-
neshtaxmpp
moparisbest
-
neshtaxmpp
my friend server has serious access from 127.0.0.1, brute force from sshd here is log: https://bgzashtita.es/tefter/raw/VbNthqzNKV can someone help.
-
neshtaxmpp
my friend don't connect from 127.0.0.1, something illegaly connect from 127.0.0.1 and brute force my friend server for my friend password. maybe it is from sslh. can you comment how to compile latest sslh and show when ip is connecting in apache2 to show real ip and stop 127.0.0.1 from internet try connect my friend server.
-
moparisthebest
neshtaxmpp, lol 127.0.0.1 is localhost, ie your friends own computer
-
moparisthebest
but also every ssh on the internet that accepts password auth is bruteforced 100% of the time, fact of life
-
moparisthebest
neshtaxmpp, set up this https://linode.com/docs/security/authentication/use-public-key-authentication-with-ssh/
-
neshtaxmpp
moparisthebest: my friend server dont connect to him from 127.0.0.1. something from my friend server is using sshd to someone connecr from 127.0.0.1 do you know how to investigate what make 127.0.0.1: here is log: https://bgzashtita.es/tefter/VbNthqzNKV
-
neshtaxmpp
here is other logs: https://bgzashtita.es/tefter/
-
moparisthebest
neshtaxmpp: and did you follow the link
-
moparisthebest
IP doesn't matter ignore it
-
neshtaxmpp
my friend dont want use with certificate. my friend want to use with password. he is ok if they try with they real ip. but he is not ok " he dont like " 127.0.0.1 to be used from sshd. moparisthebest you comment " 127.0.0.1 is his own server " so this is serious issue. do you know how can help my friend investigate and block 127.0.0.1 becouse you confirm 127.0.0.1 is his server. thanks
-
moparisthebest
Well then your friend is an idiot
-
moparisthebest
Hope he has a good password set up
-
moparisthebest
Read sslh docs if you want transparent forwarding with real IP
-
neshtaxmpp
moparisthebest: do you have manuals that can work for debian... like compilong, what is necessary, what permission after compile, what directory, what plugins and etc. so it after make install work. ivan dont speak english so i translate him.
-
moparisthebest
Nope just sslh docs
-
neshtaxmpp
moparisthebest: some comands to investigate why and how 127.0.0.1 is connecting, when this 127.0.0.1 is for home access. official nobody outside my friend server can't connect from 127.0.0.1, then how is that possible.
-
moparisthebest
How many ways can I repeat myself
-
moparisthebest
Sslh docs
-
moparisthebest
Transparent forwarding
-
moparisthebest
Read docs from sslh
-
moparisthebest
Sslh documentation, have a look
-
neshtaxmpp
moparisthebest: How many ways can I repeat myself I dont understand them so i cant explain to him..
-
moparisthebest
Then I guess you are shit outta luck my friend
-
jonas’
moparisthebest, don’t you have an IRC->XMPP gateway running?
-
edhelas
what are the requirements to be part of the organization on Github ? https://github.com/orgs/xsf/people
-
jonas’
edhelas, asking nicely, probably
-
edhelas
would it be possible to be added to be member of the XSF organisation on Github :3 ?
-
Ge0rG
edhelas: it would probably help to commit to some task, so that nobody gets an impression that you are doing it for the sake of having an organization badge on your profile.
-
Ge0rG
I'm sure the Editor team always needs a helping hand
-
edhelas
I could have a look at the tasks yeah :)
-
pep.
vanitasvitae, I'm not sure I understand the discussion with disco for SCE?
-
pep.
Why would you need that. You'll have <eme/> with a namespace, and that namespace will tell you what encryption mechanism, and the encryption mechanism will be a profile of SCE, no?
-
pep.
let's try to formulate that in the email
-
jonas’
yes, the editor team could use helping hands
-
lovetox
pep., its not about detection if you receive a message
-
lovetox
its about sending a message
-
lovetox
you cant know if the recipient supports full stanza encryption or not
-
pep.
I think that's not the right question
-
pep.
You can know if somebody supports $encryptionMechanism, because they will be a dicovery mechanism for it most likely, just as OX and OMEMO have their key published
-
lovetox
there is none
-
lovetox
thats what the discussion is about
-
pep.
