they're not. The first thing is a SASL mech, any subsequent ones are similar to mechanisms but distinct in that they're provided with an authzid, and cannot change it.
Flowauthzid was the thing which would allow you to impersonate another entity, right?
KevNot impersonate, but yes.
dwdFlow, No, the authzid is the (most important) output of the SASL process. In XMPP, it's your jid.
Flowahh, ok, then it's the authcid I was thinking about
KevIt's the thing that tells you what you are.
dwdFlow, Probably not.
Flowthen what's the authcid again?
Guusyou authentiCate with authcid, you are then authoriZed for using authzid
FlowAn authorization identity is an OPTIONAL identity included by the
initiating entity to specify an identity to act as
dwdFlow, The authentication identifier is the identifier used to identify you to the SASL mechanism. Typically you don't specify an authzid, and again typically in XMPP the authcid is just the local-part of the jid and the authzid is then figured out from that.
FlowThat does sound like authzid is what I said it is
dwdFlow, It is optional to supply, because it can be derived (normally).
jjrhhas left
dwdFlow, You do, always, end up with an authzid. Worth looking at TLS+EXTERNAL as an example - your authcid there is the certificate (or arguably the Subject of it). The authzid might be derived from it (usually from a SAN) or you might supply it.
dwdFlow, There's no "impersonation" going on, though that, too, in as option (known as "Proxy Authentication", because you're authenticating to be a proxy for another user)
FlowSo what exactly is the problem that following SASL mechs can't change the authzid? Usually you either never provide the authzid or you provide it, in which case all chained mechs should/must provide the same
dwdFlow, There's absolutely no power on earth that'll make me try to implement that. It's a nightmare.
waqashas joined
blablahas joined
FlowAnd what is the point in being able to optionally supply the authzid? Re-using the same credentials for different accounts?
FlowAnyway, I don't see a problem that subsequent mechs can not change the authzid
GuusI'm no expert, but, I thought it was primarily used when the username you authenticate with isn't an exact match with the account name that you're authenticate for.
dwdFlow, Sometimes to avoid confusion (like with TLS+EXTERNAL), sometimes for Proxy Auth. Also, if you've a username from, say, Active Directory that's not valid for XMPP, this be a way around that problem too.
FlowI think we mixing two aspects of authzid: The one is where a sasl mech can optionally provide it, the other one is that you only know your full JID after being authenticated
dwdFlow, Input and output, is all.
FlowFor chaining mechs, only the former can be possibly relevant, and I don't see why we can't simply say that all chained mechs must provide the same authzid, if they provide any at all
dwdFlow, Why do you want to?
FlowGuus: Yep, besides that your username can be completly different from the localpart of the JID you get
Flowdwd: Why do I want to chain SASL mechs? Well the idea sounded appealing to me back then. And I don't see why we gave up on it
dwdFlow, Because I tried implementing it and it was horrible.
danielhas left
dwdFlow, Whereas I *have* implemented the current spec, along with TOTP etc, and it all works well.
Flowdwd: Maybe, but what is different by having tasks now? SASL mechs are basically just a sequences of challenges and responses, surely tasks are very similar to that?
jjrhhas left
jjrhhas left
dwdFlow, Yes, the protocol interface is the same, but the internal server-side interface is pretty different.
Flowdwd: shouldn't ex4 in xep388 show a bare jid, or, when do I get a full JID at this stage?
Flowahh, we do bind2 there also
Flowuh and bind2 still has no support for a client provided part ☹
KevIs anyone ready to implement bind2? If so I'll try to find time to add that.
Flowand sasl2 can be used without bind2? A lot of possibilities ☺
Flow(but it's getting complicated)
Kevdwd: Did you do bind2 with sasl2, or not?
dwdKev, I've been toying with a bind2 embedded in sasl2 in my implementation just to see, but I've not tried it yet.
