jonas’could be nice for a SFW-preview of NSFW-pictures though
zachhas left
zachhas joined
pdurbinhas left
Nekithas left
Nekithas joined
lorddavidiiihas left
lorddavidiiihas joined
Ge0rGAgain, how's that actually better than a low res jpeg?
zachhas left
zachhas joined
j.rhas left
jabberjockehas left
DanielGe0rG: just from doing some experiments jpegs thumbnails look much bigger
Ge0rGDaniel: you mean the number of bytes?
DanielYes file size
Ge0rGIs that really significant, provided that we have XEP-0231 already in place?
waqashas left
chronosx88has joined
jonas’given the JPEG thing, one could use the same data of JPEG to render a blurhash
mimi89999has left
mukt2has left
mimi89999has joined
DanielI'm not able to generate jpeg images smaller than 3K
zachhas left
zachhas joined
DanielOK 2.8k if I don't store exif data
mathijshas left
mathijshas joined
chronosx88has left
Ge0rGwhat's the "size" of a TLS handshake to HEAD an image URL?
jonas’Ge0rG had 667 bytes the other day
chronosx88has joined
Dele (Mobile)has joined
lorddavidiiihas left
Ge0rGNormally, I'm all in for squeezing the most out of the bytes, and I love all the "42 bytes ELF file" style blog posts, but the question that we need to answer here is: are 2KB spared per image share worth adding a dependency on some third-party's personal pet project that doesn't even have a specification?
jonas’Ge0rG, something about HSLuv?
jonas’Ge0rG, BlurHash has the Algorithm.md which enables easy re-implementation.
jonas’(for certain definitions of easy)
jonas’(you need to know how to apply a DCT)
lorddavidiiihas joined
DanielThe question is if the build in upscaler and compression methods in Android (for example) are good enough to provide similar output
jonas’no.
DanielOr if I'm ending up including an external jpeg encoder then
jonas’even that won’t help
jonas’you’ll need a custom decoder to render it as nicely as blurhash
jonas’you’ll have to decode the 8x8 block yourself and render it onto a larger canvas yourself, by evaluating the cosine functions
jonas’that’s very different from taking the rendered 8x8 block and upscaling it with whatever filter
Danielwell using convert --thumbnail 8 and then using the gimp upscaller produces images that look nice
Ge0rGLet's bundle both of ImageMagick and GIMP!
Danielwith a small enough file size. but then i need an upscaler that is as good as what ever gimp does; and an encoder that can strip all the crap such as imagemagick
Dele (Mobile)has left
Ge0rGDoes the blurhash include the actual image resolution?
Dele (Mobile)has joined
Danielthat's by the way also a good question; because we need at least the aspect ratio
Ge0rGDaniel: I wouldn't settle with just that, you also often need to know whether to down or up scale.
Ge0rGAlso rounding errors between the ratio and the final resolution
mathijshas left
mathijshas joined
Ge0rGI think that SIMS is much more needed than blurhash, and that we could add blurhash as an optional field into SIMS
Steve Killehas left
DanielI wish we had Sims without the references
zachhas left
zachhas joined
mathijshas left
mathijshas joined
rionimplemented it with references and it works quite well
rionreplacing the referenced text with media content
Ge0rGyeah, the references part is a bit of overkill
Steve Killehas joined
goffihas joined
derdanielhas left
intosihas joined
Zashhas left
Zashhas joined
mukt2has joined
Dele (Mobile)has left
j.rhas joined
mukt2has left
ajhas left
zachhas left
zachhas joined
jubalhhas joined
adiaholichas left
adiaholichas joined
Dele (Mobile)has joined
winfriedhas left
winfriedhas joined
winfriedhas left
winfriedhas joined
Dele (Mobile)has left
Dele (Mobile)has joined
j.rhas left
zachhas left
zachhas joined
mukt2has joined
debaclehas joined
zachhas left
zachhas joined
jabberjockehas joined
MattJI created https://modules.prosody.im/mod_muc_media_metadata.html
MattJand someone (jonas’ I think?) suggested it should use SIMS, so I'll probably make that switch
adiaholichas left
MattJEssentially the MUC server does a HEAD on the URL, and embeds the data into the stanza
ZashDoes it make sense to reuse https://xmpp.org/extensions/xep-0131.html ?
ajhas joined
larmahas left
MattJ> The Store header enables a sender to specify whether the stanza may be stored or archived by the recipient. The allowable values for this header are "true" and "false".
