Interesting issue, regarding matching phone numbers in Telegram: https://www.forbes.com/sites/zakdoffman/2019/08/25/chinese-agencies-crack-telegram-a-timely-warning-for-end-to-end-encryption/
larmahas left
larmahas joined
zachhas left
zachhas joined
jabberjockehas joined
alameyohas left
alameyohas joined
Marandahas left
Mikaelahas joined
mimi89999has left
jabberjockehas left
alameyohas left
zachhas left
alameyohas joined
Marandahas joined
sezuanhas joined
moparisthebesthas left
moparisthebesthas joined
zachhas joined
mimi89999has joined
adityaborikarhas left
igoosehas joined
alameyohas left
alameyohas joined
alameyohas left
vanitasvitaehas left
alameyohas joined
archas left
archas joined
zachhas left
zachhas joined
adityaborikarhas joined
afrogeekhas left
alameyohas left
alameyohas joined
alameyohas left
archas left
archas joined
archas left
archas joined
jabberjockehas joined
Mikaelahas left
afrogeekhas joined
APachhas left
Mikaelahas joined
zachhas left
zachhas joined
APachhas joined
jubalhhas joined
alameyohas joined
LNJhas joined
rionhas left
mimi89999has left
mimi89999has joined
LNJhas left
rionhas joined
adityaborikarhas left
adityaborikarhas joined
COM8has joined
ralphmhas left
COM8has left
ralphmhas joined
lskdjfhas joined
archas left
archas joined
zachhas left
zachhas joined
ralphm
Just debugged an interesting issue with MAM messages being filtered out for MUCs, with prosody and mod_block_strangers.
ralphm
https://issues.prosody.im/1410
ralphm
I think that MIX would handle that better, but it is a good use case to keep in mind.
ralphm
(also, thanks Zash)
Zash
np
Zash
Why would MIX handle it better?
jonas’
"use case"
ralphm
because you send presence to the channel JID
ralphm
Zash: so archived messages come in from the same JID, and wouldn't be a 'stranger'
ralphm
Zash: oh, and a channel is also a contact if you consider roster integration
ralphm
jonas’: hmm? This is not a valid use case?
jonas’
I’m not sure if I’d call it a use case :)
jonas’
but that may be just my english
ralphm
I meant the use case of wanting to block messages from strangers, and not getting any MUC archives (at all).
Zash
Not blocking full JID messages might help
ralphm
Just because MUC is weird in that you send presence to room@server/nick, and get archived messages from room@server, and the filter cannot easily know the former.
ralphm
Zash: it wouldn't help not getting spam, though.
Zash
You could keep track of outgoing stanzas of other types, eg the iq stanza
Zash
If full jids weren't static... sure
ralphm
Zash: because a server will happily send messages directed to a full JID to whichever other resource.
ralphm
the resource being dynamic wouldn't help
jonas’
IM-NG would help with that.
alameyohas left
alameyohas joined
ralphm
well, MIX would also help, but for now we have neither
Zash
Not blocking like mod_block_strangers does would help too
Andrew Nenakhovhas joined
Zash
ralphm: I think the full JID "redirect" works by treating the message as a bare jid, and then mod_block_strangers would block it
Zash
So then if resources were session identifiers instead of long-term easily guessable device identifiers then it would be hard for spammers
ralphm
right
ralphm
And indeed, maybe mod_block_strangers isn't the best approach. I can imagine various cases where you'd receive a message stanzas from a non-contact that you didn't direct presence to (bare or full).
ralphm
And didn't want it blocked.
Zash
There are better approaches now, ask Ge0rG
alameyohas left
alameyohas joined
Ge0rG
mod_firewall works with heuristics.
Ge0rG
Also blocking messages from strangers, server-wide, is a very bad idea.
Ge0rG
There is a prosody module to keep track of MUCs, so mod_block_strangers could at least plug into that for whitelisting purposes
ralphm
Ge0rG: so far mod_block_strangers worked pretty well for me, and the module you refer to is mentioned in the ticket linked above :-D
ralphm
I'll check out mod_firewall
vanitasvitaehas joined
Nekithas left
Nekithas joined
larmahas left
larmahas joined
madhur.garghas left
Andrew Nenakhovhas left
madhur.garghas joined
ralphm
Ge0rG: also, I think that if you define rules for mod_firewall, you have to take this issue into account, as I don't think it is covered by the example in the documentation:
```# Rule to bounce messages from senders not in the roster who haven't been sent directed presence
NOT IN ROSTER?
