neshtaxmppmy friend server has serious access from 127.0.0.1, brute force from sshd here is log: https://bgzashtita.es/tefter/raw/VbNthqzNKV can someone help.
wurstsalathas left
neshtaxmppmy friend don't connect from 127.0.0.1, something illegaly connect from 127.0.0.1 and brute force my friend server for my friend password. maybe it is from sslh. can you comment how to compile latest sslh and show when ip is connecting in apache2 to show real ip and stop 127.0.0.1 from internet try connect my friend server.
dwdhas left
dwdhas joined
dwdhas left
lnjhas joined
eevvoorhas left
dwdhas joined
lumihas joined
marc_has left
mr.fisterhas left
moparisthebestneshtaxmpp, lol 127.0.0.1 is localhost, ie your friends own computer
moparisthebestbut also every ssh on the internet that accepts password auth is bruteforced 100% of the time, fact of life
moparisthebestneshtaxmpp, set up this https://linode.com/docs/security/authentication/use-public-key-authentication-with-ssh/
mr.fisterhas joined
dwdhas left
dwdhas joined
lumihas left
dwdhas left
dwdhas joined
lnjhas left
pdurbinhas joined
neshtaxmppmoparisthebest: my friend server dont connect to him from 127.0.0.1. something from my friend server is using sshd to someone connecr from 127.0.0.1 do you know how to investigate what make 127.0.0.1: here is log: https://bgzashtita.es/tefter/VbNthqzNKV
neshtaxmpphere is other logs: https://bgzashtita.es/tefter/
moparisthebestneshtaxmpp: and did you follow the link
moparisthebestIP doesn't matter ignore it
neshtaxmppmy friend dont want use with certificate. my friend want to use with password. he is ok if they try with they real ip. but he is not ok " he dont like " 127.0.0.1 to be used from sshd. moparisthebest you comment " 127.0.0.1 is his own server " so this is serious issue. do you know how can help my friend investigate and block 127.0.0.1 becouse you confirm 127.0.0.1 is his server. thanks
moparisthebestWell then your friend is an idiot
moparisthebestHope he has a good password set up
moparisthebestRead sslh docs if you want transparent forwarding with real IP
pdurbinhas left
neshtaxmppmoparisthebest: do you have manuals that can work for debian... like compilong, what is necessary, what permission after compile, what directory, what plugins and etc. so it after make install work. ivan dont speak english so i translate him.
moparisthebestNope just sslh docs
neshtaxmppmoparisthebest: some comands to investigate why and how 127.0.0.1 is connecting, when this 127.0.0.1 is for home access. official nobody outside my friend server can't connect from 127.0.0.1, then how is that possible.
moparisthebestHow many ways can I repeat myself
moparisthebestSslh docs
moparisthebestTransparent forwarding
moparisthebestRead docs from sslh
moparisthebestSslh documentation, have a look
neshtaxmppmoparisthebest: How many ways can I repeat myself
I dont understand them so i cant explain to him..
moparisthebestThen I guess you are shit outta luck my friend
lskdjfhas left
Yagizahas joined
mimi89999has left
dwdhas left
dwdhas joined
dwdhas left
Yagizahas left
mimi89999has joined
pdurbinhas joined
pdurbinhas left
lumihas joined
lumihas left
dwdhas joined
Nekithas joined
dwdhas left
dwdhas joined
dwdhas left
Douglas Terabytehas left
Douglas Terabytehas joined
dwdhas joined
jonas’moparisthebest, don’t you have an IRC->XMPP gateway running?
kokonoehas left
kokonoehas joined
Douglas Terabytehas left
pdurbinhas joined
Kacperhas joined
rionhas left
rionhas joined
rionhas left
rionhas joined
goffihas joined
valohas left
pdurbinhas left
marc_has joined
COM8has joined
COM8has left
valohas joined
Tobiashas left
Tobiashas joined
dwdhas left
dwdhas joined
sezuanhas joined
dwdhas left
valohas left
valohas joined
wurstsalathas joined
sezuanhas left
sezuanhas joined
intosihas left
intosihas joined
intosihas left
intosihas joined
karoshihas joined
dwdhas joined
edhelaswhat are the requirements to be part of the organization on Github ? https://github.com/orgs/xsf/people
jonas’edhelas, asking nicely, probably
alameyohas left
alameyohas joined
edhelaswould it be possible to be added to be member of the XSF organisation on Github :3 ?
