ralphmInteresting issue, regarding matching phone numbers in Telegram: https://www.forbes.com/sites/zakdoffman/2019/08/25/chinese-agencies-crack-telegram-a-timely-warning-for-end-to-end-encryption/
larmahas left
larmahas joined
zachhas left
zachhas joined
jabberjockehas joined
alameyohas left
alameyohas joined
Marandahas left
Mikaelahas joined
mimi89999has left
jabberjockehas left
alameyohas left
zachhas left
alameyohas joined
Marandahas joined
sezuanhas joined
moparisthebesthas left
moparisthebesthas joined
zachhas joined
mimi89999has joined
adityaborikarhas left
igoosehas joined
alameyohas left
alameyohas joined
alameyohas left
vanitasvitaehas left
alameyohas joined
archas left
archas joined
zachhas left
zachhas joined
adityaborikarhas joined
afrogeekhas left
alameyohas left
alameyohas joined
alameyohas left
archas left
archas joined
archas left
archas joined
jabberjockehas joined
Mikaelahas left
afrogeekhas joined
APachhas left
Mikaelahas joined
zachhas left
zachhas joined
APachhas joined
jubalhhas joined
alameyohas joined
LNJhas joined
rionhas left
mimi89999has left
mimi89999has joined
LNJhas left
rionhas joined
adityaborikarhas left
adityaborikarhas joined
COM8has joined
ralphmhas left
COM8has left
ralphmhas joined
lskdjfhas joined
archas left
archas joined
zachhas left
zachhas joined
ralphmJust debugged an interesting issue with MAM messages being filtered out for MUCs, with prosody and mod_block_strangers.
ralphmhttps://issues.prosody.im/1410
ralphmI think that MIX would handle that better, but it is a good use case to keep in mind.
ralphm(also, thanks Zash)
Zashnp
ZashWhy would MIX handle it better?
jonas’"use case"
ralphmbecause you send presence to the channel JID
ralphmZash: so archived messages come in from the same JID, and wouldn't be a 'stranger'
ralphmZash: oh, and a channel is also a contact if you consider roster integration
ralphmjonas’: hmm? This is not a valid use case?
jonas’I’m not sure if I’d call it a use case :)
jonas’but that may be just my english
ralphmI meant the use case of wanting to block messages from strangers, and not getting any MUC archives (at all).
ZashNot blocking full JID messages might help
ralphmJust because MUC is weird in that you send presence to room@server/nick, and get archived messages from room@server, and the filter cannot easily know the former.
ralphmZash: it wouldn't help not getting spam, though.
ZashYou could keep track of outgoing stanzas of other types, eg the iq stanza
ZashIf full jids weren't static... sure
ralphmZash: because a server will happily send messages directed to a full JID to whichever other resource.
ralphmthe resource being dynamic wouldn't help
jonas’IM-NG would help with that.
alameyohas left
alameyohas joined
ralphmwell, MIX would also help, but for now we have neither
ZashNot blocking like mod_block_strangers does would help too
Andrew Nenakhovhas joined
Zashralphm: I think the full JID "redirect" works by treating the message as a bare jid, and then mod_block_strangers would block it
ZashSo then if resources were session identifiers instead of long-term easily guessable device identifiers then it would be hard for spammers
ralphmright
ralphmAnd indeed, maybe mod_block_strangers isn't the best approach. I can imagine various cases where you'd receive a message stanzas from a non-contact that you didn't direct presence to (bare or full).
ralphmAnd didn't want it blocked.
ZashThere are better approaches now, ask Ge0rG
alameyohas left
alameyohas joined
Ge0rGmod_firewall works with heuristics.
Ge0rGAlso blocking messages from strangers, server-wide, is a very bad idea.
Ge0rGThere is a prosody module to keep track of MUCs, so mod_block_strangers could at least plug into that for whitelisting purposes
ralphmGe0rG: so far mod_block_strangers worked pretty well for me, and the module you refer to is mentioned in the ticket linked above :-D
ralphmI'll check out mod_firewall
vanitasvitaehas joined
Nekithas left
Nekithas joined
larmahas left
larmahas joined
madhur.garghas left
Andrew Nenakhovhas left
madhur.garghas joined
ralphmGe0rG: also, I think that if you define rules for mod_firewall, you have to take this issue into account, as I don't think it is covered by the example in the documentation:
```# Rule to bounce messages from senders not in the roster who haven't been sent directed presence
NOT IN ROSTER?