MattJWe have such a treasure trove
jonas’*twitch*
Ge0rGSomebody needs to start axing duplicate functionality, except that it's never a perfect overlap, but always different subsets. This is Venn Diagram Hell
zachhas left
zachhas joined
larmahas joined
mukt2has left
MattJZash, it may be sensible - we can include etag for example
MattJI should have used that from the start
Dele (Mobile)has left
Dele (Mobile)has joined
Dele (Mobile)has left
Dele (Mobile)has joined
Dele (Mobile)has left
Dele (Mobile)has joined
eevvoorhas joined
eevvoorhas left
j.rhas joined
zachhas left
zachhas joined
jmpmanhas joined
eevvoorhas joined
debaclehas left
jabberjockehas left
mukt2has joined
zachhas left
zachhas joined
eevvoorhas left
mukt2has left
neshtaxmpphas left
j.rhas left
Steve Killehas left
pdurbinhas joined
Steve Killehas joined
Dele (Mobile)has left
Dele (Mobile)has joined
zachhas left
lskdjfhas joined
zachhas joined
pdurbinhas left
jabberjockehas joined
mukt2has joined
debaclehas joined
Syndacehas left
Syndacehas joined
eevvoorhas joined
mukt2has left
adiaholichas joined
debaclehas left
adiaholichas left
eevvoorhas left
adiaholichas joined
emushas joined
mukt2has joined
zachhas left
zachhas joined
eevvoorhas joined
jubalhhas left
Mikaelahas left
jubalhhas joined
Mikaelahas joined
eevvoorhas left
eevvoorhas joined
jubalhhas left
zachhas left
zachhas joined
j.rhas joined
matlaghas left
matlaghas joined
krauqhas left
krauqhas joined
mukt2has left
zachhas left
zachhas joined
neshtaxmpphas joined
mukt2has joined
zachhas left
zachhas joined
jabberjockehas left
jmpmanhas left
Chobbeshas joined
jabberjockehas joined
adiaholichas left
jabberjockehas left
jabberjockehas joined
adiaholichas joined
Shellhas joined
zachhas left
zachhas joined
davidhas joined
pdurbinhas joined
mukt2has left
mukt2has joined
Steve Killehas left
zachhas left
pdurbinhas left
zachhas joined
Steve Killehas joined
archas left
archas joined
Syndacehas left
Mikaelahas left
Mikaelahas joined
jubalhhas joined
zachhas left
zachhas joined
jubalhhas left
jubalhhas joined
jubalhhas left
jubalhhas joined
jubalhhas left
jubalhhas joined
mukt2has left
chronosx88has left
jubalhhas left
Syndacehas joined
chronosx88has joined
patrickhas joined
zachhas left
zachhas joined
mukt2has joined
ajhas left
Chobbeshas left
zachhas left
zachhas joined
Syndacehas left
mukt2has left
zachhas left
zachhas joined
mukt2has joined
debaclehas joined
Syndacehas joined
Chobbeshas joined
Chobbeshas left
davidhas left
davidhas joined
eevvoorhas left
mukt2has left
Nekithas left
zachhas left
zachhas joined
pdurbinhas joined
mukt2has joined
neshtaxmpphas left
neshtaxmpphas joined
emushas left
Chobbeshas joined
zachhas left
zachhas joined
waqashas joined
pdurbinhas left
mukt2has left
Chobbeshas left
zachhas left
zachhas joined
mukt2has joined
davidhas left
davidhas joined
j.rhas left
jubalhhas joined
j.rhas joined
zachhas left
zachhas joined
emushas joined
mukt2has left
zachhas left
zachhas joined
winfriedhas left
winfriedhas joined
jubalhhas left
jabberjockehas left
mathijshas left
mathijshas joined
mukt2has joined
jonas’>
Mastodon - The Mastodon decentralised social media network uses BlurHashes both as loading placeholders, as well as for hiding media marked as sensitive.
