ralphm, if I am not mistaken, the current rules of rfc7622 disallow unassigned to in resourceparts, domainparts and probably also localparts
flow
i'd say the spec is sound and as sensible as possible, it is the implementations that do not follow the rules and so, once in a while, an invalid jid slips through. That's the main motivation for creating the jid/xmpp strings testframework and the valid/invalid jid corpus
jonas’
flow, except that RFC 7622 does not pin the unicode version
jonas’
so one entity running on Unicode 10 could consider something as legitimate which an entity on Unicode 9 would not
mukt2has left
mukt2has joined
flow
jonas’, right, but as I said earlier, I would consider this to be very rare. But I could be wrong. And I don't think there is a better solution, happy to be proven wrong though
zachhas left
zachhas joined
flow
That is, I think the tradeoff of not pinning the unicode version is justified
flow
At least the troubles we had so far are not caused by not pinning the unicode version, as far as i can tell
adiaholichas joined
Ge0rG
No, but they have the same symptoms
marc_has left
ralphm
Isn't my example a sign of why this is a problem? Emoji are all Symbols (So), I believe, and as such valid in parts of JIDs. Differing Unicode versions have different ideas on newer codepoints, so also on validity of JIDs?
Mikaelahas joined
Ge0rG
If we don't want to break the experience for everybody when somebody employs new unicode, we need to accept unassigned as valid from remote entities
ralphm
The problem with that, though, is unassigneds that become prohibited.
remkohas joined
ralphm
Like U+061C.
ralphm
Since the foremost expert on this is Peter, I suggest someone write an email about this to standards@. He's busy, but it's more likely he can respond there.
Ge0rG
I'm not sure he'll be able to solve that problem either ;)
ralphm
No, but he can at least confirm we have this problem and/or know about strategies.
wurstsalathas joined
adiaholichas left
jonas’
07:07:12 Ge0rG> If we don't want to break the experience for everybody when somebody employs new unicode, we need to accept unassigned as valid from remote entities
jonas’
that’s only a partial solution
jonas’
codepoints may change categories and stuff between unicode versions
jonas’
and an unassigned codepoint in one version may well be a RTL-codepoint in another version
jonas’
so by accepting unassigned input, you may accept something which someone else will consider invalid.
well, since the problem is mostly in resourceparts, localparts and domainparts forbid emojis, we should probably establish a pattern that resourceparts are not user-configurable nor user-visible. Shame on you xep45! I wonder what the state in MIX is
flow
And we should probably add a note to xep45 that the use of certain unicode categories is discouraged
flow
But I don't want to be the person to discourage emojis in muc usernames…
jonas’
flow, passwords and such are also affected.
flow
jonas’, how's that?
Ge0rG
localparts can be Emoji as well.
jonas’
flow, passwords are also passed through stringprep/precis
flow
Ge0rG, localparts are UsernmaeCaseMapped profile of the IdentifierClass, and that class forbids symbols under which emojis fall, no?
flow
Maybe not all emojis, haven't check them all
ralphm
In MIX, nicks are an attribute of a participant, not part of their identity. However, it also says you have to follow https://tools.ietf.org/html/rfc7700
ralphm
Which in turn depends on Precis FreeformClass, and thus has the same issues as resources.
lumihas left
flow
guess users just want emojis in their nickname
marc_has left
marc_has joined
flow
maybe there is a reserved for future emojis unicode range?
jonas’
there’s still the problem that you can’t do proper normalisation if you don’t know the codepoints
flow
well if the reserved range also states the properties of the eventually assigned codepoints?
jonas’
that won’t work
jonas’
then they could just be assigned
zachhas left
zachhas joined
jonas’
stuff like how they combine with fitzpatrick modifiers
flow
No because you don't now yet what they are assigned to
flow
but if this codepoint is assigned to, then it has the following properties
mukt2has left
flow
btw, there is an excellent post about this topic at https://hsivonen.fi/string-length/
Ge0rG
flow: I have a user ♥@ツ.op-co.de
flow
Ge0rG, I am not suprised that you do, if that's the question
ralphm
flow: no, when we think of as emoji is all over the place in several Unicode blocks.
