XSF Discussion - 2018-03-23

00:02:12 Dave Cridland has left
00:08:37 waqas has joined
00:16:32 Holger has left
00:25:13 SamWhited has left
00:28:03 mrdoctorwho has left
00:30:14 Guus has left
00:36:45 jere has left
00:37:51 ralphm has left
00:41:14 ludo has joined
00:45:58 lskdjf has joined
00:47:13 la|r|ma has left
00:48:38 jere has joined
00:50:43 Syndace has left
00:50:44 Syndace has joined
00:52:14 Zash has left
01:11:24 waqas has left
01:12:14 Guus has left
01:13:47 ludo has left
01:15:43 ludo has joined
01:19:53 ralphm has left
01:21:43 ludo has left
01:26:17 jjrh has left
01:30:49 ludo has joined
01:31:59 ralphm has left
01:39:33 ralphm has left
01:43:26 daniel has left
01:46:22 ralphm has left
01:51:14 Guus has left
01:59:15 ludo has left
02:02:31 Zash has joined
02:05:14 moparisthebest has joined
02:06:02 ralphm has left
02:06:57 alexis has left
02:10:50 ludo has joined
02:11:02 moparisthebest has left
02:18:14 Guus has left
02:23:04 ralphm has left
02:30:20 lumi has joined
02:36:14 Guus has left
02:36:33 ralphm has left
02:42:34 ralphm has left
02:45:14 Guus has left
02:54:00 jere has joined
02:54:09 lskdjf has left
02:54:14 Guus has left
02:55:47 ludo has left
03:00:14 Guus has left
03:06:14 Guus has left
03:06:19 vanitasvitae has joined
03:06:19 vanitasvitae has joined
03:11:03 ludo has joined
03:14:02 alexis has left
03:16:21 alexis has left
03:17:37 rion has joined
03:21:14 Guus has left
03:33:14 Guus has left
03:34:06 ralphm has left
03:35:46 ludo has left
03:38:25 jere has joined
03:40:49 ludo has joined
03:41:08 rion has left
03:41:14 rion has joined
03:42:14 Guus has left
03:48:19 Yagiza has joined
03:52:22 rion has left
03:52:40 alexis has left
03:54:21 ludo has left
03:54:23 alexis has joined
03:54:23 alexis has joined
04:01:15 ludo has joined
04:05:21 jere has joined
04:06:01 efrit has left
04:07:19 ludo has left
04:07:57 rion has left
04:09:00 lskdjf has joined
04:12:14 Guus has left
04:12:43 ta has joined
04:14:40 efrit has joined
04:18:14 Guus has left
04:19:28 alexis has joined
04:21:00 waqas has joined
04:21:07 ludo has joined
04:21:48 ralphm has left
04:23:51 la|r|ma has joined
04:25:38 alexis has left
04:25:44 alexis has joined
04:27:07 ludo has left
04:35:27 SamWhited has left
04:44:08 rion has left
04:50:06 la|r|ma has joined
04:52:13 lskdjf has joined
04:57:30 alexis has left
04:57:35 alexis has joined
05:00:57 ludo has joined
05:04:08 alexis has left
05:04:19 alexis has joined
05:06:13 alexis has left
05:06:18 alexis has joined
05:06:57 ludo has left
05:09:26 alexis has left
05:09:31 alexis has joined
05:11:15 ralphm has left
05:11:56 alexis has joined
05:14:59 daniel has left
05:16:25 alexis has left
05:16:30 alexis has joined
05:17:28 ralphm has left
05:18:21 alexis has left
05:18:26 alexis has joined
05:18:47 alexis has left
05:18:53 alexis has joined
05:20:02 moparisthebest has joined
05:21:21 alexis has joined
05:22:31 ralphm has left
05:23:44 alexis has joined
05:34:43 LNJ has joined
05:35:05 Dave Cridland has left
05:35:36 ralphm has left
05:41:11 ludo has joined
05:47:13 ludo has left
05:50:49 goffi has joined
05:55:32 sezuan has left
05:55:37 sezuan has joined
05:59:50 waqas has left
06:02:26 LNJ has left
06:06:33 j.r has left
06:06:39 j.r has joined
06:10:07 LNJ has joined
06:11:07 Steve Kille has left
06:11:31 ralphm has left
06:19:20 rion has joined
06:19:47 j.r has joined