matlaghas left
zachhas left
zachhas joined
matlaghas joined
mukt2has left
winfriedhas left
winfriedhas joined
lovetoxhas joined
!XSF_Martinhas left
!XSF_Martinhas joined
adiaholichas left
adiaholichas joined
zachhas left
zachhas joined
mukt2has joined
pdurbinhas joined
davidhas left
Steve Killehas left
pdurbinhas left
davidhas joined
Steve Killehas joined
zachhas left
zachhas joined
adiaholichas left
adiaholichas joined
lorddavidiiihas left
lorddavidiiihas joined
mathijshas left
mathijshas joined
!XSF_Martinhas left
neshtaxmpphas left
zachhas left
zachhas joined
jubalhhas joined
jubalhhas left
jubalhhas joined
jubalhhas left
jubalhhas joined
mukt2has left
mukt2has joined
jubalhhas left
jubalhhas joined
zachhas left
zachhas joined
jubalhhas left
Dele (Mobile)has left
zachhas left
zachhas joined
Shellhas left
Shellhas joined
Yagizahas left
jubalhhas joined
jubalhhas left
winfriedhas left
winfriedhas joined
winfriedhas left
winfriedhas joined
!XSF_Martinhas joined
winfriedhas left
winfriedhas joined
zachhas left
zachhas joined
mathijshas left
mathijshas joined
winfriedhas left
winfriedhas joined
mathijshas left
mathijshas joined
xalekhas joined
matlaghas left
matlaghas joined
Nekithas joined
zachhas left
zachhas joined
Dele (Mobile)has joined
pdurbinhas joined
jubalhhas joined
pdurbinhas left
andrey.ghas left
Wojtekhas joined
zachhas left
zachhas joined
rionMattJ: SIMS would ber perfect for the mod imho.
rionand with xep-0131 I think it's not that clear how to handle multiple media links in one message
lorddavidiiihas left
jubalhhas left
lorddavidiiihas joined
larmarion, does any client support oob-based http file transfer with multiple links in one message? I don't think it makes a lot of sense to send multiple files in one message
ZashNo sending foto albums?
andrey.ghas joined
larmaZash, your photo album should be a pubsub node or something so that you can add further images to it
moparisthebestwhat clients support *that* ?
Link MauveSalut à Toi should.
rionlarma: my client can send multiple SIMSs in one message regardless http or not.
larmabut multiple SIMS is not the same as multiple oob file transfers
larmaI don't think you can translate between the two server-side
ZashOOB can be mapped to SIMS
larmayes, but not the other way round
ZashSIMS -> OOB would be lossy, yes
LNJhas left
larmaand rion was bringing up multiple links in one message which I think is not supported by oob file transfer (but isn't properly written down anywhere)
patrickhas left
moparisthebestI have ran across use cases for multiple images attached to some text, which as you said no clients really support, say a "refer to the differences in these 2 screenshots" message
larmaIf we don't move to SIMS for file transfer soonish, we should probably write down the oob file transfer "standard"?
larma"standard" = what most current clients do for sending a file that was uploaded with http file upload
mukt2has left
pep.Standard !== what is specified? :p
ZashServerside OOB to SIMS translation would not be difficult. Ie mapping the URL into SIMS (and maybe description, if anyone ever uses that)
lovetoxwhat for?
lovetoxwhy another server translation xep
lorddavidiiihas left
lovetoxSIMS is not implemented because it is unfinished
lovetoxi saw countless emails to standards with discussions
lovetoxno update to the xep whatsoever
lorddavidiiihas joined
larmapep., AFAIK there is no real specification for that. We have oob but nobody understands it as "display this file inline" or "display the link at all". We have http upload to upload files. And now apparently what is done is to put the URL of http uploaded file in both body and oob to indicate "display file inline or as file transfer".
balu_der_baerhas joined
pep.larma, I agree nothing about body==oob url is standardized :)
zachhas left
zachhas joined
larmaSo we should make a short informational XEP out of that?
pep.That'd be a first step
Link MauveShould at least be a historical XEP.