COM8has joined
COM8has left
pdurbinhas joined
COM8has joined
Kacperhas left
Kacperhas joined
valohas left
valohas joined
COM8has left
Ge0rGedhelas: it would probably help to commit to some task, so that nobody gets an impression that you are doing it for the sake of having an organization badge on your profile.
Ge0rGI'm sure the Editor team always needs a helping hand
debaclehas joined
lnjhas joined
Tobiashas left
Tobiashas joined
pdurbinhas left
Steve Killehas left
Kevhas left
Steve Killehas joined
Steve Killehas left
Steve Killehas joined
Kevhas joined
Steve Killehas left
Steve Killehas joined
Kevhas left
Kevhas joined
edhelasI could have a look at the tasks yeah :)
valohas left
valohas joined
Danielhas left
Danielhas joined
Tobiashas left
Tobiashas joined
dwdhas left
dwdhas joined
eevvoorhas joined
rtq3has joined
dwdhas left
goffihas left
goffihas joined
Danielhas left
Danielhas joined
dwdhas joined
karoshihas left
karoshihas joined
sezuanhas left
Kacperhas left
dwdhas left
dwdhas joined
Kacperhas joined
Syndacehas left
dwdhas left
Syndacehas joined
sezuanhas joined
dwdhas joined
rtq3has left
Kacperhas left
rtq3has joined
Danielhas left
Danielhas joined
dwdhas left
dwdhas joined
pdurbinhas joined
dwdhas left
Kacperhas joined
Syndacehas left
wurstsalathas left
Syndacehas joined
dwdhas joined
dwdhas left
dwdhas joined
wurstsalathas joined
dwdhas left
Syndacehas left
dwdhas joined
Syndacehas joined
andyhas joined
Syndacehas left
Syndacehas joined
Tobiashas left
Tobiashas joined
dwdhas left
dwdhas joined
lskdjfhas joined
dwdhas left
DebXWoodyhas left
DebXWoodyhas joined
dwdhas joined
winfriedhas left
winfriedhas joined
dwdhas left
dwdhas joined
kokonoehas left
kokonoehas joined
pep.vanitasvitae, I'm not sure I understand the discussion with disco for SCE?
pep.Why would you need that. You'll have <eme/> with a namespace, and that namespace will tell you what encryption mechanism, and the encryption mechanism will be a profile of SCE, no?
dwdhas left
lskdjfhas left
pep.let's try to formulate that in the email
lskdjfhas joined
jonas’yes, the editor team could use helping hands
lovetoxpep., its not about detection if you receive a message
lovetoxits about sending a message
lovetoxyou cant know if the recipient supports full stanza encryption or not
pep.I think that's not the right question
dwdhas joined
pep.You can know if somebody supports $encryptionMechanism, because they will be a dicovery mechanism for it most likely, just as OX and OMEMO have their key published
lovetoxthere is none
lovetoxthats what the discussion is about
pep.And all you care about is if somebody supports $encryptionMechanism, that will use SCE. You don't need to know about SCE itself
pep.lovetox, well there is none because nobody is using SCE atm
lovetoxyeah and the email is about how one can discover if a client can use SCE or OMEMO V2 or whatever
pep.I wouldn't use SCE itself
pep.what for?
pep.You only need to know if somebody supports OMEMO2, that uses SCE
lovetoxbecause you cant decrypt my message if you dont support sce
pep.But that's an implementation detail knowing about SCE
pep.If you support OMEMO2 you will support SCE
lovetoxand how do i know if someone supports omemo2?
pep.Because they publish their keys?
lovetoxso you saying putting the info into pubsub for every device
pep.urn:xmpp:omemo:0
Tobiashas left
lovetoxthats what the discussion is about
Tobiashas joined
lovetoxand its not as bad as in disco info, but still bad
pep.Skimming through the thread though I really feel like it's not focusing on the right questions
pep.how is that bad?