NOT SENT DIRECTED PRESENCE TO SENDER?
BOUNCE=service-unavailable```
Ge0rG
ralphm: my rules depend on the user not being in the roster, but there are some other elements involved.
ralphm
So do you think MAM archives for MUC work properly with mod_firewall?
Ge0rG
ralphm: there is a disapproved SPAM WG for that, in which you can become a member after signing an NDA with the blood of your first-born.
ralphm
That's a good filter
Ge0rG
ralphm: I haven't tested it
Ge0rG
ralphm: I assume so, because my heuristics strongly depend on the message body, and MAM fetches don't have a body
ralphm
ah
ralphm
I suppose mod_block_strangers could consider that, too
COM8has joined
zachhas left
zachhas joined
adityaborikarhas left
Ge0rG
I'm anticipating the MAM version of https://rt-solutions.de/de/2017/01/cve-2017-5589_xmpp_carbons/
ralphm
Well, sure, if a client isn't checking that it actually requested MAM and is waiting for <fin/>, and/or doesn't check the origin, this is going to suck.
Ge0rG
ralphm: you know how client developers work? It works? ship ip!
alameyohas left
ralphm
All devs, really.
Ge0rG
Right.
alameyohas joined
LNJhas joined
Ge0rG
So all I need to do is:
1) wait for wide-scale MAM deployment
2) request an appropriate number of CVE IDs
ralphm
I have no idea how well MAM is deployed.
Ge0rG
There is a bunch of clients.
Ge0rG
yaxim soon to be among them
Ge0rG
// TODO: check origin
ralphm
I have used gajim and conversations for a long time, I must be spoiled
ralphm
Curious if Daniel knows of-hand if Conversations is checking the origin.
Daniel
not reading the entire backlog? but checking the from of MAM messages? yes i do
Daniel
also the query id
ralphm
Nice
ajhas left
Daniel
so even if one check fails; you'd have to guess a random query id
ralphm
So if it doesn't match it just ignores it (for the purposes of being interpreted as a MAM message).
Daniel
yes
ralphm
yay
Ge0rG
I had to work around the regular message parser parsing MAM messages, because it's running in a separate thread pool and I couldn't control when it ends. Luckily, this also fixed the issue.
COM8has left
jabberjockehas left
COM8has joined
adityaborikarhas joined
typikolhas joined
adityaborikarhas left
typikolhas left
zachhas left
zachhas joined
j.rhas left
j.rhas joined
pdurbinhas left
adityaborikarhas joined
COM8has left
COM8has joined
jabberjockehas joined
COM8has left
COM8has joined
COM8has left
zachhas left
zachhas joined
lumihas joined
adityaborikarhas left
adityaborikarhas joined
adityaborikarhas left
ajhas joined
adityaborikarhas joined
adityaborikarhas left
madhur.garghas left
madhur.garghas joined
Nekithas left
zachhas left
zachhas joined
Nekithas joined
Chobbeshas joined
zachhas left
zachhas joined
debaclehas joined
adityaborikarhas joined
adityaborikarhas left
LNJhas left
zachhas left
zachhas joined
madhur.garghas left
madhur.garghas joined
Chobbeshas left
Chobbeshas joined
pdurbinhas joined
sonnyhas joined
LNJhas joined
pdurbinhas left
zachhas left
zachhas joined
debaclehas left
igoosehas left
zachhas left
zachhas joined
matlaghas left
matlaghas joined
Chobbeshas left
adityaborikarhas joined
zachhas left
zachhas joined
Allohas left
zachhas left
zachhas joined
sonnyhas left
zachhas left
zachhas joined
igoosehas joined
sonnyhas joined
sonnyhas left
sonnyhas joined
madhur.garghas left
madhur.garghas joined
Chobbeshas joined
zachhas left
zachhas joined
pdurbinhas joined
jjrhhas joined
jjrhhas left
jjrhhas joined
kokonoehas left
kokonoehas joined
madhur.garghas left
madhur.garghas joined
Nekithas left
jubalhhas left
COM8has joined
COM8has left
COM8has joined
pdurbinhas left
Nekithas joined
COM8has left
jubalhhas joined
COM8has joined
jubalhhas left
COM8has left
COM8has joined
COM8has left
j.rhas left
zachhas left
zachhas joined
lovetoxhas joined
mathieui
Hi, someone just asked me about https://xmpp.org/extensions/inbox/message-retraction.html and I could not find any strong rejections of this, so maybe it could go forward? Half of the usage can be substituted by message corrections (removing messages you sent accidentally), the other half (moderating messages of other people in public channels) can be really needed
mathieui
(e.g. you have a public channel and would like to be able to remove dick picks from the history after banning the one who sent it)
zachhas left
zachhas joined
mathieui
(especially if people are using a client which, for user-friendliness reasons, displays pictures by default)
linkmauvehas joined
LNJhas left
pep.