06:19:50 j.r has joined
06:20:10 j.r has left
06:20:15 j.r has joined
06:20:47 j.r has left
06:20:51 ludo has joined
06:20:52 j.r has joined
06:24:01 ralphm has left
06:29:31 ralphm has left
06:31:00 blabla has joined
06:36:15 Lance has joined
06:38:42 Lance has left
06:40:12 ralphm has left
06:41:21 ludo has left
06:44:46 j.r has joined
06:50:33 j.r has joined
06:53:41 alexis has left
06:57:14 alexis has joined
06:59:17 ralphm has left
07:00:51 ludo has joined
07:02:48 Valerian has joined
07:06:01 ludo has left
07:06:28 ta has left
07:09:23 @Alacer has left
07:09:54 rion has left
07:10:50 j.r has joined
07:12:11 ralphm has left
07:12:13 ralphm has joined
07:16:32 intosi has joined
07:18:54 ta has joined
07:21:03 ludo has joined
07:21:14 Guus has left
07:22:54 marmistrz has joined
07:23:40 marmistrz has left
07:24:23 marmistrz has left
07:30:02 ludo has left
07:30:50 ludo has joined
07:33:14 Guus has left
07:37:06 ludo has left
07:43:11 tim@boese-ban.de has joined
07:43:59 vanitasvitae has joined
07:45:44 marmistrz has joined
07:48:22 Valerian has left
07:56:24 McKael has joined
07:58:14 ralphm has left
08:01:29 winfried has joined
08:04:42 efrit has left
08:05:11 Ge0rG Sigh. How one should not design XMPP clients: https://github.com/KaidanIM/Kaidan/issues/220
08:06:41 marmistrz has joined
08:07:18 Kev Swift autoaccepts requests too, but only for bidirectional
08:07:55 Kev (If you send a subscription request to someone, it'll approve the one they send back)
08:08:03 jonasw that makes sense
08:08:12 blabla has left
08:08:20 daniel > (If you send a subscription request to someone, it'll approve the one they send back) Conversations does that too.
08:08:39 daniel Even though that's actually what pre-approval is for
08:08:42 Ge0rG it makes sense in a world where subscription shouldn't consist of directed graphs
08:08:48 daniel Or pre Auth
08:08:53 Ge0rG except pre-approval is not guaranteed
08:08:56 daniel What ever that was called
08:09:01 Ge0rG yaxim will do both
08:09:14 Guus has left
08:09:26 Kev But Swift doesn't talk about subscription requests, it just talks about Add Contact.
08:09:27 daniel Did ejabberd start announcing that stream feature?
08:10:12 daniel Because at some point it had support but didn't announce the feature which doesn't make sense this the RFC tells clients to only use it if the feature is announced
08:10:28 Ge0rG I wonder how many of my Swift issues got fixed for 4.0.
08:10:43 Ge0rG daniel: I'm using it anyway.
08:10:56 Ge0rG is a lazy and ignorant client dev
08:10:56 jonasw Ge0rG, you do know that prosody doesn’t support it?
08:11:02 Ge0rG jonasw: I know.
08:11:18 ludo has joined
08:11:23 Ge0rG jonasw: but what's the worst thing that can happen if I send a pre-approval to a non-supporting server?
08:11:39 jonasw <malformed-request/> stream error.
08:11:43 daniel Stream error
08:11:49 daniel 😂
08:12:12 jonasw ah, <invalid-xml/>
08:12:26 Ge0rG but it is valid xml. It just comes at the wrong time
08:12:37 jonasw Ge0rG, invalid XML is for things which do not pass schema validation
08:12:59 Ge0rG she-what? :P
08:13:20 jonasw granted, I’d argue that such a server would be pretty weirdly designed to be gin with
08:13:22 jonasw granted, I’d argue that such a server would be pretty weirdly designed to begin with
08:14:00 Ge0rG jonasw: auto-generated by the schema-to-code thing we talked about yesternight.