NOT SENT DIRECTED PRESENCE TO SENDER?
BOUNCE=service-unavailable```
Ge0rGralphm: my rules depend on the user not being in the roster, but there are some other elements involved.
ralphmSo do you think MAM archives for MUC work properly with mod_firewall?
Ge0rGralphm: there is a disapproved SPAM WG for that, in which you can become a member after signing an NDA with the blood of your first-born.
ralphmThat's a good filter
Ge0rGralphm: I haven't tested it
Ge0rGralphm: I assume so, because my heuristics strongly depend on the message body, and MAM fetches don't have a body
ralphmah
ralphmI suppose mod_block_strangers could consider that, too
COM8has joined
zachhas left
zachhas joined
adityaborikarhas left
Ge0rGI'm anticipating the MAM version of https://rt-solutions.de/de/2017/01/cve-2017-5589_xmpp_carbons/
ralphmWell, sure, if a client isn't checking that it actually requested MAM and is waiting for <fin/>, and/or doesn't check the origin, this is going to suck.
Ge0rGralphm: you know how client developers work? It works? ship ip!
alameyohas left
ralphmAll devs, really.
Ge0rGRight.
alameyohas joined
LNJhas joined
Ge0rGSo all I need to do is:
1) wait for wide-scale MAM deployment
2) request an appropriate number of CVE IDs
ralphmI have no idea how well MAM is deployed.
Ge0rGThere is a bunch of clients.
Ge0rGyaxim soon to be among them
Ge0rG// TODO: check origin
ralphmI have used gajim and conversations for a long time, I must be spoiled
ralphmCurious if Daniel knows of-hand if Conversations is checking the origin.
Danielnot reading the entire backlog? but checking the from of MAM messages? yes i do
Danielalso the query id
ralphmNice
ajhas left
Danielso even if one check fails; you'd have to guess a random query id
ralphmSo if it doesn't match it just ignores it (for the purposes of being interpreted as a MAM message).
Danielyes
ralphmyay
Ge0rGI had to work around the regular message parser parsing MAM messages, because it's running in a separate thread pool and I couldn't control when it ends. Luckily, this also fixed the issue.
COM8has left
jabberjockehas left
COM8has joined
adityaborikarhas joined
typikolhas joined
adityaborikarhas left
typikolhas left
zachhas left
zachhas joined
j.rhas left
j.rhas joined
pdurbinhas left
adityaborikarhas joined
COM8has left
COM8has joined
jabberjockehas joined
COM8has left
COM8has joined
COM8has left
zachhas left
zachhas joined
lumihas joined
adityaborikarhas left
adityaborikarhas joined
adityaborikarhas left
ajhas joined
adityaborikarhas joined
adityaborikarhas left
madhur.garghas left
madhur.garghas joined
Nekithas left
zachhas left
zachhas joined
Nekithas joined
Chobbeshas joined
zachhas left
zachhas joined
debaclehas joined
adityaborikarhas joined
adityaborikarhas left
LNJhas left
zachhas left
zachhas joined
madhur.garghas left
madhur.garghas joined
Chobbeshas left
Chobbeshas joined
pdurbinhas joined
sonnyhas joined
LNJhas joined
pdurbinhas left
zachhas left
zachhas joined
debaclehas left
igoosehas left
zachhas left
zachhas joined
matlaghas left
matlaghas joined
Chobbeshas left
adityaborikarhas joined
zachhas left
zachhas joined
Allohas left
zachhas left
zachhas joined
sonnyhas left
zachhas left
zachhas joined
igoosehas joined
sonnyhas joined
sonnyhas left
sonnyhas joined
madhur.garghas left
madhur.garghas joined
Chobbeshas joined
zachhas left
zachhas joined
pdurbinhas joined
jjrhhas joined
jjrhhas left
jjrhhas joined
kokonoehas left
kokonoehas joined
madhur.garghas left
madhur.garghas joined
Nekithas left
jubalhhas left
COM8has joined
COM8has left
COM8has joined
pdurbinhas left
Nekithas joined
COM8has left
jubalhhas joined
COM8has joined
jubalhhas left
COM8has left
COM8has joined
COM8has left
j.rhas left
zachhas left
zachhas joined
lovetoxhas joined
mathieuiHi, someone just asked me about https://xmpp.org/extensions/inbox/message-retraction.html and I could not find any strong rejections of this, so maybe it could go forward? Half of the usage can be substituted by message corrections (removing messages you sent accidentally), the other half (moderating messages of other people in public channels) can be really needed
mathieui(e.g. you have a public channel and would like to be able to remove dick picks from the history after banning the one who sent it)
zachhas left
zachhas joined
mathieui(especially if people are using a client which, for user-friendliness reasons, displays pictures by default)
linkmauvehas joined
LNJhas left
pep.MR 20190626T13:10:14Z 000 <dwd> So it looks, to me, that message-deletion was almost accepted, but had its name changed as a result of council feedback - but I can't see it actually getting rejected.
