-
Ge0rG
https://www.schneier.com/blog/archives/2018/01/detecting_drone.html another nail in the coffin of stream compression. I totally missed that back in January
-
jonasw
awesome
-
jonasw
can we use that to decrypt and de-DRM HDMI streams?
-
Andrew Nenakhov
"In other words, they can see what the drone sees," - seems like total bullshit
-
Andrew Nenakhov
They can detect patterns within compressed stream (idle/rapidly changing), not the stream itself.
-
labdsf
TLDR: If you suspect that drone is filming you, move rapidly and see if it transmits more
-
labdsf
daniel, why do you say Conversations resources are not permanent?
-
labdsf
when are they changed?
-
labdsf
I am thinking about how to fix it in Gajim and it seems just writing permanent resource in config is not a good idea, because configs may be synchronized
-
daniel
labdsf: when a server provides me with a different one or if I'm logged out because of duplicate resource or not permitted to bind
-
labdsf
that seems like a solution, thanks
-
labdsf
just regenerate resource if it is duplicate
-
jonasw
yupp
-
Ge0rG
Except that a *sane* server will assume that the second bind is the same client, coming from a network change, and kill the old session.
-
daniel
I've seen plenty of server that will prevent your bind
-
daniel
Jabberd maybe?
-
Ge0rG
daniel: yes, there are some servers that do that. No, it doesn't make it a good idea.
-
daniel
i think there is also an ejabberd config that will just give you a new random resource
-
daniel
at least i have seen that behaviour in the wild
-
Ge0rG
there is also a prosody module for that.
-
Ge0rG
In the Age Of MAM, this is not as bad as it used to be.
-
MattJ
FWIW although I now favour clients requesting per-client static resources, I didn't mention what the server actually assigns them :)
-
daniel
is "there is a prosody module for that" the new "the simpsons did it"?
-
Zash
Old tho
-
Ge0rG
MattJ: I'm interested in how you imagine the whole process to play out, then.
-
MattJ
Is there any more to it than that?
-
MattJ
Client should request a resource of <some installation-unique string>, it doesn't need to be what the server actually uses as the public resource for that session
-
Ge0rG
MattJ: so you do assign another resource to the client? Do you expect the client to request the newly-assigned resource on next connection then? And re-assign again?
-
MattJ
No, why would it do that?
-
MattJ
I expect the client to always request the same resource
-
jonasw
MattJ, if the server gives me a different resource in the bind response, I think I’ll use that resource from then onwards ...
-
MattJ
Why?
-
Ge0rG
See, you don't even have a coherent image of your idea.
-
MattJ
Consider that the server's logic (as it typically is today) when that happens is "override the client's resource with a random one"
-
Ge0rG
Why should that be a good idea, again?
-
MattJ
Requesting the one the server assigns you will just get you a new different random one?
-
MattJ
s/?$//
-
MattJ
so why would you bother? Just request the one you want
-
jonasw
MattJ, yeah, in that case, it doesn’t matter whether I try my configured resource all over again
-
jonasw
but if a server allows me to stay consistent, I can have that
-
jonasw
hm
-
jonasw
I kinda see your point
-
Ge0rG
I don't.
-
MattJ
If the server overrides your resource once, it will again :)
-
jonasw
why go through the hassle of updating the stored resource when it won’t work anyways
-
Ge0rG
It *could* work if the server had a list of well-known resources for that account, and checked that for matches.
-
Ge0rG
It needs that list anyway to kill your stale session on a reconnect.
-
Ge0rG
You know, like above: Replaced by new connection (conflict)
-
MattJ
It makes no sense to me that a client would store the resource beyond the lifetime of a single session
-
jonasw
MattJ, yeah, nevermind on that one
-
MattJ
Ge0rG, that old thing :)
-
jonasw
re-rolling a new resource on <conflict/> makes sense though
-
Ge0rG
except that <conflict/> doesn't make sense.
-
jonasw
why not?
-
jonasw
Ge0rG, if somebody copied their JabberCat config to a new machine and they connect it while the other machine is connected too, I get a <conflict/>
-
jonasw
I need to handel that and re-roll the resource
-
Ge0rG
jonasw: wait, your *old* session gets a conflict?
-
jonasw
yes
-
Ge0rG
Aaah!
-
jonasw
(it doesn’t matter though)
- Ge0rG got enlightened now.
-
jonasw
(even if the new session gets a conflict)
-
Ge0rG
jonasw: it does make a difference.
-
jonasw
(A server could for example decide to let the new session conflict if it received a ping-pong just now)
-
Ge0rG
jonasw: if your *new* session gets a conflict, it might be because the server still hangs on your old session.
-
Ge0rG
but it's dead for all practical matters.
-
jonasw
sure, but what am I supposed to do?
-
jonasw
not connect until that session dies?