08:14:55 Ge0rG &
08:15:10 jonasw fg
08:17:19 ludo has left
08:17:26 LNJ has left
08:20:17 LNJ has joined
08:20:50 Ge0rG Bad memory access (SIGBUS)
08:25:53 Andrew Nenakhov has left
08:25:56 Andrew Nenakhov has joined
08:26:32 LNJ has left
08:27:26 LNJ has joined
08:28:05 Andrew Nenakhov has left
08:28:06 Andrew Nenakhov has joined
08:29:54 SaltyBones has left
08:31:42 ta has joined
08:31:57 nyco has left
08:35:58 Valerian has joined
08:42:16 winfried has left
08:49:56 Steve Kille has left
08:50:47 Andrew Nenakhov has left
08:50:52 ludo has joined
08:50:53 Andrew Nenakhov has joined
08:51:49 Andrew Nenakhov has left
08:52:04 Andrew Nenakhov has joined
08:52:22 Andrew Nenakhov has left
08:52:38 Andrew Nenakhov has joined
08:53:36 Steve Kille has left
08:54:11 alexis has left
08:55:59 marmistrz has left
08:57:25 ludo has left
08:58:21 Steve Kille has joined
08:59:10 jubalh has joined
08:59:29 jubalh has left
09:01:59 ralphm has left
09:08:12 marmistrz has left
09:10:51 ludo has joined
09:11:32 winfried has left
09:12:39 Steve Kille has left
09:17:10 ludo has left
09:25:59 ralphm has joined
09:27:14 Guus has left
09:30:53 alexis has joined
09:33:50 ThibG has left
09:34:33 valo has joined
09:40:43 intosi has left
09:40:44 intosi has joined
09:58:34 LNJ has left
10:02:20 alexis has left
10:03:49 Zash has left
10:04:04 alexis has joined
10:06:16 Zash has joined
10:06:16 Zash has left
10:09:33 Dave Cridland has left
10:10:36 Zash has joined
10:11:03 ludo has joined
10:11:21 alexis has left
10:11:46 Dave Cridland has left
10:11:53 alexis has joined
10:14:22 LNJ has joined
10:14:28 Dave Cridland has left
10:17:58 Dave Cridland has left
10:18:26 Dave Cridland has left
10:18:34 alexis has left
10:18:36 daniel has left
10:20:24 Dave Cridland has left
10:20:35 alexis has joined
10:20:44 ludo has left
10:22:42 rion has joined
10:27:19 alexis has left
10:30:21 jubalh has joined
10:31:02 jubalh has left
10:31:34 Alex has joined
10:37:22 jubalh has joined
10:39:50 jubalh has left
10:41:02 Kev has left
10:41:03 vanitasvitae has left
10:41:03 Kev has joined
10:47:13 jubalh has joined
10:47:24 jubalh has left
10:47:53 daniel has left
10:49:52 LNJ has left
10:51:17 alexis has joined
10:52:36 alexis has left
10:52:44 alexis has joined
10:53:14 Dave Cridland has left
10:53:53 alexis has left
10:55:13 alexis has joined
10:55:24 winfried has left
10:57:01 Valerian has left
10:57:56 jubalh has joined
10:58:24 Dave Cridland has left
11:08:10 Dave Cridland has left
11:08:48 Yagiza has left
11:10:15 Dave Cridland has left
11:11:03 ludo has joined
11:11:57 Yagiza has joined
11:12:46 mr-L has joined
11:13:29 marmistrz has left
11:13:48 mr-L has left
11:15:39 alexis has left
11:15:48 alexis has joined
11:16:06 Dave Cridland has left
11:17:36 ludo has left
11:17:45 Valerian has joined
11:21:59 daniel has left
11:22:57 Dave Cridland has left
11:25:31 alexis has left
11:25:54 alexis has joined
11:28:47 Dave Cridland has left
11:29:28 ta has left
11:30:36 Dave Cridland has left
11:33:46 vanitasvitae has left
11:35:08 ludo has joined
11:36:10 Dave Cridland has left
11:38:58 marmistrz has joined
11:39:23 marmistrz has joined
11:41:08 Dave Cridland has left
11:46:00 Holger has left
11:50:09 Dave Cridland has left
11:50:59 ludo has left
11:51:11 jubalh has left
11:56:48 la|r|ma has joined
11:57:10 Syndace has left
11:57:10 Syndace has joined
11:58:52 Dave Cridland has left
12:00:09 Dave Cridland has left
12:00:20 lskdjf has joined
12:04:02 jere has joined
12:09:04 Andrew Nenakhov has left
12:09:05 Andrew Nenakhov has joined