MR 20190626T13:10:47Z 000 <pep.> Somebody not following up?
MR 20190626T13:10:59Z 000 <dwd> It was four years ago, though. But I think the general feel back then was that as long as we called it "retraction" and not "deletion", it'd be OK.
MR 20190626T13:11:19Z 000 <dwd> pep., Very hard to tell. I suspect it fell through the inter-council gap.
mathieuioh I missed that because I only grepped retraction
pep.So yeah I guess somebody could repropose it
Dele (Mobile)has joined
igoosehas left
zachhas left
zachhas joined
sonnyhas left
sonnyhas joined
Nekithas left
Nekithas joined
sezuanhas left
ralphmFWIW, retraction is much better than deletion indeed, as the latter can not actually be guaranteed.
Marandahas left
Marandahas joined
Nekithas left
Nekithas joined
LNJhas joined
Lancehas joined
zachhas left
zachhas joined
COM8has joined
sonnyhas left
COM8has left
COM8has joined
COM8has left
adityaborikarhas left
COM8has joined
COM8has left
COM8has joined
COM8has left
mimi89999has left
mimi89999has joined
Ge0rGI'm sure nobody from council will try to block this until reference attachments are sorted out
zachhas left
LNJhas left
zachhas joined
jonas’I sense sarcasm
Alexhas left
adityaborikarhas joined
Ge0rGThere is also an impending inter council gap.
ralphmI don't see an issue accepting it as a XEP.
ralphmOf course there are comments on it. One obvious one: what kind of id to pass.
Ge0rGralphm: maybe you didn't keep up with the submission of Reactions, then.
ralphmThe example shows the stanza id, but it is not explicit.
ralphmGe0rG: you missed all the messages I sent last week?
Ge0rGralphm: messages to standards@? Maybe I've just skimmed them and forgot immediately, because there was nothing I disagreed with?
Ge0rGI'd have to check my mailbox.
zachhas left
zachhas joined
ralphmBut yes, I do wonder what happened with "ah, yes, we should indeed have a XEP covering this use case. Accepted. Now, let's write the long email on things that could be better in this proposal."
ralphmGe0rG: no, in here
Ge0rGralphm: can I repeat my excuse? It was a very long and very hot day, and my train is late.
Ge0rGWhen the train eventually arrives, I'll try to find a seat where I can use my laptop to read up on things.
ralphmSure, it's been 32 °C here
COM8has joined
COM8has left
LanceI'm author on that proto xep, but very little memory about it now. I burned out on a lot of stuff around that time, so probably lost in a todo pile.
ralphmLance: but back in the game now?
LanceEnough to say send it back to Council for a vote and feedback.
ralphm🤣
Ge0rG🙈🙉🙊
LanceMy (extremely vague) recollection is that the part that I actually wanted was MUC moderation controls, and there were some questions if doing moderation via messages was appropriate vs having iq methods on a room.
ralphmDo you mean beyond people retracting their own messages?
zachhas left
zachhas joined
LanceYeah. Admin/moderator cleanup cases
ralphmI'd expect those to be operations on the channel, indeed with iqs, with notifications coming from the room.
lskdjfhas left
lskdjfhas joined
LanceRight. I think _that_ is what waylaid the proposal from moving forward, and would still need to be solved.
ralphmWell, I don't think it should hold up the spec from being accepted.
lskdjfhas left
linkmauvehas left
lskdjfhas joined
jubalhhas joined
jjrhhas left
jjrhhas joined
jjrhhas left
jjrhhas joined
j.rhas joined
sonnyhas joined
sonnyhas left
sonnyhas joined
jjrhhas left
sonnyhas left
jjrhhas joined
Ge0rGEverything should be IQs, especially messages.