https://pidgin.im/pipermail/announce/2018-March/000020.html
The libpurple changes have some RCE galore
> Properlly shell escape URI's when opening them.
I think this is actually working now - remaining errors are because I've not got TLS enabled.
SaltyBoneshas joined
jonasw
lovely, replace all autotools with cmake <3
Neustradamushas left
lovetoxhas left
Neustradamushas joined
Holgerhas left
SaltyBoneshas left
Guushas left
Kevhas left
ralphmhas joined
jerehas joined
jerehas joined
rtq3has left
rtq3has joined
Guushas left
SaltyBoneshas left
mimi89999has left
Guushas left
Holgerhas left
la|r|mahas left
rtq3has left
rtq3has joined
Guushas left
marchas left
blablahas joined
blablahas joined
valohas left
SaltyBoneshas left
rtq3has left
rtq3has joined
rtq3has left
rtq3has joined
Dave Cridlandhas left
marmistrzhas joined
Guushas left
Guushas left
ralphmhas joined
jerehas left
valohas joined
Guushas left
Guushas left
marmistrzhas left
Dave Cridlandhas left
ralphmhas left
Ge0rG
Zash [12:26]:
> Only one CVE from 2017, is that good or bad?
I think this is because libpurple lost popularity, not because it lost all its bugs.
j.rhas joined
j.rhas joined
ralphmhas joined
jonasw
hah
jerehas joined
waqashas joined
ralphmhas left
ralphmhas joined
SamWhitedhas joined
Alexhas joined
Fabianhas joined
la|r|mahas joined
SaltyBoneshas left
nycohas left
rtq3has left
Guushas left
Dave Cridland
-ping cridland.im
Bunneh
Dave Cridland: Pong from cridland.im in 10.289 seconds
Dave Cridland
Ah, sweet smell of success.
jubalhhas joined
jubalhhas left
Alexhas left
Guushas left
Guushas left
Dave Cridland
jonasw, Metre and all its dependencies build with cmake, now, except for OpenSSL because that has the most terrifying build system ever.
jubalhhas joined
jubalhhas left
jonasw
lovely
jonasw
are you handing that to upstream?
j.rhas left
j.rhas joined
Dave Cridland
jonasw, For libunbound? Doubtful, it's nothing like done yet. Just enough to build on Linux for now. I'm gradually working on Windows.
Dave Cridland
jonasw, But git@github.com:dwd/unbound has it, anyway. "Patches welcome" - especially for the Windows support, actually.
jonasw
hm ok
Dave Cridland
jonasw, Don't get me wrong - *eventually* I'd like to get it into upstream. But it's a long way to go yet - unbound's flexibility with autoconf is pretty high - although it does things like check for fork(), but fails dead at runtime if it doesn't have it.
jonasw
:/
Guushas left
Neustradamus
Good news Dave Cridland
Dave Cridland
jonasw, Oh, and that's not mentioning that unbound works with a wide variety of OpenSSL versions, *and* libsodium, *and* ...
SaltyBoneshas left
jubalhhas joined
Dave Cridlandhas left
jonasw
Dave Cridland: sounds like a huge load of fun -- and good work
Alexhas joined
danielhas left
Dave Cridlandhas left
lumihas left
Ge0rGhas joined
matlaghas left
matlaghas joined
Guushas left
jubalhhas left
danielhas left
jubalhhas left
tuxhas left
tuxhas joined
Alexhas left
Ge0rGhas joined
ralphmhas joined
Ge0rGhas left
jubalhhas joined
Dave Cridlandhas left
Dave Cridlandhas left
Guushas left
SaltyBoneshas left
xnyhpshas joined
suzyohas joined
Dave Cridland
-ping dave.cridland.net
Bunneh
Dave Cridland: Pong from dave.cridland.net in 1.559 seconds
Dave Cridland
-ping dave.cridland.net
Bunneh
Dave Cridland: Pong from dave.cridland.net in 0.073 seconds
Dave Cridland
Better.
jonasw
:)
jonasw
even more fun for doing that on a live service, right?
Guushas left
Guushas left
Dave Cridland
jonasw, Yeah. cridland.im is a domain I use for running arbitrary servers on for testing. But since the very basic tests worked on Metre, I deployed it on prod a little optimistically...
Dave Cridland
jonasw, I wasn't expecting unbound to completely fail. :-)
moparisthebesthas joined
jonasw
:D
Dave Cridland
Weird, though, that so many of my contacts are still using a StartSSL certificate.
Dave Cridland
(Metre rejects all of them since the CRLDP is down now)
jonasw
crldp?