balu_der_baerhas left
lovetoxwhat purpose does this serv
lovetoxdocumenting things for the sake of documenting or what?
larmaWell apparently there are things not clear about it
moparisthebestsome this get documented for the sake of documenting then the XEP gets rejected https://xmpp.org/extensions/inbox/omemo-media-sharing.html
pep.lovetox, sure documenting.
moparisthebest(even though basically all the clients implement it anyway?)
pep.What about new clients appearing, how do they even know
Link Mauvelovetox, when you write a new client, currently you have to read other clients to understand you have to do that for images to appear.
chronosx88has left
ZashDocumenting and discussing how to do things is our purpose here.
Link Mauvemoparisthebest, it should probably get resubmitted as historical.
moparisthebestbut it's not historical, all the clients do this
Link MauveIt still didn’t get through any standardisation process, and is a historical artifact.
lovetoxthis all is nonesense for me sorry
Zashmoparisthebest: lots of clients do lots of "historical" things still
Link MauveThat’s enough for it to be historical.
lovetoxyou cannot dictate what to display inline in other clients
Link MauveSee OTR, see vCard-temp.
larma> An Historical XEP documents a protocol that was developed before the XSF's standards process was instituted
lovetoxthere can never be a standard that forces me as a client to display something inline
lovetoxi see no purpose for this at all
moparisthebestall clients do this and there isn't even a proposed replacement yet? still historical?
Zashlarma: Maybe we should s/before/outside/ then?
chronosx88has joined
lovetoxyou send me a SIMS message, guess what if i feel like it having a option to not display it inline, then thats it
larma> An Informational XEP typically defines best practices for implementation or deployment of an existing protocol
moparisthebestah ok I guess maybe it fits that larma
lovetoxeven if the XEP is called Inline media
lovetoxits the responsibility of the client to decide what to display inline and what not
pep.larma, not that body==oob url is "best practices"
pep.it's just what's out there :)
chronosx88has left
lovetoxi even display images inline that you send without oob, just paste a url into the chat, what now, are we going to document that also?
larmayeah but it says "typically defines best practices" so "bad practices" are also fine 😉
chronosx88has joined
larmaAlso XEP-0201 😉
lovetoxalso body==url, never meant "display this inline"
lovetoxit meant, this is a filetransfer of a file uploaded with http upload
lovetoxknowing that a client can act on it
larmalovetox, agree
lovetoxbut nobody ever said, you have to display this now inline
larmabut again, this is not written down anywhere
lovetoxwhy invest the time into changing old XEPs, if we could work on finishing SIMS and migrate
pep.lovetox, if you can do that, great
pep.Please change all clients :)
larmaI don't think there is consensus on what the correct SIMS is.
lovetoxno the author should react to the countless standard mails
lovetoxyeah then discuss whats correct
lovetoxno future client should be forced to implement oob
larmalovetox, "no future client should be forced to implement oob" unrealistic, also it is just about to be part of the CS2020
lovetoxok if i hear compliance suite im out :D
eevvoorhas joined
j.rhas left
j.rhas joined
lovetoxno sorry go on, im grumpy had a long day, document away :)
lovetoxbut please stay away from dictating UI behavior on the receiving side
Nekithas left
jabberjockehas joined
larmaI would never want a XEP to dictate UI. But we definitely need a way to indicate "this is a link to a third party resource" vs "this is a file transfer"
Ge0rGBecause users don't need consistency between different implementations, or between sender and recipient of a message.
larmaGe0rG, we can still suggest UI outside XEPs
larmabut client consistency outside of protocol does not belong in XEPs IMO
lovetoxand client serv different communitys with different needs
larma*thumbs up reaction*
Ge0rGlarma [21:16]:
> "this is a link to a third party resource" vs "this is a file transfer"
Unfortunately, there is no difference between those from a security point of view
moparisthebesthow are they different at all actually?
lovetoxa client may want to react differently
waqashas left
waqashas joined
Ge0rGmoparisthebest: the former could be anything, not just an image
lovetoxif a "file transfer" comes from a contact in my roster he could have a policy that this is trustable enough to just download and display inline
lovetoxwhile your contact just pasting links he found somewhere
lovetoxis maybe not something i want to immediatly download
moparisthebestI'm still not seeing the difference
lovetoxnot downloading vs downloading
larmaA file transfer *should* have a fixed hash and the sender sending that hash (ideally in a cryptographically signed message) thus sends a very specific file, if the downloaded resource does not match, the file transfer failed.