Anyhow, yes the situation is not perfect, and I am happy if we could improve it. I just don't know how, and I can probably live with the status quo
ralphm
I like the one on chess symbols: https://www.unicode.org/charts/PDF/Unicode-12.0/U120-1FA00.pdf
ralphm
Actually https://tools.ietf.org/html/rfc7564#section-12.3 spells out the issue quite clearly:
“Strings that conform to the FreeformClass and many profiles thereof
can include virtually any Unicode character. This makes the
FreeformClass quite expressive, but also problematic from the
perspective of possible user confusion. Protocol designers are
hereby warned that the FreeformClass contains code points they might
not understand, and are encouraged to profile the IdentifierClass
wherever feasible; however, if an application protocol requires more
code points than are allowed by the IdentifierClass, protocol
designers are encouraged to define a profile of the FreeformClass
that restricts the allowable code points as tightly as possible.”
ralphm
(there's a similar remark in the interop section 13.
ralphm
)
jonas’
*sigh*
flow
sad that the emoji which could express my feelings right now is only coming in unicode 13: Smiling Face With Tear
flow
But is the situation really that bad? Implementation could get the latest unicode standard over some sort of data network once in a while. You don't even have to update the involved libraries etc.
XSFhas left
jonas’
flow, is that true?
jonas’
I think that highly depends on the libraries
jonas’
I’m not sure how to update python unicodedata for example without updating python
ralphm
There are libraries that still do just resourceprep instead of Precis, simply because RFC 6122 is directly linked from RFC 6120, even though it is obsoleted by RFC 7622.
ralphm
One example is Twisted, which I am author of.
ajhas joined
ralphm
One could argue that with resourceprep being more restrictive, just having that is at least a bit clearer as an interop goal.
ralphm
To be honest, I don't know what the best course of action is in this regard.
jonas’
stay with unicode 3.2 forever
Ge0rG
ralphm: be liberal in what you accept and strict in what you emit
mukt2has joined
Zash
s/emit/allow users to send/
jonas’
would a MUC service be strict or liberal, regarding nicknames for example? :)
ralphm
Ge0rG: my argument here is that this means that something like U+-061C causes problems.
adiaholichas left
Ge0rG
Zash: yes, I implied that
ralphm
It was unassigned before (so not valid), then assigned (but still invalid).
zachhas left
zachhas joined
ralphm
But 🥓 was unassigned before (so not valid), and now assigned (but valid)
Ge0rG
ralphm: yes, but if the MUC service accepts it, other servers or clients receiving it from the MUC shouldn't freak out
Ge0rG
i.e. a MUC service can strictly police the nickname, but not the resourcepart of the users' real JID.
jonas’
ralphm, it’s not invalid, it’s only invalid if used with LTR characters :)
ralphm
A MUC service is not something magical. It is just another server that connects to other servers over s2s and uses JIDs in addressing of stanzas.
ralphm
jonas’: it is invalid as it is a control character.
Ge0rG
ralphm: a regular server should police the resourcepart of local users, but not of remote users.
ralphm
jonas’: (for FreeformClass)
pdurbinhas left
jonas’
ralphm, ah, fun
remkohas left
remkohas joined
adiaholichas joined
ralphm
Ge0rG: well, that might be sensible approach, indeed. I'm not sure how well that works with mapping on new code points, and what kind of normalization issues arrise from that, but ok.
ralphm
In any case it deserves some wider attention. Maybe even to the XMPPWG mailing list.
Ge0rG
ralphm: framed differently: you shouldn't police any JIDs that you don't have the authority over, except when they are illegal in a breaking way, i.e. contain " or '
ralphm
does that include localpart?
Ge0rG
ralphm: what?
ralphm
Ge0rG: should a server do precis processing on localparts of a remote JID?
ajhas left
ralphm
Ge0rG: also, for resourcepart, should it a) use incoming JIDs as is (no processing), b) allow unassigneds, but still do Precis, c) something else.
Ge0rG
ralphm: I'm not sure yet where the point of no return between a and b is, for either localpart or resourcepart
Ge0rG
If you do a, that probably opens up some very interesting ways to break your clients
jonas’
I think it boils down to: treat JIDs as opaque if you don’t have authority over them
ralphm
Yep, things like IV and Ⅳ.
jonas’
don’t do normalisation on them, or any processing at all, just treat them as opaque sequences of codepoints
ralphm
(I followed by V, vs. ROMAN NUMBER 4)
Ge0rG
ralphm: I don't think _that_ would break things
jonas’
it is the domain authorities responsibility to ensure that stuff is valid and comparable when it is emitted from there
flow
jonas’, I think so. You sure could bulid an python library that does so
ralphm
but you can then have different people with arguably the same nick
Ge0rG
ralphm: this is something the MUC has authority over.
mimi89999has left
Ge0rG
ralphm: if you try to enforce that on your user's server, your user will get kicked
mimi89999has joined
ralphm
Right
flow
> jonas’> ralphm, it’s not invalid, it’s only invalid if used with LTR characters :)
I think it is invalid regardless the context with rfc7622
ralphm
But I definitely don't want to be so lenient for localpart
jonas’
ralphm, why?