Neustradamus
Little question: A friend request me news about XEP Diff tool, any news about it?
jonasw
Neustradamus: no
Neustradamus
:/
Dave Cridland
jonasw, Certificate Revocation List Distribution Point. And amazingly, some of StartSSL's still seem to be up.
jonasw
we either need an external service or a way to build the xeps incrementally
Hey, Facebook Messenger also used XMPP once... But when users are the product, you don't want anyone to access "your" users without paying your toll.
moparisthebest
That's basically what it boils down to
Ge0rG
moparisthebest: on slack you actually pay for using it, and it's very expensive
Ge0rG
moparisthebest: maybe the issue was that you could create remote backups easily by parking a client in there, to circumvent the free account limit
Guushas left
boothj5has left
jjrhhas left
ralphmhas joined
fippohas left
waqas
Ge0rG: The "very expensive" part doesn't apply to actual companies. Slack is one of the cheaper services.
fippohas joined
blablahas left
Ge0rG
waqas: all the companies that I've seen using slack were on the free tier because it was too expensive
Ge0rG
waqas: it's something like one third of an Office 365 subscription, and it only has chat
Guushas left
Guushas left
waqas
Here's from my company's slack account's billing page that I pay for: "Your workspace is on the Standard plan, paying Monthly. Your plan will renew on April 9, 2018 for $174.20. $160 for 20 users $14.20 sales tax"
rtq3has left
waqas
And I think the average spend for a tech company is ~$10k/month/employee around these parts.
waqas
I simply can't see the slack bill as being expensive. See what I mean?
Dave Cridlandhas left
Dave Cridlandhas left
dwdhas left
waqas
We probably subscribe to 10-20 services in that category (slack, github, jira, etc), and all that combined comes out to probably >1% of total company spend.
j.rhas joined
Guushas left
jjrhhas left
Guushas left
jjrhhas left
rtq3has joined
Guushas left
waqas
So I can absolutely understand that there are companies out there who'd consider Slack's expense burdensome, but most companies in the US tech sector probably would not.
dwdhas left
tuxhas joined
jjrhhas left
Guushas left
Guushas left
Alex
agree with waqas
ralphmhas joined
moparisthebesthas joined
Dave Cridland
Same. There's ways to compete with Slack, but cost isn't it.
efrithas joined
jubalhhas left
Alex
Ge0rG: we have all the XEPs to compete. but we do not have any good modern client ;-)
Alex
Desktop clients I refer to
waqas
That's what it really boils down to. Almost nobody cares about the underlying protocol. People like slack because of the client.
waqas
And there's an opportunity there: the memory usage and sluggishness of their client is almost universally complained about
Dave Cridland
waqas, Right. And they moan about all sorts in the client, too - but the overall expeience is really positive.
waqas
Yep
waqas
Which is why despite being a Prosody author it's hard for me to push XMPP, as there's no client that can compete in Slack's niche
Dave Cridland
I think a tough problem we have to deal with is the integrations, though. The general "hook" concept for services heavily assumes a single service to hook into, not a federation.
Dave Cridland
-ping cridland.im
Alex
lets take a JS lib, electron and start one ;-)
Bunneh
Dave Cridland: Pong from cridland.im in 14.527 seconds
Dave Cridland
Wow. Still works.
waqas
-ping cridland.im
Bunneh
waqas: Pong from cridland.im in 0.096 seconds
Dave Cridland
Also, https://github.com/surevine/web-chat
Dave Cridland
I mean, it's a start.
jubalhhas joined
Alex
Dave Cridland: is there a hosted version available somewhere? d you have some screenshots?
waqas
I was going to ask about screenshots too
waqas
Slack's integrations aren't that difficult. Writing a bridge that let's an XMPP server expose Slack's webhook/API system isn't that hard, followed by evangelism to popular integration authors for support for custom API end-points.
Dave Cridland
Jonny, who wrote it, said that "in the absence of budget available for this project to perform detailed user interviews, we elected to take design cues from a well-known IM service".
Dave Cridland
In other words, he copied Slack, mostly.
waqas
That's compelling :)
Alex
thats a great start dave ;-)
Dave Cridland
But it's React+Redux+stanza.io, so it's a good base whatever.
Dave Cridland
But it *only* does MUC, for now (well, and FDP and a weird snippets thing I really need to document).
rtq3has left
Fabianhas left
rtq3has joined
jjrhhas left
tuxhas joined
jjrhhas left
dwdhas left
dwdhas joined
dwdhas left
dwdhas joined
Dave Cridlandhas left
Guushas left
rtq3has left
rtq3has joined
Guushas left
jjrhhas left
Alex
looks like a reference is missing:
./~/react-toastify/lib/ToastContainer.js
Module not found: Can't resolve 'glamor' in 'C:\Users\Alex\Downloads\web-chat-master\node_modules\react-toastify\lib'
Alex
after npm install glamor it starts up
Dave Cridland
Oh. That's odd. I'll see if I can get it running locally, but I believe it works.
Alex
after installing this module it seems to work
Alex
have to figure out where to set the server
Dave Cridland
config.js
Alex
I assume this modile is missing in package.json
ralphmhas joined
waqas
Alex: Screenshots and review please, when you can ;)