Ge0rGhttps://pidgin.im/pipermail/announce/2018-March/000020.html
The libpurple changes have some RCE galore
> Properlly shell escape URI's when opening them.
Dave CridlandI think this is actually working now - remaining errors are because I've not got TLS enabled.
SaltyBoneshas joined
jonaswlovely, replace all autotools with cmake <3
Neustradamushas left
lovetoxhas left
Neustradamushas joined
Holgerhas left
SaltyBoneshas left
Guushas left
Kevhas left
ralphmhas joined
jerehas joined
jerehas joined
rtq3has left
rtq3has joined
Guushas left
SaltyBoneshas left
mimi89999has left
Guushas left
Holgerhas left
la|r|mahas left
rtq3has left
rtq3has joined
Guushas left
marchas left
blablahas joined
blablahas joined
valohas left
SaltyBoneshas left
rtq3has left
rtq3has joined
rtq3has left
rtq3has joined
Dave Cridlandhas left
marmistrzhas joined
Guushas left
Guushas left
ralphmhas joined
jerehas left
valohas joined
Guushas left
Guushas left
marmistrzhas left
Dave Cridlandhas left
ralphmhas left
Ge0rGZash [12:26]:
> Only one CVE from 2017, is that good or bad?
I think this is because libpurple lost popularity, not because it lost all its bugs.
j.rhas joined
j.rhas joined
ralphmhas joined
jonaswhah
jerehas joined
waqashas joined
ralphmhas left
ralphmhas joined
SamWhitedhas joined
Alexhas joined
Fabianhas joined
la|r|mahas joined
SaltyBoneshas left
nycohas left
rtq3has left
Guushas left
Dave Cridland-ping cridland.im
BunnehDave Cridland: Pong from cridland.im in 10.289 seconds
Dave CridlandAh, sweet smell of success.
jubalhhas joined
jubalhhas left
Alexhas left
Guushas left
Guushas left
Dave Cridlandjonasw, Metre and all its dependencies build with cmake, now, except for OpenSSL because that has the most terrifying build system ever.
jubalhhas joined
jubalhhas left
jonaswlovely
jonasware you handing that to upstream?
j.rhas left
j.rhas joined
Dave Cridlandjonasw, For libunbound? Doubtful, it's nothing like done yet. Just enough to build on Linux for now. I'm gradually working on Windows.
Dave Cridlandjonasw, But git@github.com:dwd/unbound has it, anyway. "Patches welcome" - especially for the Windows support, actually.
jonaswhm ok
Dave Cridlandjonasw, Don't get me wrong - *eventually* I'd like to get it into upstream. But it's a long way to go yet - unbound's flexibility with autoconf is pretty high - although it does things like check for fork(), but fails dead at runtime if it doesn't have it.
jonasw:/
Guushas left
NeustradamusGood news Dave Cridland
Dave Cridlandjonasw, Oh, and that's not mentioning that unbound works with a wide variety of OpenSSL versions, *and* libsodium, *and* ...
SaltyBoneshas left
jubalhhas joined
Dave Cridlandhas left
jonaswDave Cridland: sounds like a huge load of fun -- and good work
Alexhas joined
danielhas left
Dave Cridlandhas left
lumihas left
Ge0rGhas joined
matlaghas left
matlaghas joined
Guushas left
jubalhhas left
danielhas left
jubalhhas left
tuxhas left
tuxhas joined
Alexhas left
Ge0rGhas joined
ralphmhas joined
Ge0rGhas left
jubalhhas joined
Dave Cridlandhas left
Dave Cridlandhas left
Guushas left
SaltyBoneshas left
xnyhpshas joined
suzyohas joined
Dave Cridland-ping dave.cridland.net
BunnehDave Cridland: Pong from dave.cridland.net in 1.559 seconds
Dave Cridland-ping dave.cridland.net
BunnehDave Cridland: Pong from dave.cridland.net in 0.073 seconds
Dave CridlandBetter.
jonasw:)
jonasweven more fun for doing that on a live service, right?
Guushas left
Guushas left
Dave Cridlandjonasw, Yeah. cridland.im is a domain I use for running arbitrary servers on for testing. But since the very basic tests worked on Metre, I deployed it on prod a little optimistically...
Dave Cridlandjonasw, I wasn't expecting unbound to completely fail. :-)
moparisthebesthas joined
jonasw:D
Dave CridlandWeird, though, that so many of my contacts are still using a StartSSL certificate.
Dave Cridland(Metre rejects all of them since the CRLDP is down now)
jonaswcrldp?