Ge0rG
ralphm: just tear down s2s and blacklist the remote server as incompliant.
ralphm
flow: it is invalid in resourceprep because unassigned in 3.2, and invalid in Precis FreeformClass because it is an a prohibited class
Ge0rG
Conveniently, it also prevents you from contacting the server admin
debaclehas joined
ralphm
jonas’: because (bare) JIDs are identity
jonas’
ralphm, from whose perspective are you currently arguing?
ralphm
jonas’: I don't want to accept incoming stanzas that fail precis processing on localpart
jonas’
as a client? as a MUC service? as a server? as anyone?
ralphm
all, I guess
jonas’
I see
flow
> jonas’> don’t do normalisation on them, or any processing at all, just treat them as opaque sequences of codepoints
That would probably open up another box of issues
Nekithas left
Nekithas joined
mukt2has left
mukt2has joined
COM8has joined
adiaholichas left
adiaholichas joined
flow
Since Unicode does us so much good, I'l like to suggest that the XSF adopts a character (for as little as 100$, but maybe we could got for silver) before matrix does it: https://www.unicode.org/consortium/adopted-characters.html
flow: Discourse already has Gold on U+1F4AC, so yeah.
COM8has joined
ralphm
To be honest, funny as it is, I don't think we should spend any money on this.
COM8has left
COM8has joined
COM8has left
COM8has joined
COM8has left
Nameless RTL personhas left
zachhas left
zachhas joined
remkohas left
pep.
What's the conclusion of all this btw?
pep.
(Not the Unicode sponsoring bits)
jonas’
pep., everything is terrible
jonas’
I think the most sensible statement is around 08:38:12 ralphm> In any case it deserves some wider attention. Maybe even to the XMPPWG mailing list.
pep.
Can somebody(tm) put that to the agenda if they think it's appropriate?
andyhas left
pep.
So that we don't get stuck here and realize we still have the same issues in 4 years
andyhas joined
Zash
Gotta have this discussion every 4 years
COM8has joined
COM8has left
COM8has joined
COM8has left
COM8has joined
zachhas left
zachhas joined
COM8has left
flow
hmm, I wonder if there is a backstory behind the pile of poo gold sponsor: https://www.unicode.org/consortium/adopted-characters.html
Guus
I'd like to think that friends of Jason raised the money and did this behind his back.
COM8has joined
COM8has left
COM8has joined
COM8has left
COM8has joined
larmahas left
Ge0rG
Maybe that name is a kind of pseudonym with a secondary meaning?
waqashas left
COM8has left
COM8has joined
COM8has left
marc_has left
Guus
Random quote found through google: "that's a shitty way to spend 5000 USD"
COM8has joined
COM8has left
Ge0rG
I suppose there are enough rich brogrammers in the valley
COM8has joined
debaclehas joined
kokonoehas joined
COM8has left
larmahas joined
remkohas joined
debaclehas left
Douglas Terabytehas left
kokonoehas left
Douglas Terabytehas joined
Nameless RTL personhas joined
kokonoehas joined
pdurbinhas joined
Douglas Terabytehas left
Douglas Terabytehas joined
pdurbinhas left
remkohas left
nycohas joined
andrey.ghas left
sonnyhas left
murabitohas left
murabitohas joined
zachhas left
zachhas joined
andrey.ghas joined
debaclehas joined
marc_has joined
zachhas left
zachhas joined
marc_has left
jcbrandhas joined
stpeterhas joined
peterhas joined
sonnyhas joined
zachhas left
zachhas joined
lumihas joined
mukt2has left
mukt2has joined
Marandahas left
Marandahas joined
zachhas left
zachhas joined
marc_has joined
nycohas left
adiaholichas left
adiaholichas joined
marc_has left
zachhas left
zachhas joined
larmahas left
COM8has joined
COM8has left
COM8has joined
COM8has left
larmahas joined
lskdjfhas joined
kokonoehas left
remkohas joined
COM8has joined
COM8has left
COM8has joined
zachhas left
zachhas joined
COM8has left
adiaholichas left
adiaholichas joined
pdurbinhas joined
LNJhas joined
jabberjockehas left
pdurbinhas left
jabberjockehas joined
zachhas left
zachhas joined
peterhas left
delehas joined
delehas left
jabberjockehas left
delehas joined
delehas left
zachhas left
zachhas joined
stpeterhas left
Danielhas left
Danielhas joined
eevvoorhas joined
Danielhas left
Danielhas joined