pep."Hey you want to talk to me, you know where to check for my keys. If there's nothing there, maybe I don't do $encryptionMechanism then"
lovetoxbecause there are multiple devices
zachhas left
pep.sure, well that's already an issue with any e2ee thing
lovetoxyou need to determine a overall state, from all devices, implement logic according to it
pep.Or any feature at all
lovetoxand then you have to think about X cases
lovetoxwhat if one device only supports X
pep.You don't want to do that because as mentioned, carbons etc.
lovetoxand the other only >
lovetoxY
pep.And then MAM..
lovetoxyes so its useless that there is one device publishing that it is omemo2 capable
pep.You don't care if only one device supports it because there's no way of knowing
lovetoxyou just said we CAN know with pubsub
pep.Do you need to know though?
lovetoxso what is it now
lovetoxomg
lovetoxpep. this discussion makes me a bit tired :D
pep.hmm?
pep.I'm sorry it's the first time I go through this myself, I have seen it before though
lovetoxyeah i noticed :) just think about it from the point of a developer wants his users to have a flawless conversion to a new standard
lovetoxin this case there is no easy way
lovetoxeither you make a hard cut someday
lovetoxor you implement lots of hacky logic that depends on multiple things, and will fail from time to time
pep.I think if you want "perfect" you need to control the whole ecosystem
pep.It's just not possible here
lovetoxyeah i would propose all clients impl read support for omemo with sce
lovetoxand in a year we switch to send support
pep.I'm sorry I'll repeat but "omemo with sce" doesn't mean anything
pep.sce is but an implemntation detail
pep."omemo:0" that will be, I guess :)
lovetoxor that :)
dwdhas left
dwdhas joined
pep.(to clarify a bit, "384 with sce" doesn't mean anything*, is what I wanted to say)
dwdhas left
dwdhas joined
COM8has joined
COM8has left
lumihas joined
vanitasvitaepep.: the main point is, that xmpp has a lot of features. A client implementing sce would need to be able to properly handle all the features it supports additionally in an encrypted context.
pep.What I'm saying is, a client won't implement sce by itself
vanitasvitaeTherefore it may be desirable to negotiate features like "i understand sce, but only for body, chat state and feature xyz"
pep.hmm?
pep.oh, wow
pep.I wasn't even thinking about that, but now I'm confused
vanitasvitaeIf you receive a message with a chat state notification, you want to know if it was contained inside a sce element or not.
vanitasvitae(If it was encrypted or not)
pep."you want to know"?
pep.You will know, by decrypting it, right?
vanitasvitaeYes
vanitasvitaeYeah but all your listeners need to be modified to differentiate between a protected message correction and a plain one.
vanitasvitaeAs you probably want to communicate that to the user somehow
vanitasvitaeLike "watch out, this message correction was not encrypted"
pep.Yeah no that was the part I didn't really understand, and even now that I have this missing piece of info, I still find this overkill
pep.Sure you can do that already without discovering anything
pep.There's no need for protocol support here
pep.A client parsing a e2ee payload using sce will know what is and what isn't in the container
pep.*an
vanitasvitaeThat was my initial impression as well, but some people suggest it may be more complicated
vanitasvitaeTake smack for example. Literally all listeners in smack need to be rewritten to carry some sort of security information that tell the user how the triggering element was encrypted.
pep.that's.. weird
pep.Maybe the API is just not what it should be
vanitasvitaeFor that reason it may be good to gradually start an implementation with just a subset of the features.
vanitasvitaeThe thing is, that an sce message can contain encrypted and unencrypted elements at the same time
pep.With slix I don't need all that
vanitasvitaeHow does slix do listening for elements?
pep.I mean I don't have an implementation of a container, but I see more or less how I could do it
pep."listening for elements"?
vanitasvitaeHehe
pep.You don't, you have a Message object and you lookup what you want to
vanitasvitaeAh so slix works rather different to smack
vanitasvitaein smack the user registers listeners for certain events and gets notified when a stanza for that event is received
pep.There are also signals sent if your message contains X or Y, but most likely in a client you'll want to ignore these, and only use the helpers from the library
vanitasvitaelike for example if a chat state arrived, that will cause a listener to be fired
vanitasvitaeah okay
pep.Yeah you could also do that in slix, but I don't like it
pep.Because then if I fire an event for "message" and an event for "eme" with the same message, now I have to have more global state in my app to know these are the same messages
lumihas left
vanitasvitaeI see
vanitasvitaeSo you suggest that SCE should be coupled to a new OMEMO namespace which then infers that the client knows how to handle any element inside the SCE content?
