-
jonas’
pep., I don’t see text in MIX which says otherwise✎ -
jonas’
pep., I don’t recall text in MIX which says otherwise ✏
-
jonas’
but it’s been quite a while since I’ve read MIX
-
jonas’
in some discussion a few days back, I was looking for this, and now I found it: https://multiformats.io/multihash/
-
jonas’
don’t ask me what the context is though
-
jonas’
might be about the blake2 stuff
-
larma
jonas’: you forgot to add a blockchain trigger warning to the link ;)
-
jonas’
larma, I didn’t notice anything blockchainy in there
-
larma
multiformats is from protocol labs which is blockhcainy 😉
-
jonas’
TIL (and don’t care)
-
Zash
They invented ASN.1 ?
-
larma
Zash, how is this related to ASN.1?
-
Zash
OIDs
-
jonas’
they’re not OIDs though?
-
Zash
The concept of { oid, hash bitstring } ?
-
jonas’
I don’t see OIDs there though
-
jonas’
OIDs are hierarchical
-
larma
yeah, they're not using OIDs, they are just prefixing the hash with a type and it's length
-
Zash
I don't mean OIDs specifically
-
Zash
Maybe I've just looked too closely at the whole ASN.1 thing, so to me it looks similar.
-
MattJ
It's the same but worse
-
larma
Zash, you mean they could have used ASN.1 instead?
-
Zash
They could
-
larma
but they are blockchainy
-
jonas’
why would you though
-
larma
so they mind every byte
-
jonas’
ASN is odd with it’s different serialisation formats
-
Kev
Says the developer working with XML :)
-
jonas’
yeah
-
larma
ASN.1 has an XML serialisation format 😉
-
Kev
Is memberbot online, and should they be?
-
Zash
We're in voting, so they should be.
-
Kev
That was my thought.
-
jonas’
it’s available for me
-
Kev
Hmm. I wonder if S2S between my server and xmpp.org is down.
-
Kev
Ah. Has xmpp.org enabled the 'I won't talk to small DH Keys' Prosody thing?
-
pep.
gender-neutral singular "they" replacing "it" for things? :P
-
Zash
bots are people too!
-
pep.
I'm sorry
-
MattJ
Kev, yes (but to be clear it's not a Prosody thing, it's system OpenSSL defaults on Debian 10)
-
Zash
Pretty sure it's been configured to prefer ECDHE
-
Kev
Ah. Any chance that could be turned off, as an easier option that updating my server to a release from the last millenium? :)
-
pep.
And actually probably most distributions now, at it's recommended by openssl since.. a vulnerability not so long ago✎ -
pep.
And actually probably most distributions now, at it's recommended by openssl since.. yet another vulnerability not so long ago ✏
-
pep.
jonas’, flow, is the 157 validation thing gonna delay/make the PR get refused? :/
-
pep.
Can we change that later if it's the case?
-
Zash
I kinda rather you added text that says everything should be URIs
-
pep.
I don't mind about the way we do it, I just wanted it in :x✎ -
pep.
I don't mind the way we do it, I just wanted it in :x ✏
-
pep.
But as flow said, adding this kind of text on all fields now might be considered breaking (even though I would expect people to just put URIs in there already as the example suggests)
-
Zash
It's not Standards Track
-
pep.
so.. that means we can bend it in any way we want it's fine? :p
-
Zash
We can bend anything we want any way we want.
-
Zash
We have the power!
-
pep.
We are the last XEP benders
-
flow
pep., it already delayed the PR. I personally see no reason why this should cause the PR to get vetoed by council, but since it takes only one council member to veto…. In any case you could resubmit without, which would be sad. But we can not add the data form validation later on, without bumping the namespace, so it was important to do it now.
-
Guus
I found out today that most of the spam that I get through XMPP is coming from my secondary account, on jabber.org, instead of my primary account on igniterealtime.org. What strikes me is that I publish contact details including the latter a lot more than the former.
-
Zash
I too get a bunch of spam to my jabber.org account, despite never having written about it anywhere or barely used it for more than occational testing.
-
stpeter
We're working on it!
-
!XSF_Martin
> We're working on it! Is Neustradamus around?
-
stpeter
;-)
-
Guus
Having something anti spam on jabber.org would obviously be nice, but I wasn't so much calling for action as I was expressing surprise at the source of the spam I get. It would be interesting to find reasons why an infrequently used account gathers more spam than an actively used and shared one.
-
Guus
I do now wonder if the recent uptake in spam and the recent instability at jabber.org are related.
-
Zash
Guus: I imagine you'd find a ton of legitimate accounts by taking a random list of email addreses and picking out the localparts.
-
Guus
That wouldn't get you my jabber.org account.
-
Zash
Maybe the reason it seems to be more is that you look at it less often, so the spam waves get buffered up in offline storage
-
Guus
I'm logged in all the time, but am not using it for anything other than ... what, really? As a fallback in case my primary account has issues, mostly.
-
Zash
Weird
-
vanitasvitae
I receive lots of spam on my personal account on my personal server, but it appears to be fluctuating quite drastically from day to day.
-
vanitasvitae
Guess I made it to some spam list...
-
moparisthebest
same, it went away almost entirely for almost a year I'd guess, but now it's back up to a few a day
-
Zash
But in my case, an account with no contacts that I never use and never mentioned anywhere, still getting spam? They must have guessed.
-
Guus
Can we assume that it's mostly one entity that's driving all of this spam?
-
Guus
Zash: maybe some kind of way to list accounts on a server or something?
-
Guus
Xep 55 with a wildcard?
-
Zash
Does jabber.org have that enabled? That'd be scary.
-
Kev
No. It supports xep55, but it's opt-in.
-
pep.
or.. the db got leaked! :p
-
Zash
Or any db got leaked, and they tried every username on every server
-
pep.
Kev, opt-in by the client?
-
Kev
pep.: Yes.
-
pep.
So like MAM? :P
-
Kev
Well, by the user through their client.
-
pep.
opt-in but every clients uses it✎ -
pep.
opt-in but every client uses it ✏
-
Kev
I don't follow.
-
pep.
It's a joke. I don't know if it's the case for 0055.
-
pep.
MAM was made opt-in on most servers though
-
pep.
For GDPR reasons among others
-
pep.
But every client uses it anyway
-
Zash
Opt-in by using it!
-
Zash
But for 55 I'd hope it be a thing where you register with it to opt in
-
Kev
You don't register with it, you tick the box in your user configuration adhoc.
-
Kev
But that's probably equivalent.
-
Zash
Right
-
pep.
You mean your client does that for you, providing whatever UI
-
pep.
(maybe not even mentioning the fact that you're enabling it)
-
Kev
Do you have any evidence clients are doing this, or are you guessing?
-
pep.
No evindence, just saying it's a possibility
-
Zash
I highly doubt things will execute random ad-hoc commands
-
vanitasvitae
The spam I receive is 95% russian and about spam services
-
vanitasvitae
So I can assume its the same sender.