Zashhas left
Zashhas joined
stpeterhas joined
COM8has joined
COM8has left
zachhas left
zachhas joined
adiaholichas left
edhelashas left
lumihas left
marc_has joined
edhelashas joined
stpeterhas left
jabberjockehas joined
zachhas left
zachhas joined
ajhas joined
COM8has joined
COM8has left
COM8has joined
COM8has left
COM8has joined
COM8has left
COM8has joined
COM8has left
COM8has joined
zachhas left
zachhas joined
COM8has left
stpeterhas joined
COM8has joined
COM8has left
Zashhas left
Zashhas joined
stpeterhas left
j.rhas left
alameyohas left
alameyohas joined
zachhas left
zachhas joined
stpeterhas joined
peterhas joined
pdurbinhas joined
Chobbeshas joined
adiaholichas joined
balu_der_baerhas joined
zachhas left
zachhas joined
adiaholichas left
adiaholichas joined
ralphm
For those involved in the Unicode discussion: I wrote to the XMPPWG mailinglist: https://mailarchive.ietf.org/arch/msg/xmpp/a-WhzOTyOq168GujQHgzQ1-DURI
pep.
thanks
j.rhas joined
jonas’
<3 thanks
jonas’
where do I subscribe?
ralphm
https://www.ietf.org/mailman/listinfo/xmpp
Zash
thanks ralphm!
ralphm
and beware IETF Note Well https://www.ietf.org/about/note-well/
pep.
"there are implementations and deployments performing the obsoleted stringprep." you mean all (at least public) implementations? :P
Kev
I raised this sooooo long ago (back when we were discussing using precis for JIDs in the first place).
Chobbeshas left
Kev
The opinion then, as I remember it, was mostly to not worry about it and assume it won't cause practical interop problems that people might be talking different versions of unicode.
jonas’
given that we had a fun unicode version interop problem the other day, I think we can safely bury that assumption
Kev
That's ok, I didn't believe it at the time :)
jonas’
good :)
ralphm
:-D
Ge0rG
🤖 will disagree on that
jonas’
that is also PRECISely my problem with it.
jonas’
someone had to say this, and now it’s out of the way, you can all thank me.
jonas’
;)
pdurbinhas left
ralphm
🤦♂️
ralphm
Kev: I guess that was all before we got gazillions of emoji that are valid in resources.
balu_der_baerhas left
balu_der_baerhas joined
rionhas left
Ge0rG
Yeah, somebody hijacked the Unicode consortium to do things actually relevant to the bigger populace
Zash
𒈜
balu_der_baerhas left
COM8has joined
zachhas left
zachhas joined
Wojtekhas joined
Wojtekhas left
balu_der_baerhas joined
COM8has left
mukt2has left
COM8has joined
COM8has left
mukt2has joined
COM8has joined
j.rhas left
COM8has left
COM8has joined
jonas’
where was this repository where Daniel explains how the push service for Conversations works and which data is passed to google exactly?
zachhas left
zachhas joined
jonas’
ah, found it
jonas’
https://github.com/iNPUTmice/p2
lumihas joined
COM8has left
winfriedhas left
winfriedhas joined
j.rhas joined
COM8has joined
COM8has left
COM8has joined
jabberjockehas left
jabberjockehas joined
zachhas left
zachhas joined
mukt2has left
COM8has left
mukt2has joined
jabberjockehas left
mukt2has left
adiaholichas left
zachhas left
zachhas joined
adiaholichas joined
winfriedhas left
winfriedhas joined
mukt2has joined
mukt2has left
winfriedhas left
winfriedhas joined
zachhas left
zachhas joined
mukt2has joined
Steve Killehas left
Steve Killehas joined
pdurbinhas joined
rionhas joined
jabberjockehas joined
adiaholichas left
winfriedhas left
winfriedhas joined
pdurbinhas left
debaclehas left
marc_has left
zachhas left
zachhas joined
mukt2has left
mukt2has joined
Zash
Cool story bro
eevvoorhas left
mukt2has left
alameyohas left
alameyohas joined
winfriedhas left
winfriedhas joined
winfriedhas left
winfriedhas joined
mukt2has joined
alameyohas left
adiaholichas joined
ajhas left
alameyohas joined
zachhas left
zachhas joined
marc_has joined
zachhas left
zachhas joined
alameyohas left
alameyohas joined
waqashas joined
alameyohas left
waqashas left
zachhas left
zachhas joined
waqashas joined
waqashas left
waqashas joined
mr.fisterhas joined
stpeterhas left
peterhas left
stpeterhas joined
peterhas joined
waqashas left
alameyohas joined
zachhas left
zachhas joined
lovetoxhas joined
zachhas left
zachhas joined
pep.