Nekithas left
pep.Maybe I'm missing some part of the picture, but I think SCE should be used by itself. It should be like 373/374, be used as profiles
vanitasvitaeI'll have to think about that 😀
pep.For the encryption mechanism. What tag then goes inside is up to the sending client I guess?
vanitasvitaewhat tag do you mean?
Nekithas joined
pep.payload, body, replace, etc. etc.
vanitasvitaeah
lumihas joined
vanitasvitaeideally the sending client would put all elements inside the content, that do not concern the server.
pep.sure
pdurbinhas left
pep.The receiving client will know what's inside the encrypted payload, and can accordingly display a warning or not.
vanitasvitaehm i think i like the idea of profiles.
pep.There's a bit of handwaving here I agree
vanitasvitaeHow would you signal what profiles a client supports?
vanitasvitaeI think the best way is to couple that information with the published keys somehow.
lovetoxvanitasvitae, there should only one single profile for omemp
bitumanihas joined
lovetoxreally we should not get into the situation that one resource supports X and another Y
pep.yeah, it'll be urn:xmpp:omemo:0, that is a profile of SCE
vanitasvitaeAggreed
vanitasvitaeBut what about ox? :P
vanitasvitaeOX:1?
pep.sure
vanitasvitaeAlright
vanitasvitaeSounds reasonable
lovetoxand yeah except for a gajim plugin there is no support in the wild for OX, so i think OX is easy to update
lovetoxah and your smack impl, but i dont know if you published it
rionhas left
bitumanihas left
bitumanihas joined
bitumanihas left
rionhas joined
dwdhas left
dwdhas joined
dwdhas left
Kacperhas left
Kacperhas joined
Yagizahas joined
nycot-1 min
nycoding
SeveDong
nyco\o/
Guushi
nycowhere's the gavel?
Guuseyes ralphm
ralphmSorry, I was distracted.
ralphmbangs gavel
Guusmentions MattJ
ralphm0. Welcome + Agenda
ralphmMattJ has sent regrets.
nyco:)
Guusah ok
Guusnothing for the agenda for me. I neglected to read up the chat logs for the last three meetings (that I missed)
ralphmFor the record, there was no meeting. Instead I discussed infra with MattJ.
ralphm(last week, I mean)
lumihas left
ralphm1. Minute taker
Guusoh, from trello, I'm missing something
nycoI've missed meetings as well, sorry, and did not read minutes
GuusThe M-Sec project email. Was that resolved?
GuusI'll do after-the-fact minutes of this meeting
SeveDoesn't look like
kokonoehas left
doshas left
kokonoehas joined
ralphm2. Compliance Badges
ralphmWhere are we on this?
nycowe should vote
nycoboard-only? members?
nycoboard-only is fast but non-democratic
members is longer, but safer meaning collective intelligence
ralphmI don't think a members vote is needed.
Guus... Did I sent a call for feedback, as I promised on this?
Guus(if so, it didn't get any feedback. If I neglected, shame on me)
nycoit's visual design, the more people the better
ralphmGuus: you did on May 23
GuusI _did_ sent that request, on Thu, 23 May
nycosmall subset for qualitative feedback
large set for quantitative
ralphmI haven't seen any feedback
Guuswe've got no feedback. I'm unsure if asking for a vote would result in any meaningful feedback, tbh.
COM8has joined
alameyohas left
GuusDesign shouldn't be a democratic endeavor, I think.
GuusGe0rG - did you happen to have more on this?
dwdhas joined
nycodesign process, agree
design decision: the masses decide, one way or another (adoption vs rejection)
jonas’I think a poll from the members to get an impression should be done
jonas’if I may humbly say so from the floor
jonas’the members voted for the XMPP logo (IIRC?), and I think that should also happen for the CS badges
Guusnot a hill for me to die on.
COM8has left
ralphmI am ok with a poll.
ralphmBut I wouldn't make a big deal on this.
ralphmI.e. we could reiterate the request for feedback. If there is no response, again, we can just choose a design as Board.
nycogood
GuusGe0rG suggested requesting for feedback, rather than 'picking one', to improve the existing designs (as a prelude to choosing one) iirc
neshtaxmpphas left
Guusbut, sure. Who wants to create a poll?
ralphmA good suggestion, but it seems no one so far has cared to provide any.