12:09:47 jubalh has joined
12:10:41 Andrew Nenakhov has left
12:10:43 Andrew Nenakhov has joined
12:16:08 Valerian has left
12:17:28 Dave Cridland has left
12:17:57 Dave Cridland has left
12:22:36 Kev has left
12:23:52 Dave Cridland has left
12:24:34 Dave Cridland has left
12:25:04 valo has joined
12:25:06 lumi has joined
12:34:35 j.r has joined
12:35:31 Valerian has joined
12:37:08 vanitasvitae has left
12:37:16 Dave Cridland has left
12:37:39 Dave Cridland has left
12:38:49 Dave Cridland has left
12:39:54 Dave Cridland has left
12:40:20 jubalh has left
12:41:25 Dave Cridland has left
12:43:02 Andrew Nenakhov has left
12:43:13 Andrew Nenakhov has joined
12:43:18 Dave Cridland has left
12:44:29 Andrew Nenakhov has left
12:44:31 Andrew Nenakhov has joined
12:45:36 j.r has joined
12:46:41 Dave Cridland has left
12:47:14 Dave Cridland has left
12:47:44 Dave Cridland has left
12:48:43 Dave Cridland has left
12:49:28 valo has joined
12:50:13 Dave Cridland has left
12:51:01 la|r|ma has left
12:51:04 la|r|ma has joined
12:53:37 Dave Cridland has left
12:54:21 la|r|ma has left
12:54:25 la|r|ma has joined
12:54:31 Dave Cridland has left
12:55:44 Dave Cridland has left
12:57:43 Dave Cridland has left
12:57:48 la|r|ma has left
12:57:52 la|r|ma has joined
12:59:24 Dave Cridland has left
13:01:44 Dave Cridland has left
13:02:59 Dave Cridland has left
13:03:16 Ge0rG has left
13:03:52 Ge0rG has left
13:04:09 Ge0rG has left
13:05:19 Dave Cridland has left
13:07:41 Ge0rG has left
13:07:59 ta has left
13:08:18 j.r has joined
13:08:21 Dave Cridland has left
13:08:22 jubalh has joined
13:10:28 Dave Cridland has left
13:10:41 jubalh has left
13:11:15 Ge0rG has left
13:11:45 Dave Cridland has left
13:13:13 moparisthebest has joined
13:14:12 Ge0rG has left
13:15:25 Dave Cridland has left
13:15:50 SamWhited has left
13:16:35 Dave Cridland has left
13:17:15 Ge0rG has left
13:17:48 Ge0rG has left
13:18:30 Dave Cridland has left
13:20:04 SamWhited has left
13:21:17 Ge0rG has left
13:21:57 valo has joined
13:22:24 Dave Cridland has left
13:23:42 Dave Cridland has left
13:27:31 Dave Cridland has left
13:28:28 Ge0rG has left
13:29:28 Ge0rG has left
13:31:25 Ge0rG has left
13:32:00 moparisthebest has left
13:33:33 Ge0rG has left
13:35:36 j.r has joined
13:36:28 Ge0rG has left
13:37:44 Andrew Nenakhov has left
13:38:35 Ge0rG has left
13:38:38 Guus has left
13:40:12 Andrew Nenakhov has joined
13:41:31 Ge0rG has left
13:42:25 Ge0rG has left
13:42:36 Alex has left
13:46:05 Ge0rG has left
13:46:33 Ge0rG has left
13:48:41 Ge0rG has left
13:48:54 alexis has left
13:49:05 Nekit has left
13:49:18 Nekit has joined
13:51:36 Ge0rG has left
13:51:52 jubalh has joined
13:53:27 jubalh has left
13:53:43 Ge0rG has left
13:55:11 LNJ has joined
13:56:21 mimi89999 has left
14:01:36 Guus has joined
14:01:36 Guus has joined
14:04:48 winfried has left
14:05:36 winfried has left
14:05:40 winfried has joined
14:05:46 Dave Cridland has left
14:10:46 zinid has joined
14:13:41 LNJ has left
14:14:40 Andrew Nenakhov has left
14:14:46 Andrew Nenakhov has joined
14:15:14 Andrew Nenakhov has left
14:15:15 Andrew Nenakhov has joined
14:23:32 j.r has joined
14:26:29 ta has left
14:26:41 tim@boese-ban.de has left
14:29:46 j.r has joined
14:30:08 j.r has joined
14:33:49 Guus has joined
14:37:56 lovetox has joined
14:38:25 lovetox in attic there is missing version 3.0 and 3.1 of httpupload https://xmpp.org/extensions/xep-0363.html
14:38:38 Steve Kille has left
14:38:54 jonasw there is no 3.0
14:38:55 jonasw or 3.1
14:39:02 jonasw do you mean 0.3.0 and 0.3.1?