> 𒈜
What was that
Zash
😉
pdurbinhas joined
Guus
Hmm, I'm missing the message to which Zash responded "cool story bro"
so any client that shows it potentially has f'uped carbon parsing?
Zash
Royally
moparisthebest
yep missing from my Conversations though, neat
moparisthebest
I love that mysterious bug finder
winfriedhas left
winfriedhas joined
Daniel
Ge0rG, do you just dump all the xml?
winfriedhas left
winfriedhas joined
Ge0rG
Daniel: that's from poezio debug log file
Ge0rG
Everything old is new again. https://www.cvedetails.com/cve/CVE-2017-5589/
Daniel
sadly i think dino even existed back then
Guus
It's interesting to ponder on how this can be utilized to have covert discussions en plein public
Ge0rG
moparisthebest: Guus: can you open bug reports?
moparisthebest
Daniel, but you said it *didn't* display in your dino? but it did in mine... what version do you have?
winfriedhas left
winfriedhas joined
Zash
Guus, MUC PMs seems simpler
Daniel
HEAD
Daniel
but maybe it wasn’t stored in muc history
Guus
Zash: where's the fun in that though
Daniel
so don’t count on that
moparisthebest
AH that makes more sense
Guus
Ge0rG: wilco
moparisthebest
mine is built from git HEAD too, but trying to figure out exactly when...
winfriedhas left
Ge0rG
Also I need to talk to our content manager because the advisory url is 404
winfriedhas joined
Zash
Mine is whatever Debian package from OBS, and I saw it.
Guus
jcbrand: ^^
Daniel
converse showed it as well?
Ge0rG
Funny how the month changed... https://rt-solutions.de/en/2017/01/cve-2017-5589_xmpp_carbons/
Daniel
sigh
Ge0rG
Converse was affected back then.
stpeterhas left
Ge0rG
balu_der_baer: are you a pentester or is your client broken?
Daniel
that does not look like a broken client
Daniel
(on the sending end)
winfriedhas left
winfriedhas joined
Ge0rG
Daniel: something like delayed delivery gone very much wrong?
Daniel
how? why?
Ge0rG
Next up: unrequested MAM impersonation
moparisthebest
the `i_am_groot` seems like a dead giveaway for deliberate test
moparisthebest
otherwise that'd be an insanely odd client bug
winfriedhas left
winfriedhas joined
Daniel
there is so much long hanging fruit to pick in the xmpp world
Ge0rG
It's good that somebody does the testing. And this place is actually well suited
Zash
So what's next, shall we try the MEGALOL-attack?
Guus
It would have been nice to share findings though.
Guus
I found out by accident.
moparisthebest
isn't that what that was? :D
Daniel
i mean i was wondering why Zash found the p2 story so interesting…
pep.
Daniel, same :D
Ge0rG
Heh.
Nekithas left
Ge0rG
"complain loudly if you can read this"
pep.
haha
moparisthebest
so you can probably impersonate actual people that are in the MUC right?
Ge0rG
moparisthebest: yes
Nekithas joined
Daniel
depending on how fucked it is not just muc
Ge0rG
moparisthebest: most probably you can impersonate anyone, even outside of the MUC
Ge0rG
moparisthebest: read the CVE
moparisthebest
right, sweet
remkohas left
moparisthebest
yea I just meant the XML groot just sent was MUC only, and implied you could impersonate anyone
moparisthebest
I'd seen the old general carbons CVE before though
Ge0rG
It's not really new
zachhas left
zachhas joined
Ge0rG
We should have a test suite for clients.
Daniel
i wouldn’t be shocked if dino was vulnerable to CVE-2015-8688
Douglas Terabytehas left
Ge0rG
https://wiki.xmpp.org/web/Client_Test_Cases
Douglas Terabytehas joined
lovetox
so is this covered by this line in the XEP
Daniel
someone should try; probably...
lovetox
Any forwarded copies received by a Carbons-enabled client MUST be from that user's bare JID
lovetox
?