And all you care about is if somebody supports $encryptionMechanism, that will use SCE. You don't need to know about SCE itself
-
pep.
lovetox, well there is none because nobody is using SCE atm
-
lovetox
yeah and the email is about how one can discover if a client can use SCE or OMEMO V2 or whatever
-
pep.
I wouldn't use SCE itself
-
pep.
what for?
-
pep.
You only need to know if somebody supports OMEMO2, that uses SCE
-
lovetox
because you cant decrypt my message if you dont support sce
-
pep.
But that's an implementation detail knowing about SCE
-
pep.
If you support OMEMO2 you will support SCE
-
lovetox
and how do i know if someone supports omemo2?
-
pep.
Because they publish their keys?
-
lovetox
so you saying putting the info into pubsub for every device
-
pep.
urn:xmpp:omemo:0
-
lovetox
thats what the discussion is about
-
lovetox
and its not as bad as in disco info, but still bad
-
pep.
Skimming through the thread though I really feel like it's not focusing on the right questions
-
pep.
how is that bad?
-
pep.
"Hey you want to talk to me, you know where to check for my keys. If there's nothing there, maybe I don't do $encryptionMechanism then"
-
lovetox
because there are multiple devices
-
pep.
sure, well that's already an issue with any e2ee thing
-
lovetox
you need to determine a overall state, from all devices, implement logic according to it
-
pep.
Or any feature at all
-
lovetox
and then you have to think about X cases
-
lovetox
what if one device only supports X
-
pep.
You don't want to do that because as mentioned, carbons etc.
-
lovetox
and the other only >
-
lovetox
Y
-
pep.
And then MAM..
-
lovetox
yes so its useless that there is one device publishing that it is omemo2 capable
-
pep.
You don't care if only one device supports it because there's no way of knowing
-
lovetox
you just said we CAN know with pubsub
-
pep.
Do you need to know though?
-
lovetox
so what is it now
-
lovetox
omg
-
lovetox
pep. this discussion makes me a bit tired :D
-
pep.
hmm?
-
pep.
I'm sorry it's the first time I go through this myself, I have seen it before though
-
lovetox
yeah i noticed :) just think about it from the point of a developer wants his users to have a flawless conversion to a new standard
-
lovetox
in this case there is no easy way
-
lovetox
either you make a hard cut someday
-
lovetox
or you implement lots of hacky logic that depends on multiple things, and will fail from time to time
-
pep.
I think if you want "perfect" you need to control the whole ecosystem
-
pep.
It's just not possible here
-
lovetox
yeah i would propose all clients impl read support for omemo with sce
-
lovetox
and in a year we switch to send support
-
pep.
I'm sorry I'll repeat but "omemo with sce" doesn't mean anything
-
pep.
sce is but an implemntation detail
-
pep.
"omemo:0" that will be, I guess :)
-
lovetox
or that :)
-
pep.
(to clarify a bit, "384 with sce" doesn't mean anything*, is what I wanted to say)
-
vanitasvitae
pep.: the main point is, that xmpp has a lot of features. A client implementing sce would need to be able to properly handle all the features it supports additionally in an encrypted context.
-
pep.
What I'm saying is, a client won't implement sce by itself
-
vanitasvitae
Therefore it may be desirable to negotiate features like "i understand sce, but only for body, chat state and feature xyz"
-
pep.
hmm?
-
pep.
oh, wow
-
pep.
I wasn't even thinking about that, but now I'm confused
-
vanitasvitae
If you receive a message with a chat state notification, you want to know if it was contained inside a sce element or not.
-
vanitasvitae
(If it was encrypted or not)
-
pep.
"you want to know"?
-
pep.
You will know, by decrypting it, right?
-
vanitasvitae
Yes
-
vanitasvitae
Yeah but all your listeners need to be modified to differentiate between a protected message correction and a plain one.
-
vanitasvitae
As you probably want to communicate that to the user somehow
-
vanitasvitae
Like "watch out, this message correction was not encrypted"
-
pep.
Yeah no that was the part I didn't really understand, and even now that I have this missing piece of info, I still find this overkill
-
pep.