A link to an external resource is usually handled by whatever local software is responsible for that uri protocol, thus could also extend beyond the http protocol (like a vnc uri to open your vnc viewer) and the resource behind the URI can change or be non global...
moparisthebestIf I'm sharing memes with my wife, why would I want it to display differently if I download and re-upload the meme vs paste the link?
lovetoxmoparisthebest, its not about what you want
lovetoxyou can not want anything for another client
moparisthebestit is in the sense that not even *my* client can guess what I want
waqashas left
larmaIf your client displays external resources inline under certain criteria, that's something completely different
waqashas joined
moparisthebestso certainly the remote client cannot guess
lovetoxhe does not need to guess, if you tell him
lovetoxhence the protocol we are discussing
larmaIt's a known attack against clients that show "previews" to fake the preview to lure users into opening shady websites
lovetoxand the difference
moparisthebestand sure you can write up a protocol for "hey the sender wants you to display it like X" but that's still useless because the sender won't do it
lovetoxim not sure what you are trying to say
larmamoparisthebest, it's not about what is possible, but about what makes sense
lovetoxclients react to that differently already
lovetoxand it works just fine
chronosx88has left
chronosx88has joined
waqashas left
waqashas joined
Zash> it (body==oob.url) meant, this is a filetransfer of a file uploaded with http upload
really? that doesn't seem like something that needed to be communicated.
chronosx88has left
Zashthe http upload part, that shouldn't matter
lovetoxbut it does
lovetoxit means a user selected a file on his harddrive, and wants to transfer it to you
lovetoxonly because thats done via http, does not mean every url i paste into a chat is now a filetransfer
chronosx88has joined
moparisthebestthat's a pretty dumb restriction anyway, I ran into this the other day actually
Zashwat
lovetoxsimple use case, i want to show a gallery of received media from a contact
moparisthebesttake a picture of the kid, want to send it to my Mom and my Wife, http upload to Mom, now do I waste space on the server by http upload'ing it to wife also, or just copy/paste the URL and paste to wife?
waqashas left
waqashas joined
moparisthebestit sucks the second way changes how it's displayed on wife's end :)
Link MauveA simple solution for that would be for your client to have a cache of recently uploaded files.
Link MauveNo need to change the UI, just it wouldn’t transfer it again and instead reuse the URL it already got.
lovetoxyeah clients could be just smart about that
moparisthebestor you could stop relying on the sending client to decide which images to display inline or not, and have that be a preference of the recieving client as it should be :)
waqashas left
waqashas joined
lovetoxbut it is, you got it backwards
lovetoxas we said, the sending client just tells this is a file from my harddrive
lovetoxthe receiving client decides what it does with that information
zachhas left
zachhas joined
moparisthebest"whether this came from my hardrive or not" is a really dumb distinction though
waqashas left
waqashas joined
Zashthis
moparisthebestI don't understand why it would matter in any concievable way
Zashit makes no sense to me
lovetoxbecause its more trustable
moparisthebestwhy???
moparisthebestwhy is a http upload link on my server I uploaded 2 seconds ago less trustable than one I'm uploading now
moparisthebestor, really anything else
ZashIt's an URL... twice. It means you sent a link to some out of band resource that you can click on if your client doesn't do something with it.
moparisthebestyou can make a client take any pasted http link, and pretend it's an http upload when sending it right?
moparisthebestlike presumably a gajim plugin could do that?