Daniel
lovetox, yes
lovetox
someone cant fake a message from a bare muc jid
Guus
Uff, this was hard on mobile. https://github.com/conversejs/converse.js/issues/1704
Guus
Please augment if needed
Daniel
lovetox, it not bare jid. just the users bare jid is allowed
Daniel
there shouldn’t be carbons in mucs
lovetox
yeah but the server is responsible that there are none
lovetox
at least that says the xep
Daniel
huh?
Daniel
your carbons parsing code needs to be wrapped in a if from == null || from == my_account_jid
lovetox
ah i get it
lovetox
yes must be from my account bare jid
lovetox
not a "user"
Daniel
which excludes the shit balu send
lovetox
yes
adiaholichas left
adiaholichas joined
lovetox
# Carbon must be from our bare jid
if not stanza.getFrom() == own_jid.getBare():
raise InvalidFrom('Invalid from: %s' % stanza.getAttr('from'))
lovetox
was scared i fucked up :) but seems i did this right
pep.
That's not a new bug, gajim would have probably been tested at that time :)
Ge0rG
I've added a section to the test cases
pep.
thanks
Ge0rG
Still looking for somebody who can implement them
Ge0rG
Would probably have to be a component for the MUC parts
Ge0rG
OTOH, a bot could fake being a MUC, right?
lovetox
yes pep. but as of course i think i can do everything better i reimplement much code, also carbon parsing
Zash
This carbons thing could be done by a bot
pep.
hehe
pep.
lovetox, tests!
Ge0rG
It was a huge strain to my eyes, my fingers and my patience to add those three lines to the wiki from my android phone.
lovetox
though its much harder wth MAM
lovetox
i only accept mam messages with query-id s that im actually waiting for
Daniel
well you do…
Daniel
and yes can confirm that dino is vuln to https://gultsch.de/gajim_roster_push_and_message_interception.html
Daniel
why does this shit keep happening
Daniel
#BSG
Zash
BSG!
pep.
BSG?
Daniel
so question is do i fix it now?
Nekithas left
Ge0rG
Daniel: can you do a roster push through a MUC?
zachhas left
zachhas joined
Daniel
Ge0rG: looking at the code I'm relatively certain you could
Ge0rG
Yay.
pep.
let's try?
Daniel
Haven't tested that one tho
Daniel
You have to get lucky to get your iq routed I guess. Lol
adiaholichas left
adiaholichas joined
Ge0rG
Daniel: only with MSN
moparisthebest
is there a generic bot/component someplace that can just try all of these things against a JID
pep.
Which is probably the default in this MUC
pep.
So not a correct target
moparisthebest
so it can be used across projects
Ge0rG
moparisthebest: write one please! https://wiki.xmpp.org/web/Client_Test_Cases#Staying_inside
moparisthebest
it would probably be hard to write it with most existing libraries, they tend to try to insist on you sending proper things
Daniel
Glad the Spammer haven't found out how to but themselves right into your roster
Daniel
The cool thing about that CVE is due to roster version it also won't go away
moparisthebest
I'd gladly accept spam from such a smart spammer though
Daniel
So my Dino will be stuck with that test jid I injected
moparisthebest
might even buy what he's selling
Yagizahas left
Ge0rG
moparisthebest: it would get propagated into the spam sending tools and used by dozens spammers within some weeks
Daniel
So who is going to collect the CVE for mam injection in multiple clients?
adiaholichas left
lumihas left
Ge0rG
Daniel: let's wait half a year until there is a significant deployed base
Daniel
🔥
Douglas Terabytehas left
Douglas Terabytehas joined
Ge0rG
Other than that, I'll gladly volunteer. I need some more CVEs on my CV
jcbrandhas left
Zash
CVEs go on your CV?
Ge0rG
Zash: yes
lovetox
thats why they start with CV..
Zash
:D
Ge0rG
Curriculum Vitae Extension.
Ge0rG
Do we have an up to date entity caps database?
lumihas joined
lovetoxhas left
balu_der_baer
Can you see me?
pep.
Only the hash? Or all features? If it's just hashes, movim probably has a few up to some point in the past(?) https://nl.movim.eu/?about#caps_widget_tab, otherwise I'm sure you can gather some by running code on prosody
pep.
balu_der_baer, yes
zachhas left
zachhas joined
Zash
A wild haxxor appears
Ge0rG
balu_der_baer: no
Ge0rG
pep.: all the features. Looking for clients with MAM