Sure you can do that already without discovering anything
-
pep.
There's no need for protocol support here
-
pep.
A client parsing a e2ee payload using sce will know what is and what isn't in the container
-
pep.
*an
-
vanitasvitae
That was my initial impression as well, but some people suggest it may be more complicated
-
vanitasvitae
Take smack for example. Literally all listeners in smack need to be rewritten to carry some sort of security information that tell the user how the triggering element was encrypted.
-
pep.
that's.. weird
-
pep.
Maybe the API is just not what it should be
-
vanitasvitae
For that reason it may be good to gradually start an implementation with just a subset of the features.
-
vanitasvitae
The thing is, that an sce message can contain encrypted and unencrypted elements at the same time
-
pep.
With slix I don't need all that
-
vanitasvitae
How does slix do listening for elements?
-
pep.
I mean I don't have an implementation of a container, but I see more or less how I could do it
-
pep.
"listening for elements"?
-
vanitasvitae
Hehe
-
pep.
You don't, you have a Message object and you lookup what you want to
-
vanitasvitae
Ah so slix works rather different to smack
-
vanitasvitae
in smack the user registers listeners for certain events and gets notified when a stanza for that event is received
-
pep.
There are also signals sent if your message contains X or Y, but most likely in a client you'll want to ignore these, and only use the helpers from the library
-
vanitasvitae
like for example if a chat state arrived, that will cause a listener to be fired
-
vanitasvitae
ah okay
-
pep.
Yeah you could also do that in slix, but I don't like it
-
pep.
Because then if I fire an event for "message" and an event for "eme" with the same message, now I have to have more global state in my app to know these are the same messages
-
vanitasvitae
I see
-
vanitasvitae
So you suggest that SCE should be coupled to a new OMEMO namespace which then infers that the client knows how to handle any element inside the SCE content?
-
pep.
Maybe I'm missing some part of the picture, but I think SCE should be used by itself. It should be like 373/374, be used as profiles
-
vanitasvitae
I'll have to think about that 😀
-
pep.
For the encryption mechanism. What tag then goes inside is up to the sending client I guess?
-
vanitasvitae
what tag do you mean?
-
pep.
payload, body, replace, etc. etc.
-
vanitasvitae
ah
-
vanitasvitae
ideally the sending client would put all elements inside the content, that do not concern the server.
-
pep.
sure
-
pep.
The receiving client will know what's inside the encrypted payload, and can accordingly display a warning or not.
-
vanitasvitae
hm i think i like the idea of profiles.
-
pep.
There's a bit of handwaving here I agree
-
vanitasvitae
How would you signal what profiles a client supports?
-
vanitasvitae
I think the best way is to couple that information with the published keys somehow.
-
lovetox
vanitasvitae, there should only one single profile for omemp
-
lovetox
really we should not get into the situation that one resource supports X and another Y
-
pep.
yeah, it'll be urn:xmpp:omemo:0, that is a profile of SCE
-
vanitasvitae
Aggreed
-
vanitasvitae
But what about ox? :P
-
vanitasvitae
OX:1?
-
pep.
sure
-
vanitasvitae
Alright
-
vanitasvitae
Sounds reasonable
-
lovetox
and yeah except for a gajim plugin there is no support in the wild for OX, so i think OX is easy to update
-
lovetox
ah and your smack impl, but i dont know if you published it
-
nyco
t-1 min
-
nyco
ding
-
Seve
Dong
-
nyco
\o/
-
Guus
hi
-
nyco
where's the gavel?
- Guus eyes ralphm
-
ralphm
Sorry, I was distracted.
- ralphm bangs gavel
- Guus mentions MattJ
-
ralphm
0. Welcome + Agenda
-
ralphm
MattJ has sent regrets.
-
nyco
:)
-
Guus
ah ok
-
Guus
nothing for the agenda for me. I neglected to read up the chat logs for the last three meetings (that I missed)
-
ralphm
For the record, there was no meeting. Instead I discussed infra with MattJ.
-
ralphm
(last week, I mean)
-
ralphm
1. Minute taker
-
Guus
oh, from trello, I'm missing something
-
nyco
I've missed meetings as well, sorry, and did not read minutes
-
Guus
The M-Sec project email. Was that resolved?