waqashas left
moparisthebestso how can the recieving client place any trust in that
waqashas joined
Zash`/embed arbitrary-url-here` in poezio for example, I've done that a bunch of times
lovetoxbecause you can share a link by accident or unkowing that it causes harm
lovetoxif you select a picture from your harddrive, it will most likely not
lovetoxand as i said above, media gallery of filetransfers
waqashas left
waqashas joined
lovetoxbut yeah i know other messengers record every link as media that was sent
larmaI think it is easier to grasp if you put in the hash of the file. It gives certainty to the recipient that they receive the correct file and it requires the sender to actually have the file before "sending" it, but it doesn't need to upload it if it's already online
lovetoxthats why everybody with whatsapp ends up with X memes in his gallery shared by some people in groupchats
moparisthebestuh sorry but I see people accidentally upload pictures in mucs all the time?
moparisthebestprobably more often than paste links even
moparisthebestin fact it's pretty easy to open a picture in the android gallery, click share, then mis-click the conversation muc
moparisthebestif I paste a link, you have no idea if I uploaded it or if it was already there, if I send you http upload xml, you have no idea if I uploaded it or if it was already there, what's the difference?
lovetoxbut one is a link someone wants you to see, and the other is a file he wanted you to have
lovetoxmoparisthebest, its not about security, its about the intentions
jonas’I tend to agree with lovetox to some extent
moparisthebestit's about nothing because there is no difference at all
lovetoxif it was about security i could not rust anything that does not come from my server
jonas’weird things happen for example with Conversations when you OOB-tag arbitrary links
lovetoxi agree its a very subtle difference
jonas’I have code in JabberCat which simply OOB-tags all URL-only posts
lovetoxand i agree most clients will probably not make it
jonas’which means that C will render them as file downloads
lovetoxbut its still worth to have that hint
jonas’instead of as links
lovetoxand if its just to sort, link meme shares into another category on harddrive
moparisthebestwhich hint though? it seems like we are taking a mostly arbitrary "this is from my hard drive" hint, and interpreting it instead as a "this is ok to display inline" hint
lovetoxmoparisthebest, no nobody says its ok to display inline
lovetoxthats a determination a client can make, but nobody suggest to do it
waqashas left
waqashas joined
moparisthebestexcept all clients that have it implemented that way of course
lovetoxas i said simple usecase, i dont want your meme shares from 9gag in my file gallery
larmawrite up on things I'd change in SIMS (including the name): https://gist.github.com/mar-v-in/f154b97ddc9869c1132b12bcd9a14f38
moparisthebestI like how SIMS just assumes e2e doesn't exist lol
moparisthebestmakes it easy, don't have to answer any hard questions, also makes it un-useable in the real world but that's just a minor detail right?
waqashas left
waqashas joined
larmamoparisthebest, does it? I'd say it assumes we have full stanza encryption 😉
moparisthebestthat falls under "un-useable in the real world" I guess :)
moparisthebestsince there aren't any full stanza encryption methods implemented anywhere?
lovetoxyes they are
lovetoxopenpgp
ZashCan't you do E2E encrypted file transfers with Jingle? SIMS can use that.
lovetoxalso dont know what that has to do with E2E at all
waqashas left
moparisthebestOX? there is a XEP, iirc it's not actually implemented anywhere
waqashas joined
larmamoparisthebest, it is
lovetoxit is, Gajim has a plugin :D
moparisthebesthashes/size/name/type all that private stuff that should probably be encrypted
lovetoxand also its not hard to implement
lovetoxdevelopers just have other stuff to do right now
larmaalso smack supports it
lovetoxmoparisthebest, what is private about that? these are all things i can get from a oob url if i download the file
lovetoxso oob url is ok
lovetoxbut SIMS is not?