NeustradamusLittle question: A friend request me news about XEP Diff tool, any news about it?
jonaswNeustradamus: no
Neustradamus:/
Dave Cridlandjonasw, Certificate Revocation List Distribution Point. And amazingly, some of StartSSL's still seem to be up.
jonaswwe either need an external service or a way to build the xeps incrementally
rtq3has joined
rtq3has left
rtq3has joined
dwdhas joined
matlaghas joined
matlaghas joined
Dave CridlandZash, Do you have a working TLS1.3 server around?
moparisthebestGotta get that sweet sweet vendor lock-in
jjrhhas left
Guushas left
fippohas left
efrithas left
vanitasvitaehas left
boothj5has joined
fippohas joined
Ge0rGIf only we had some alternative to offer.
moparisthebestMost accurate comment from there:
moparisthebestHey, Facebook Messenger also used XMPP once... But when users are the product, you don't want anyone to access "your" users without paying your toll.
moparisthebestThat's basically what it boils down to
Ge0rGmoparisthebest: on slack you actually pay for using it, and it's very expensive
Ge0rGmoparisthebest: maybe the issue was that you could create remote backups easily by parking a client in there, to circumvent the free account limit
Guushas left
boothj5has left
jjrhhas left
ralphmhas joined
fippohas left
waqasGe0rG: The "very expensive" part doesn't apply to actual companies. Slack is one of the cheaper services.
fippohas joined
blablahas left
Ge0rGwaqas: all the companies that I've seen using slack were on the free tier because it was too expensive
Ge0rGwaqas: it's something like one third of an Office 365 subscription, and it only has chat
Guushas left
Guushas left
waqasHere's from my company's slack account's billing page that I pay for: "Your workspace is on the Standard plan, paying Monthly. Your plan will renew on April 9, 2018 for $174.20. $160 for 20 users $14.20 sales tax"
rtq3has left
waqasAnd I think the average spend for a tech company is ~$10k/month/employee around these parts.
waqasI simply can't see the slack bill as being expensive. See what I mean?
Dave Cridlandhas left
Dave Cridlandhas left
dwdhas left
waqasWe probably subscribe to 10-20 services in that category (slack, github, jira, etc), and all that combined comes out to probably >1% of total company spend.
j.rhas joined
Guushas left
jjrhhas left
Guushas left
jjrhhas left
rtq3has joined
Guushas left
waqasSo I can absolutely understand that there are companies out there who'd consider Slack's expense burdensome, but most companies in the US tech sector probably would not.
dwdhas left
tuxhas joined
jjrhhas left
Guushas left
Guushas left
Alexagree with waqas
ralphmhas joined
moparisthebesthas joined
Dave CridlandSame. There's ways to compete with Slack, but cost isn't it.
efrithas joined
jubalhhas left
AlexGe0rG: we have all the XEPs to compete. but we do not have any good modern client ;-)
AlexDesktop clients I refer to
waqasThat's what it really boils down to. Almost nobody cares about the underlying protocol. People like slack because of the client.
waqasAnd there's an opportunity there: the memory usage and sluggishness of their client is almost universally complained about
Dave Cridlandwaqas, Right. And they moan about all sorts in the client, too - but the overall expeience is really positive.
waqasYep
waqasWhich is why despite being a Prosody author it's hard for me to push XMPP, as there's no client that can compete in Slack's niche
Dave CridlandI think a tough problem we have to deal with is the integrations, though. The general "hook" concept for services heavily assumes a single service to hook into, not a federation.
Dave Cridland-ping cridland.im
Alexlets take a JS lib, electron and start one ;-)
BunnehDave Cridland: Pong from cridland.im in 14.527 seconds
Dave CridlandWow. Still works.
waqas-ping cridland.im
Bunnehwaqas: Pong from cridland.im in 0.096 seconds
Dave CridlandAlso, https://github.com/surevine/web-chat
Dave CridlandI mean, it's a start.
jubalhhas joined
AlexDave Cridland: is there a hosted version available somewhere? d you have some screenshots?
waqasI was going to ask about screenshots too
waqasSlack's integrations aren't that difficult. Writing a bridge that let's an XMPP server expose Slack's webhook/API system isn't that hard, followed by evangelism to popular integration authors for support for custom API end-points.
Dave CridlandJonny, who wrote it, said that "in the absence of budget available for this project to perform detailed user interviews, we elected to take design cues from a well-known IM service".
Dave CridlandIn other words, he copied Slack, mostly.
waqasThat's compelling :)
Alexthats a great start dave ;-)
Dave CridlandBut it's React+Redux+stanza.io, so it's a good base whatever.
Dave CridlandBut it *only* does MUC, for now (well, and FDP and a weird snippets thing I really need to document).
rtq3has left
Fabianhas left
rtq3has joined
jjrhhas left
tuxhas joined
jjrhhas left
dwdhas left
dwdhas joined
dwdhas left
dwdhas joined
Dave Cridlandhas left
Guushas left
rtq3has left
rtq3has joined
Guushas left
jjrhhas left
Alexlooks like a reference is missing:
./~/react-toastify/lib/ToastContainer.js
Module not found: Can't resolve 'glamor' in 'C:\Users\Alex\Downloads\web-chat-master\node_modules\react-toastify\lib'
Alexafter npm install glamor it starts up
Dave CridlandOh. That's odd. I'll see if I can get it running locally, but I believe it works.
Alexafter installing this module it seems to work
Alexhave to figure out where to set the server
Dave Cridlandconfig.js
AlexI assume this modile is missing in package.json
ralphmhas joined
waqasAlex: Screenshots and review please, when you can ;)