-
Guus
I'll do after-the-fact minutes of this meeting
-
Seve
Doesn't look like
-
ralphm
2. Compliance Badges
-
ralphm
Where are we on this?
-
nyco
we should vote
-
nyco
board-only? members?
-
nyco
board-only is fast but non-democratic members is longer, but safer meaning collective intelligence
-
ralphm
I don't think a members vote is needed.
-
Guus
... Did I sent a call for feedback, as I promised on this?
-
Guus
(if so, it didn't get any feedback. If I neglected, shame on me)
-
nyco
it's visual design, the more people the better
-
ralphm
Guus: you did on May 23
-
Guus
I _did_ sent that request, on Thu, 23 May
-
nyco
small subset for qualitative feedback large set for quantitative
-
ralphm
I haven't seen any feedback
-
Guus
we've got no feedback. I'm unsure if asking for a vote would result in any meaningful feedback, tbh.
-
Guus
Design shouldn't be a democratic endeavor, I think.
-
Guus
Ge0rG - did you happen to have more on this?
-
nyco
design process, agree design decision: the masses decide, one way or another (adoption vs rejection)
-
jonas’
I think a poll from the members to get an impression should be done
-
jonas’
if I may humbly say so from the floor
-
jonas’
the members voted for the XMPP logo (IIRC?), and I think that should also happen for the CS badges
-
Guus
not a hill for me to die on.
-
ralphm
I am ok with a poll.
-
ralphm
But I wouldn't make a big deal on this.
-
ralphm
I.e. we could reiterate the request for feedback. If there is no response, again, we can just choose a design as Board.
-
nyco
good
-
Guus
Ge0rG suggested requesting for feedback, rather than 'picking one', to improve the existing designs (as a prelude to choosing one) iirc
-
Guus
but, sure. Who wants to create a poll?
-
ralphm
A good suggestion, but it seems no one so far has cared to provide any.
-
Seve
So do we choose a design already?
-
ralphm
:-) it seems so
-
ralphm
From what I've seen, the proposals in Guus' mail are all work in progress. I have a clear preference for the direction suggested by mray (https://opensourcedesign.net/jobs/jobs/2019-03-19-design-of-badges-for-different-xmpp-compliance-levels)
-
Seve
Me as well
-
Guus
Note that there's a good chance that we've lost his attention span
-
Guus
I have no significant preference.
-
nyco
the two others follow the de facto standard for badges formats
-
Guus
I badly want to avoid us taking the rest of this meeting discussing this though. Can we do this out-of-band?
-
nyco
yep
-
nyco
feedback request followup, then poll
-
ralphm
WFM
-
ralphm
Guus: can you send that reminder?
-
Seve
+1
-
Guus
Can someone else please?
-
nyco
I will
-
ralphm
Thanks
-
nyco
for the poll, which tool?
-
nyco
(fast answer or none, so we go to the next agenda item)
-
ralphm
not sure. maybe memberbot
-
ralphm
3. Fabian Sauter to join SCAM
-
Guus
If google forms can include pictures, that might be handy.
-
ralphm
from an earlier meeting I remember that we'd ask him for his motivation to join, beyond just wanting to
-
ralphm
Seve?
-
Guus
I don't recall this, but it seems sensible. Did we relay that request to him?
-
Seve
I had the task to reach to him
-
ralphm
ralphm: Seve can you ask him to expand on what he wants to do on SCAM? Seve: Yes, I will try to reach to him
-
ralphm
(from 6-6)
-
Seve
I didn't send him an email unfortunately, I will do that right after the meeting, my bad.
-
ralphm
I moved the item to the left
-
ralphm
4. Roadmap page
-
ralphm
Also discussed on the 6-6 meeting
-
ralphm
I'll send an e-mail to ask Council what they'd want to do with this.
-
jonas’
6-6 meeting?
-
Guus
Although I'd be happy for Council's feedback, i feel that this is a Board thingy
-
ralphm
2019-06-06, as a date
-
ralphm
Guus: given that Council is the body regarding our core business, standards development, and the current page lists mostly items concerning those, I think it more than just a Board thingy.