moparisthebestnot one of these URLs: https://xmpp.org/extensions/inbox/omemo-media-sharing.html
lovetoxSIMS is just, i tell you the metadata before you have to download the file
lovetoxmoparisthebest, we talk about media sharing XEPs, and if i want to share a picutre here in this MUC
lovetoxE2E is out of the question
larmaIf you encrypt the file before uploading you should probably also encrypt SIMS
waqashas left
waqashas joined
lovetoxso why should i not be nice and sent metadata with so clients dont have to download to get them
larmaIf you don't encrypt the http file upload, it makes little sense to encrypt SIMS data (like hash), but if you do encrypt the http file upload you also should encrypt such
lovetoxof course this xep is only to be used with full stanza encryption if your conversation is encrypted
lovetoxthat goes without saying
lovetoxbut a media sharing XEP must not care if currently full stanza encryption in use or not
larmalovetox, people for some reason always assume that encryption is a body-only thing and thus complain about SIMS leaking things
waqashas left
waqashas joined
moparisthebestyes, ie the only encryption that has ever been actually deployed :)
pep.moparisthebest, in the meantime, if you don't think about it, it's probably never going to become viable
waqashas left
waqashas joined
moparisthebestI'm also not sure the point of letting clients lie about stuff
moparisthebestif you duplicate where info is, then you have to have rules about when it doesn't match
waqashas left
waqashas joined
larma"duplicate where info is" what are you referring to?
waqashas left
waqashas joined
pdurbinhas joined
moparisthebestif you send me a link to the file, I have it's size, content type, hash etc, after I get it
moparisthebestwhat's the point of also sending all that? what if what you send me doesn't match with what I get?
waqashas left
waqashas joined
Alexhas left
waqashas left
waqashas joined
Wojtekhas left
pdurbinhas left
larmaif it doesn't match your download failed. You have a corrupt file and shouldn't tell the user "that's what the other person send you" because it's not true
zachhas left
zachhas joined
Wojtekhas joined
waqashas left
larmacontent type is not part of the file, so it's good you actually get it, size is useful to know before downloading it
waqashas joined
moparisthebestsize would be useful to know before downloading, if you could trust it
moparisthebestbut you can't
waqashas left
waqashas joined
flowI'd argue that it is still useful
larmaYou can, just stop downloading after you reached this amount of bytes, if the link provides you with more data, then it's corrupt
flowor malicious
larmawhich is the same for the user (file transfer failed)
waqashas left
waqashas joined
adiaholichas left
chronosx88has left
adiaholichas joined
!XSF_Martinhas left
!XSF_Martinhas joined
j.rhas left
j.rhas joined
Dele (Mobile)has left
mukt2has joined
larmaAnyone interested in DKIM for XMPP?
zachhas left
zachhas joined
ralphmhas left
ralphmhas joined
Tobiashas left
ZashThe what, why?
Shelloh dear
Wojtekhas left
pep.larma, what would you need that
ZashMUC? .. because DKIM works so well for mailing lists
ZashBut, uh, please don't
pep.To prove that a message is indeed coming from the server it's saying it's coming from?
eevvoorhas left
pep.I'd rather do e2ee and verify that identity
Zashs2s has pretty good security already, with mutual TLS certificate authentication.
pep.Zash, the idea being that MUC can impersonate anybody, I guess..
ZashI see no need for DKIM, except possibly in some relay case like MUC, but meh.
mukt2has left
pep.And you need to trust MUC same as you trust your server. (Note that I'm not especially arguing in favor of DKIM)
j.rhas left
ZashI'm quite happy leaving crypto stuff to the TLS library, thankyouverymuch.
pep.:)
j.rhas joined
jubalhhas joined
ZashAnd, mailing lists being equivalent to MUC, which is where I encountered enough problems with DKIM to just throw it all out and carry on with my life.
jubalhhas left
ZashI imagine it'd be easier to apply to XMPP tho.
larmaWell, a proper client should ignore the origin information in messages in a private/non-anonymous MUC on an untrusted server right now.
larmaZash, that's only because mailing lists modify the mail but claim it's from the original author, which is exactly what DKIM should prevent (for good reason)
moparisthebestDkim works on well configured mailing lists just fine, you are thinking of SPF that they break
ZashMailing lists don't break SPf
pep.moparisthebest, mailing lists break dkim
larmapep., they don't need to
pep.They don't need to indeed
pep.Most do
moparisthebestMisconfigured ones that mangle the message only
larmait's just because they a) want to display the original author in from and b) want to add a footer to the message (effectively the same as modifying it)
Zashb) also breaks PGP signatures \o/
ZashNice things. Email. Pick one.
zachhas left
zachhas joined
ZashEmail and DANE seems to do okay tho.
larmaZash, actually it doesn't (or doesn't need to) as you can concat with MIME