14:39:20 jonasw (which are also missing, indeed)
14:39:21 jubalh has joined
14:39:24 jonasw I’ll regenerate them
14:39:39 jubalh has left
14:39:40 Neustradamus has joined
14:40:31 lovetox yes i meant those
14:40:47 jonasw will be up shortly
14:40:55 lovetox thanks
14:41:04 jonasw spoiler: 0.3.1 is only a typo fix ;)
14:42:37 jonasw lovetox, will be available within the next five minutes
14:43:24 Ge0rG starts tea timer
14:43:27 Dave Cridland has left
14:43:34 lovetox has left
14:44:00 SamWhited has left
14:45:15 jubalh has joined
14:45:16 Alex has joined
14:45:18 lovetox has joined
14:46:29 waqas has joined
14:47:17 jubalh has left
14:51:29 lovetox what funny attack can you do if you have newline chars in a header value
14:51:31 lovetox talking about httpupload
14:52:06 Valerian has left
14:52:07 Valerian has joined
14:52:14 j.r has joined
14:52:26 j.r has joined
14:52:28 jonasw lovetox, escape from the header, depending on the brokenness of implementations involved
14:54:01 lovetox the authorizartion value is base64 encoded
14:54:37 lovetox this means i execute on that value .strip('\n')
14:54:47 intosi has left
14:54:48 intosi has joined
14:54:49 lovetox not decode it and execute it on that
14:55:01 MattJ Correct
14:55:09 lovetox kk thanks
14:55:14 jonasw lovetox, that’s not sufficient
14:55:19 MattJ The client is not expected to understand what the headers are
14:55:22 jonasw .replace("\n", "") is safer
14:55:34 jonasw or if "\n" in header_value: raise RuntimeError("gtfo")
14:55:48 lovetox thats indeed better
14:56:06 jubalh has joined
14:56:06 lovetox i should just not upload to a service providing xep violating stuff
14:56:24 jonasw probably
14:56:46 alexis has joined
14:57:07 alexis has left
14:57:16 alexis has joined
14:57:30 lovetox ups strip is only for beginn and end, indeed that would not be enough
14:57:50 jonasw t
14:58:51 alexis has left
15:01:13 alexis has joined
15:01:22 Dave Cridland has left
15:03:14 alexis has left
15:06:52 alexis has joined
15:10:24 jubalh has left
15:12:07 Holger has left
15:13:28 alexis has left
15:13:41 alexis has joined
15:16:35 vanitasvitae has left
15:17:38 jubalh has joined
15:18:26 Dave Cridland has left
15:20:07 Nekit has left
15:20:09 Nekit has joined
15:24:12 lovetox has left
15:27:11 Dave Cridland has left
15:30:12 jubalh has left
15:31:31 jubalh has joined
15:31:42 alexis has left
15:32:09 alexis has joined
15:32:11 marmistrz has joined
15:37:36 alexis has left
15:37:43 alexis has joined
15:37:46 jubalh has left
15:44:42 daniel has left
15:50:39 daniel has left
15:52:14 Valerian has left
15:52:16 Valerian has joined
15:55:15 jubalh has joined
15:55:50 jubalh has left
15:56:06 ta has left
15:56:48 daniel has left
15:56:53 Dave Cridland has left
15:58:01 Andrew Nenakhov has left
15:58:02 Andrew Nenakhov has joined
16:00:25 tux has left
16:04:17 Maranda has left
16:04:55 daniel has left
16:07:27 Dave Cridland has left
16:07:43 Dave Cridland has left
16:08:25 daniel has left
16:08:41 Dave Cridland has left
16:08:52 Dave Cridland has left
16:09:18 Valerian has left