SeveSo do we choose a design already?
ralphm:-) it seems so
Danielhas left
ralphmFrom what I've seen, the proposals in Guus' mail are all work in progress. I have a clear preference for the direction suggested by mray (https://opensourcedesign.net/jobs/jobs/2019-03-19-design-of-badges-for-different-xmpp-compliance-levels)
SeveMe as well
GuusNote that there's a good chance that we've lost his attention span
GuusI have no significant preference.
nycothe two others follow the de facto standard for badges formats
GuusI badly want to avoid us taking the rest of this meeting discussing this though. Can we do this out-of-band?
nycoyep
nycofeedback request followup, then poll
ralphmWFM
ralphmGuus: can you send that reminder?
Seve+1
GuusCan someone else please?
nycoI will
ralphmThanks
nycofor the poll, which tool?
nyco(fast answer or none, so we go to the next agenda item)
ralphmnot sure. maybe memberbot
ralphm3. Fabian Sauter to join SCAM
GuusIf google forms can include pictures, that might be handy.
ralphmfrom an earlier meeting I remember that we'd ask him for his motivation to join, beyond just wanting to
ralphmSeve?
GuusI don't recall this, but it seems sensible. Did we relay that request to him?
Danielhas joined
SeveI had the task to reach to him
ralphmralphm: Seve can you ask him to expand on what he wants to do on SCAM?
Seve: Yes, I will try to reach to him
ralphm(from 6-6)
rionhas left
rionhas joined
SeveI didn't send him an email unfortunately, I will do that right after the meeting, my bad.
ralphmI moved the item to the left
ralphm4. Roadmap page
ralphmAlso discussed on the 6-6 meeting
Nekithas left
Nekithas joined
ralphmI'll send an e-mail to ask Council what they'd want to do with this.
jonas’6-6 meeting?
GuusAlthough I'd be happy for Council's feedback, i feel that this is a Board thingy
ralphm2019-06-06, as a date
ralphmGuus: given that Council is the body regarding our core business, standards development, and the current page lists mostly items concerning those, I think it more than just a Board thingy.
SeveWe can decide on XSF topics, but I wonder if we can put ourselves some roadmap for XEPs
ralphmSeve: and that, too
SeveSo I guess it depends on what kind of roadmap are we talking about
nyconot a XEP-only roadmap please
ralphmA goal could be, for example, to get more of our specification to move forward in the process, with a focus on certain (groups of) XEPs.
ralphmThe original topic is whether we want to link to the Roadmap page, and the question then became two-fold: 1) do we still want a formal roadmap, 2) what should be on it, if so.
GuusThe XMPP Council is the technical steering group that approves XMPP Extension Protocols. It can have it's own goals, but the XSF roadmap should, in my opinion, be driven by Board - with backing from the community / membership, of which Council is an important part.
GuusI think we should want one, but I fear we currently lack momentum to follow through on it.
GuusAs long as it takes us months to decide on something simple as a badge design, I fear that formalizing a roadmap is a bridge to far.
ralphmThe point I tried to make, and I think Seve, too, is that we don't, as an organization, *create* standards. We take proposals from the community, and then foster their standardization, weighing them against other similar proposals, and the existing set of specifications.
nyco1/ yes, absolutely, we want, they want a roadmap, gives a general idea on our direction, no need to be precise though
2/ we should put non-tech-only content, but also maybe community, business, communication, whatever, I d'ont know yet, knowing that tech is our main thing
GuusI'm pressed for time, and this meeting is running over.
nycome too, sorry
ralphmOk, Let's pick this one up next week. Please all think about what, if anything, *concretely* could be on here, but I'm with Guus that I'm not optimistic about us getting anywhere with it.
nycoanyway, our currently online roadmap is outdated, I suggest to start from here and revise it
SeveWe may want to put it offline in the meantime, while a decision is being made.