-
Seve
We can decide on XSF topics, but I wonder if we can put ourselves some roadmap for XEPs
-
ralphm
Seve: and that, too
-
Seve
So I guess it depends on what kind of roadmap are we talking about
-
nyco
not a XEP-only roadmap please
-
ralphm
A goal could be, for example, to get more of our specification to move forward in the process, with a focus on certain (groups of) XEPs.
-
ralphm
The original topic is whether we want to link to the Roadmap page, and the question then became two-fold: 1) do we still want a formal roadmap, 2) what should be on it, if so.
-
Guus
The XMPP Council is the technical steering group that approves XMPP Extension Protocols. It can have it's own goals, but the XSF roadmap should, in my opinion, be driven by Board - with backing from the community / membership, of which Council is an important part.
-
Guus
I think we should want one, but I fear we currently lack momentum to follow through on it.
-
Guus
As long as it takes us months to decide on something simple as a badge design, I fear that formalizing a roadmap is a bridge to far.
-
ralphm
The point I tried to make, and I think Seve, too, is that we don't, as an organization, *create* standards. We take proposals from the community, and then foster their standardization, weighing them against other similar proposals, and the existing set of specifications.
-
nyco
1/ yes, absolutely, we want, they want a roadmap, gives a general idea on our direction, no need to be precise though 2/ we should put non-tech-only content, but also maybe community, business, communication, whatever, I d'ont know yet, knowing that tech is our main thing
-
Guus
I'm pressed for time, and this meeting is running over.
-
nyco
me too, sorry
-
ralphm
Ok, Let's pick this one up next week. Please all think about what, if anything, *concretely* could be on here, but I'm with Guus that I'm not optimistic about us getting anywhere with it.
-
nyco
anyway, our currently online roadmap is outdated, I suggest to start from here and revise it
-
Seve
We may want to put it offline in the meantime, while a decision is being made.
-
Guus
we should prevent this turning into the 'setting priorities' thingy from last year.
-
ralphm
5. AOB
-
Guus
Vacation is upon us
-
jonas’
what is a 6-6 meeting?
-
ralphm
jonas’: it is date!
-
ralphm
a date
-
Seve
Haha
-
ralphm
on the calendar
-
jonas’
in the past
-
Guus
do we need to account for absence?
-
ralphm
jonas’: yes, a reference to what was discussed before
-
jonas’
I see
-
jonas’
nevermind me then
-
ralphm
I'm here next week
-
ralphm
But this is AOB
-
jonas’
(I somehow thought it was board+council, but that doesn’t make sense now because we’re just 5 people each)
-
Guus
I ment it as AOB 🙂
-
ralphm
oh, well, generally we just keep the calendar going. If we don't have quorum, no meeting.
-
Guus
ok
-
ralphm
6. Date of Next
-
ralphm
+1W
-
nyco
ok
-
ralphm
7. Close
-
ralphm
Thanks all!
- ralphm bangs gavel
-
nyco
thx all
-
Seve
Thank you guys :)
-
Guus
Thanks
-
moparisthebest
I don't currently run it jonas’ but https://github.com/moparisthebest/xmpp-ircd
-
moparisthebest
it "works", no authentication (like nickserv) is the reason I currently don't run it
-
moparisthebest
but also before I touched it again I'd rewrite in Rust, so, have at it :)
-
oli
moparisthebest: do it (rewrite in Rust) ;)
-
moparisthebest
it's pretty far down on my list, ETA "years to never" :/
-
oli
wait for MIX and ircv3 ;)
-
pep.
And add another few years to the ETA?
-
oli
never + a few years = never
-
pep.
I knew it! (*does the gesture*)
-
moparisthebest
yea so you could say it's got the same ETA as MIX >:)
-
Zash
Any Decade Now™
-
Seve
Guus, thank you for the minutes
-
Guus
Np
-
Zash
Hm, when unblocking a JID per XEP-0191 it says you should send the JID your current presence (assuming they're allowed to see it)
-
Zash
However it doesn't say anything about the previously blocked JIDs presence
-
Zash
Is it implied that you probably wanna re-probe or somesuch?