16:10:13 Dave Cridland has left
16:10:45 Valerian has joined
16:14:49 daniel has left
16:16:17 Nekit has left
16:16:24 Nekit has joined
16:18:55 sezuan has left
16:27:43 jere has joined
16:34:38 jere has joined
16:40:02 Dave Cridland has left
16:40:16 Valerian has left
16:40:21 marmistrz has left
16:41:53 Valerian has joined
16:43:24 mrdoctorwho has left
16:48:18 jere has left
16:48:34 jere has joined
16:50:06 Yagiza has left
16:52:45 Guus has left
16:55:06 daniel has left
17:01:43 Valerian has left
17:02:55 jere has left
17:07:32 Andrew Nenakhov has left
17:07:32 Andrew Nenakhov has joined
17:12:07 ralphm has left
17:12:37 jubalh has joined
17:13:45 Guus has left
17:15:10 jubalh has left
17:15:11 jubalh has joined
17:20:31 jubalh has left
17:20:32 jubalh has joined
17:24:17 ta has joined
17:28:56 j.r has joined
17:29:22 jubalh has joined
17:29:23 jubalh has joined
17:31:10 j.r has left
17:31:31 j.r has joined
17:34:59 lovetox has joined
17:41:21 Tobias has left
17:43:14 ralphm has joined
17:43:52 Dave Cridland has left
17:48:03 alexis has left
17:48:07 alexis has joined
17:49:14 Ge0rG Http upload is a small security nightmare.
17:49:38 Ge0rG BTW, was there a change already restricting the legal header values?
17:51:08 Ge0rG > Requesting entities MUST ensure that only the headers that are explicitly allowed by this XEP (Authorization, Cookie, Expires) are copied from the slot response to the HTTP request. Ah, yes. But it's still not enforced at protocol level
17:51:50 rion I've applied this restriction to Psi
17:52:41 Ge0rG > MUST strip any newline characters I wonder whether "newline characters" is too vague, as it's implementation defined
17:53:20 jjrh has left
17:54:13 alexis has left
17:54:22 jubalh has joined
17:55:26 Dave Cridland has left
17:55:35 Dave Cridland has left
17:56:13 Neustradamus has left
17:58:46 moparisthebest has anyone tried (ab)using SOCKS5 Bytestreams https://xmpp.org/extensions/xep-0065.html to poke at internal network stuff?
17:58:53 Dave Cridland has left
17:58:55 moparisthebest there aren't any security considerations about it
18:00:15 winfried has left
18:00:20 rion Do you mean sending something w/o opening filetransfer session of something?
18:00:57 rion of traffic encryption
18:02:00 Zash moparisthebest: but both parties connect to the server, the server doesn't initiate anything outbound
18:02:11 Zash moparisthebest: you might be able to trick remote clients into such things tho
18:02:12 Dave Cridland has left
18:02:14 moparisthebest like, the server has access to a 10.X.X.X private subnet external users do not have access to, can an external client do bad things
18:02:37 moparisthebest yea that's another way to do it
18:04:00 rion has left
18:04:49 Dave Cridland has left
18:06:09 Ge0rG You'd have to trick the client to connect to a "proxy" you defined
18:10:51 Dave Cridland has left
18:12:31 Zash I forget the details, but doesn't one party pick the proxies, the other responds with one it can connect to.
18:13:39 Dave Cridland has left
18:13:43 Ge0rG I never knew the details, so...