Guuswe should prevent this turning into the 'setting priorities' thingy from last year.
ralphm5. AOB
GuusVacation is upon us
jonas’what is a 6-6 meeting?
ralphmjonas’: it is date!
ralphma date
SeveHaha
ralphmon the calendar
jonas’in the past
Guusdo we need to account for absence?
ralphmjonas’: yes, a reference to what was discussed before
jonas’I see
jonas’nevermind me then
ralphmI'm here next week
ralphmBut this is AOB
jonas’(I somehow thought it was board+council, but that doesn’t make sense now because we’re just 5 people each)
GuusI ment it as AOB 🙂
ralphmoh, well, generally we just keep the calendar going. If we don't have quorum, no meeting.
Guusok
ralphm6. Date of Next
ralphm+1W
nycook
ralphm7. Close
ralphmThanks all!
ralphmbangs gavel
nycothx all
SeveThank you guys :)
GuusThanks
Nekithas left
Nekithas joined
moparisthebestI don't currently run it jonas’ but https://github.com/moparisthebest/xmpp-ircd
moparisthebestit "works", no authentication (like nickserv) is the reason I currently don't run it
moparisthebestbut also before I touched it again I'd rewrite in Rust, so, have at it :)
Andrew Nenakhovhas left
Andrew Nenakhovhas joined
Danielhas left
pdurbinhas joined
Danielhas joined
pdurbinhas left
lnjhas left
lnjhas joined
Danielhas left
j.rhas joined
COM8has joined
j.rhas left
Danielhas joined
COM8has left
COM8has joined
COM8has left
COM8has joined
COM8has left
COM8has joined
COM8has left
j.rhas joined
COM8has joined
COM8has left
COM8has joined
COM8has left
COM8has joined
COM8has left
COM8has joined
COM8has left
COM8has joined
COM8has left
olimoparisthebest: do it (rewrite in Rust) ;)
moparisthebestit's pretty far down on my list, ETA "years to never" :/
j.rhas left
j.rhas joined
oliwait for MIX and ircv3 ;)
pep.And add another few years to the ETA?
rtq3has left
olinever + a few years = never
pep.I knew it! (*does the gesture*)
j.rhas left
j.rhas joined
moparisthebestyea so you could say it's got the same ETA as MIX >:)
ZashAny Decade Now™
COM8has joined
waqashas joined
COM8has left
kokonoehas left
kokonoehas joined
dwdhas left
dwdhas joined
dwdhas left
waqashas left
alameyohas joined
Wojtekhas joined
dwdhas joined
Wojtekhas left
rtq3has joined
Lancehas joined
igoosehas left
igoosehas joined
goffihas left
pdurbinhas joined
Syndacehas left
igoosehas left
igoosehas joined
dwdhas left
dwdhas joined
pdurbinhas left
dwdhas left
Douglas Terabytehas joined
dwdhas joined
Nekithas left
Nekithas joined
Douglas Terabytehas left
COM8has joined
COM8has left
COM8has joined
Kacperhas left
dwdhas left
dwdhas joined
Kacperhas joined
Douglas Terabytehas joined
Kacperhas left
dwdhas left
COM8has left
COM8has joined
COM8has left
Kacperhas joined
COM8has joined
COM8has left
dwdhas joined
andyhas left
COM8has joined
murabitohas left
murabitohas joined
Kacperhas left
Douglas Terabytehas left
COM8has left
COM8has joined
COM8has left
dwdhas left
dwdhas joined
Kacperhas joined
alameyohas left
alameyohas joined
Tobiashas left
dwdhas left
Lancehas left
Tobiashas joined
Lancehas joined
dwdhas joined
COM8has joined
COM8has left
olihas left
andyhas joined
olihas joined
sezuanhas left
goffihas joined
Damienhas joined
sezuanhas joined
Damienhas left
sezuanhas left
Tobiashas left
Tobiashas joined
sezuanhas joined
sezuanhas left
sezuanhas joined
sezuanhas left
sezuanhas joined
murabitohas left
murabitohas joined
lumihas joined
sezuanhas left
Nekithas left
SeveGuus, thank you for the minutes
Wojtekhas joined
Wojtekhas left
Damienhas joined
Syndacehas joined
GuusNp
ZashHm, when unblocking a JID per XEP-0191 it says you should send the JID your current presence (assuming they're allowed to see it)
ZashHowever it doesn't say anything about the previously blocked JIDs presence
ZashIs it implied that you probably wanna re-probe or somesuch?