MR 20190626T13:10:14Z 000 <dwd> So it looks, to me, that message-deletion was almost accepted, but had its name changed as a result of council feedback - but I can't see it actually getting rejected.
MR 20190626T13:10:47Z 000 <pep.> Somebody not following up?
MR 20190626T13:10:59Z 000 <dwd> It was four years ago, though. But I think the general feel back then was that as long as we called it "retraction" and not "deletion", it'd be OK.
MR 20190626T13:11:19Z 000 <dwd> pep., Very hard to tell. I suspect it fell through the inter-council gap.
mathieui
oh I missed that because I only grepped retraction
pep.
So yeah I guess somebody could repropose it
Dele (Mobile)has joined
igoosehas left
zachhas left
zachhas joined
sonnyhas left
sonnyhas joined
Nekithas left
Nekithas joined
sezuanhas left
ralphm
FWIW, retraction is much better than deletion indeed, as the latter can not actually be guaranteed.
Marandahas left
Marandahas joined
Nekithas left
Nekithas joined
LNJhas joined
Lancehas joined
zachhas left
zachhas joined
COM8has joined
sonnyhas left
COM8has left
COM8has joined
COM8has left
adityaborikarhas left
COM8has joined
COM8has left
COM8has joined
COM8has left
mimi89999has left
mimi89999has joined
Ge0rG
I'm sure nobody from council will try to block this until reference attachments are sorted out
zachhas left
LNJhas left
zachhas joined
jonas’
I sense sarcasm
Alexhas left
adityaborikarhas joined
Ge0rG
There is also an impending inter council gap.
ralphm
I don't see an issue accepting it as a XEP.
ralphm
Of course there are comments on it. One obvious one: what kind of id to pass.
Ge0rG
ralphm: maybe you didn't keep up with the submission of Reactions, then.
ralphm
The example shows the stanza id, but it is not explicit.
ralphm
Ge0rG: you missed all the messages I sent last week?
Ge0rG
ralphm: messages to standards@? Maybe I've just skimmed them and forgot immediately, because there was nothing I disagreed with?
Ge0rG
I'd have to check my mailbox.
zachhas left
zachhas joined
ralphm
But yes, I do wonder what happened with "ah, yes, we should indeed have a XEP covering this use case. Accepted. Now, let's write the long email on things that could be better in this proposal."
ralphm
Ge0rG: no, in here
Ge0rG
ralphm: can I repeat my excuse? It was a very long and very hot day, and my train is late.
Ge0rG
When the train eventually arrives, I'll try to find a seat where I can use my laptop to read up on things.
ralphm
Sure, it's been 32 °C here
COM8has joined
COM8has left
Lance
I'm author on that proto xep, but very little memory about it now. I burned out on a lot of stuff around that time, so probably lost in a todo pile.
ralphm
Lance: but back in the game now?
Lance
Enough to say send it back to Council for a vote and feedback.
ralphm
🤣
Ge0rG
🙈🙉🙊
Lance
My (extremely vague) recollection is that the part that I actually wanted was MUC moderation controls, and there were some questions if doing moderation via messages was appropriate vs having iq methods on a room.
ralphm
Do you mean beyond people retracting their own messages?
zachhas left
zachhas joined
Lance
Yeah. Admin/moderator cleanup cases
ralphm
I'd expect those to be operations on the channel, indeed with iqs, with notifications coming from the room.
lskdjfhas left
lskdjfhas joined
Lance
Right. I think _that_ is what waylaid the proposal from moving forward, and would still need to be solved.
ralphm
Well, I don't think it should hold up the spec from being accepted.