18:15:20 Dave Cridland has left
18:16:23 jonasw has left
18:18:57 Steve Kille has left
18:19:09 Dave Cridland has left
18:20:34 Ge0rG has left
18:21:31 Ge0rG has left
18:21:34 Ge0rG has left
18:21:49 Alex has left
18:22:18 Dave Cridland has left
18:26:41 Steve Kille has joined
18:28:44 Dave Cridland has left
18:31:55 Dave Cridland has left
18:32:17 Dave Cridland has left
18:32:20 Dave Cridland has joined
18:35:51 Dave Cridland has left
18:39:41 lskdjf has joined
18:39:58 marmistrz has left
18:41:25 Dave Cridland has left
18:43:39 Steve Kille has left
18:43:47 jubalh has joined
18:44:08 Dave Cridland has left
18:44:24 la|r|ma has joined
18:46:15 mrdoctorwho has joined
18:47:56 Dave Cridland has left
18:49:59 Dave Cridland has left
18:56:33 Nekit has left
18:58:45 marmistrz has left
18:58:52 nyco has left
19:01:59 ralphm has left
19:03:09 Dave Cridland has left
19:03:27 winfried has left
19:03:34 Dave Cridland has left
19:03:46 ralphm has joined
19:04:31 Dave Cridland has left
19:04:32 Dave Cridland has joined
19:07:26 Dave Cridland has left
19:09:02 ludo has joined
19:09:31 j.r has joined
19:09:37 marmistrz has joined
19:09:50 marc has left
19:10:04 marmistrz has left
19:11:41 rion has joined
19:19:16 rion has left
19:20:08 waqas has left
19:20:10 waqas has joined
19:20:29 winfried has left
19:20:35 Dave Cridland has left
19:21:42 j.r has joined
19:22:21 Dave Cridland has left
19:24:57 waqas has left
19:25:29 Dave Cridland has left
19:28:43 Dave Cridland has left
19:30:47 ludo has left
19:31:33 waqas has joined
19:35:52 j.r has left
19:35:56 j.r has joined
19:41:36 jubalh has left
19:49:11 alexis has joined
19:50:34 jubalh has joined
19:50:52 jubalh has left
19:57:35 waqas has left
19:57:56 Dave Cridland has left
19:59:28 Dave Cridland has left
20:02:27 alexis has left
20:03:02 Dave Cridland has left
20:06:15 Dave Cridland has left
20:08:18 Dave Cridland has left
20:09:28 Dave Cridland has left
20:10:55 Dave Cridland has left
20:11:02 alexis has joined
20:12:54 Dave Cridland has left
20:14:01 Dave Cridland has left
20:14:03 Dave Cridland has joined
20:15:04 Dave Cridland has left
20:15:49 Ge0rG has left
20:15:57 waqas has joined
20:16:03 Dave Cridland has left
20:16:04 Dave Cridland has joined
20:16:08 Dave Cridland has left
20:16:19 Dave Cridland has joined
20:16:23 alexis has left
20:17:38 Dave Cridland has left
20:18:27 Dave Cridland has left
20:18:27 Dave Cridland has joined
20:20:40 LNJ has joined
20:21:57 Dave Cridland has left
20:22:08 Steve Kille has left
20:22:55 la|r|ma has left
20:25:50 la|r|ma has left
20:27:27 Dave Cridland has left
20:29:27 Dave Cridland has left
20:31:56 Dave Cridland has left
20:32:49 SamWhited has left
20:33:45 Dave Cridland has left
20:34:23 Dave Cridland has left
20:36:46 Dave Cridland has left
20:37:22 Kev has left
20:39:25 Dave Cridland has left
20:39:29 moparisthebest has joined
20:41:33 j.r has left
20:41:38 j.r has joined
20:41:52 Dave Cridland has left
20:42:31 Kev has joined
20:43:22 Dave Cridland has left
20:46:03 Dave Cridland has left
20:48:17 Dave Cridland has left
20:51:06 j.r has left
20:51:14 j.r has joined
20:51:58 Dave Cridland has left
20:52:55 Dave Cridland has left
20:53:28 j.r has left
20:53:38 j.r has joined
20:53:39 Tobias has joined
20:53:41 Tobias has joined
20:54:57 Dave Cridland has left
20:58:04 Dave Cridland has left
21:02:10 Dave Cridland has left
21:02:40 Alex has left
21:03:43 Dave Cridland has left
21:06:20 Dave Cridland has left
21:09:47 Dave Cridland has left
21:12:04 marmistrz has left
21:13:00 blabla has joined
21:13:04 blabla has joined
21:13:48 Dave Cridland has left
21:17:34 Dave Cridland has left
21:17:59 Ge0rG has left
21:18:39 peter has joined
21:20:07 Dave Cridland has left
21:20:40 Dave Cridland has left
21:22:30 peter interesting reading: https://irisate.com/crdt-for-real-time-collaborative-apps/
21:28:09 winfried has left
21:34:19 peter has left
21:35:15 winfried has joined
21:39:34 MattJ It feels like only yesterday when Operation Transformation was the best thing ever
21:39:42 Kev You've gotten old.
21:39:45 MattJ *Operational
21:39:48 MattJ :(
21:39:59 Kev Don't feel bad, I'll catch up soon.