-
Ge0rG
call the server hotline
-
jonasw
or roll a new resource and be able to connect?
-
Ge0rG
Hmm.... hide the error or show the error.
-
jonasw
tricky question indeed
-
Ge0rG
Somebody should re-do https://wiki.xmpp.org/web/XMPP_IM_Client_Design_Guidelines#Do_not_to_encode_any_semantics_into_the_resource.2C_let_the_server_generate_a_resource_for_you
-
goffi
Ge0rG: I think I've actually followed this page, and today people have a different song
-
Ge0rG
goffi: I have hated that section, with a passion, for a long time.
-
Ge0rG
But I'm not here for wiki editing wars, so I always hoped the original author would become convinced and change it.
-
jonasw
Ge0rG, modify it!
-
goffi
that's why a XEP (or better a new version of the RFC) should be clear on the subject.
-
jonasw
who is the origina lauthor
-
Ge0rG
I thought it was MattJ, but it looks like not.
-
goffi
with a XEP there is a debate on standard, and council will arbitrate if there is any conflict.
-
Ge0rG
goffi: there was a debate on standards, and we went home with multiple strong opinions.
-
jonasw
*.xmpp *.split
-
goffi
so can somebody write some official proposal? As a client dev I don't really care which way is chosen to generate resource, but I would like to have a clear way and if possible some rationale to explain why.
-
Ge0rG
I think jonasw volunteers for that 😁
-
Ge0rG
goffi: the XSF traditionally isn't very strong at putting the rationale for protocols into its protocol specifications, and this one is 95% rationale.
-
jonasw
Ge0rG, EBUSY
-
goffi
well the important is not the tradition here, the important is to simplify life for everybody. And I don't think it worth spending time and energy to know how to generate resource
-
Ge0rG
goffi: the point is: this is not protocol, this is best-practices.
-
goffi
there are several XEPS for best practice already
-
Ge0rG
so it might be a good informational XEP indeed.
-
goffi
yep
-
Ge0rG
but then, as there is no consensus, and there are conflicting opinions, it's hard.
-
goffi
**on beatles music** All we need is specs, tadalala
-
goffi
Ge0rG: the council is here to arbitrate once all opinions have been exposed.
-
Ge0rG
goffi: what if the conflict is among council members?
-
goffi
well let's solve problem when they come?
-
Ge0rG
https://wiki.xmpp.org/web/XEP-Remarks/XEP-0045:_Multi-User_Chat#Matching_Your_Reflected_Message would also make a great informational XEP
-
Ge0rG
And https://wiki.xmpp.org/web/XEP-Remarks/XEP-0045:_Multi-User_Chat#Am_I_still_there.3F as well
-
Ge0rG
Also somebody should walk the wiki for all ML references made before 2016 and update the links
-
flow
It may already help if a wiki page would list all competing proposals regarding resource handling. we may find out that there is in fact a way to reach consensus. (I thought we have consensus FWIW)
-
Ge0rG
there is bind2.
-
Ge0rG
And there is Zuul.
-
flow
Zuul?
-
Ge0rG
There is no Dana, only Zuul!
-
Wiktor
hehe, and the hidden Mozilla egg: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
-
fippo
https://twitter.com/w3cdevs/status/1006544269149077504 -- might be relevant for some european folks here
-
Ge0rG
Yes, let's get some money to create more APIs to track web victims.
-
fippo
heh :-)
-
labdsf
Ge0rG, I have found your slides btw: https://wiki.xmpp.org/web/Georg%27s_Talk_on_Message_routing
-
Ge0rG
labdsf: yay! Feel free to give feedback
-
Ge0rG
Or to feel embarrassed about it
-
labdsf
via https://dev.gajim.org/gajim/gajim/issues/8971
-
Ge0rG
Am I supposed to defend my position in there?
-
Ge0rG
6121 also doesn't know about carbons, MAM, and four hundred other protocol extensions
-
labdsf
Persistent resources in Gajim seem to be already fixed, just need to wait for it to hit the repos, closed the bug: https://dev.gajim.org/gajim/gajim/issues/9193
-
labdsf
cloned the master, started testing and found that it wrote the random part into config
-
flow
yeah gajim is improving a lot recently
-
Seve/SouL
Link Mauve: https://wiki.xmpp.org/web/Membership_Applications_Q3_2018
-
Link Mauve
Ok, let’s do that now.
-
Link Mauve
https://wiki.xmpp.org/web/Membership_Applications_Q3_2018#Applicants
-
Seve/SouL
Link Mauve: great :)
-
pep.
wooh
-
pep.
Q3 already..
-
pep.
Time flies
-
Seve/SouL
Yes :(
-
Seve/SouL
I will have to find my application
-
Seve/SouL
Or do a new one, wonder what...
-
Seve/SouL
But yeah, a year already!
-
edhelas
damn me too