FlowKev: ex2 in xep388 hints at bind2
suzyohas joined
dwdFlow, Also ISR. But I've not quite finished 198 resumption yet, so...
dwdFlow, I think I said (read: I meant it to say) it was a hypoethetical extension, in ex2.
suzyohas left
danielhas joined
suzyohas joined
stefandxmhas joined
suzyohas left
suzyohas joined
suzyohas left
suzyohas joined
suzyohas left
suzyohas joined
suzyohas left
andrey.ghas left
sonnyhas joined
sonnyhas joined
zinidhas left
tuxhas joined
jjrhhas left
danielhas left
jerehas joined
uchas joined
jjrhhas left
ralphmhas left
Flowhas joined
moparisthebestha AOL is finally killing AIM
moparisthebestI... didn't know it was still alive
jjrhhas left
Guushas left
danielhas joined
jubalhhas joined
lumihas joined
uchas joined
danielhas left
uchas left
uchas joined
danielhas joined
blablahas joined
uchas joined
uchas joined
stefandxmhas left
jerehas left
jerehas joined
intosihas left
Valerianhas joined
Yagizahas left
Alexya, just read the news here:
https://aimemories.tumblr.com/
Alexhas left
SamWhitedThat's AIM, MSN Messenger, and Yahoo Messenger all gone… the 90's are finally over :'(
Alexhas joined
danielhas left
danielhas joined
moparisthebestwell we still have XML >:)
Guushas left
Alexhas left
SamWhitedOnly the worst part of the 90's are still around…
SamWhitedgoes to rewatch `The Fresh Prince of Bel-Air' to make himself feel better
dwdmoparisthebest, Where? We're now using a "React-like wire protocol", remember?
moparisthebestdwd, I haven't heard of that but it sounds terrifying
zinidhas left
mimi89999has joined
Zashhas left
danielhas left
lovetoxhas joined
nycohas left
Lancehas joined
ralphmhas left
jubalhhas joined
Lancehas left
Zashhas left
uchas joined
lumihas left
jubalhhas left
Tobiashas left
jubalhhas joined
dwdNo, no. It's great. It'll get us all the cool kids now. Better than json.
jubalhhas left
la|r|mahas joined
jubalhhas joined
lskdjfhas joined
GuusI heard you use this argument a few days ago
Guusso presumably, there now is a newer fashion.
blablahas joined
ralphmhas left
Zashhas left
efrithas joined
Valerianhas left
jubalhhas left
uchas joined
mimi89999has joined
stefandxmhas joined
Zashhas left
Zashhas joined
lskdjfhas joined
la|r|mahas joined
stefandxmhas left
Guushas left
Guushas left
Guushas joined
moparisthebest...
Valerianhas joined
moparisthebestlongtime guy in IRC channel mentions jabber, I say that's awesome when did you start using it
moparisthebesthe says just now to try to talk to some drug dealers from darkweb sites
moparisthebestso, that's nice haha
ziniddefinitely success
mimi89999has joined
la|r|mahas joined
lskdjfhas joined
andrey.ghas joined
tim@boese-ban.dehas left
andrey.ghas joined
ralphmhas joined
andrey.ghas joined
stefandxmhas joined
andrey.ghas joined
Alexhas left
jonaswhas left
andrey.ghas joined
la|r|mahas joined
stefandxmhas left
dwdmoparisthebest, Well, at least we have a dedicated niche market.
moparisthebestyea use is exploding in a certain market segment I guess
moparisthebestanyone want to sign up and ask about usability issues, UI problems etc
andrey.ghas joined
Guusyeah, lets fix those nasty spam control issues that they're experiencing for them
lskdjfhas joined
moparisthebestI can probably get the .onion site domain haha
moparisthebestsee here is a segment that probably values forward secrecy over long term archives right?
zinidhas left
dwdmoparisthebest, Depends if they have a sideline in blackmail, I guess.
moparisthebestguess the 'seller' is using jodo.im I'm guessing it has IBR enabled judging by the flash 9.0 required on the http page
XSF Discussion - 2017-10-06