21:40:15 Nekit has left
21:42:42 moparisthebest has joined
21:45:39 goffi has left
21:46:39 Dave Cridland has left
21:54:39 Dave Cridland has left
21:57:15 Dave Cridland has left
21:59:00 Dave Cridland has left
22:02:55 LNJ has left
22:04:15 Dave Cridland has left
22:06:20 Dave Cridland has left
22:06:40 marmistrz has left
22:08:15 lskdjf has joined
22:10:01 Steve Kille has left
22:10:03 Steve Kille has joined
22:24:27 mrdoctorwho has joined
22:40:24 waqas has left
22:41:36 waqas has joined
22:43:56 jubalh has joined
22:50:05 Andrew Nenakhov has left
22:50:05 Andrew Nenakhov has joined
22:50:39 Andrew Nenakhov has left
22:50:57 Andrew Nenakhov has joined
22:51:18 tux has joined
23:03:07 Andrew Nenakhov has left
23:03:07 Andrew Nenakhov has joined
23:04:36 Andrew Nenakhov has left
23:04:38 Andrew Nenakhov has joined
23:05:44 Dave Cridland has left
23:06:10 ralphm has joined
23:10:22 Steve Kille has left
23:10:37 Steve Kille has joined
23:11:32 SaltyBones has left
23:11:40 SaltyBones has joined
23:16:13 ralphm has left
23:16:14 ralphm has joined
23:20:27 jubalh has joined
23:21:28 lovetox i found this in gajim code
23:21:39 lovetox when creating TLS connection we pass a cipher list
23:21:39 lovetox 'HIGH:!aNULL:RC4-SHA'
23:21:48 lovetox it this up to date?!
23:21:55 lovetox i have no clue about ciphers :/
23:22:14 ralphm has joined
23:25:32 Zash If it's using a modern OpenSSL then I don't think you need to worry.
23:27:38 Zash Only 'HIGH' seems to matter. Removing ciphers without authentication (aNULL) from the set of "highly secure" ciphers (HIGH) does nothing.
23:27:44 Zash And RC4 doesn't seem to exist anymore.
23:28:09 SamWhited Still, that doesn't seem like a good sign…
23:29:25 Holger Zash: Unless things changed recently, HIGH does include aNULL ciphers.
23:29:57 Zash Oh
23:30:16 Zash Indeed
23:30:43 Zash Hidden among all the various auth mechanisms that aren't used either
23:30:43 SamWhited I'm more concerned that they would try to select RC4, regardless of whether it still exists in openssl or not.
23:31:09 Dave Cridland has left
23:31:11 Zash $ diff -u <(openssl ciphers -v HIGH) <(openssl ciphers -v 'HIGH:!aNULL')|q https://q.zash.se/324a465c00bf.txt
23:31:28 Zash on Debian Stable with OpenSSL 1.1.0f
23:32:17 lskdjf has joined
23:32:18 ralphm has joined
23:32:27 Zash SamWhited: It's pretty good compared to cipher lists like this: https://q.zash.se/da0ffe1f3f82.txt
23:33:12 SamWhited What's that from?
23:33:45 Zash Oooooooooold Jitsi
23:34:16 Zash Possibly from 2013
23:34:57 Zash https://blog.thijsalkema.de/blog/2013/09/02/the-state-of-tls-on-xmpp-3/
23:34:58 lovetox has left
23:35:07 Zash From those days
23:35:13 SamWhited fun… Java things always seem to be behind.
23:37:13 lovetox has joined
23:37:21 ralphm has joined
23:37:22 SamWhited huh, apparently RC4 was considered broken later than I thought
23:37:22 Zash Defaults were pretty bad back then in most things.
23:37:52 SamWhited Still though, if you're still recomnending it today that's a pretty big red flag for gajim…
23:38:28 Zash Hasn't RC4 been considered "icky but let's not worry too much about it" since forever?
23:39:33 SamWhited I was thinking it was late 2013, but apparently it was 2015 that the IETF stopped telling people to use it in TLS.
23:42:03 waqas has left
23:42:49 Zash Comparing the current situation with that post would probably be interesting.
23:47:39 ralphm has joined
23:48:02 alexis has joined
23:54:37 Dave Cridland has left
23:55:55 Dave Cridland has left
23:57:42 ralphm has left
23:57:43 ralphm has joined