XSF Discussion - 2020-11-10


  1. david has left

  2. david has joined

  3. tigran has joined

  4. debacle has left

  5. southerntofu has left

  6. lskdjf has left

  7. papatutuwawa has left

  8. papatutuwawa has joined

  9. adiaholic has left

  10. adiaholic has joined

  11. adiaholic has left

  12. adiaholic has joined

  13. alameyo has left

  14. alex-a-soto has left

  15. alex-a-soto has joined

  16. neshtaxmpp has left

  17. neshtaxmpp has joined

  18. neshtaxmpp has left

  19. dwd has left

  20. Shell has left

  21. papatutuwawa has left

  22. papatutuwawa has joined

  23. neshtaxmpp has joined

  24. Arne has left

  25. Arne has joined

  26. govanify has left

  27. govanify has joined

  28. tigran has left

  29. Shell has joined

  30. arc has left

  31. arc has joined

  32. govanify has left

  33. govanify has joined

  34. alameyo has joined

  35. adiaholic has left

  36. adiaholic has joined

  37. adiaholic has left

  38. adiaholic has joined

  39. govanify has left

  40. govanify has joined

  41. Calvin has left

  42. govanify has left

  43. govanify has joined

  44. govanify has left

  45. govanify has joined

  46. govanify has left

  47. govanify has joined

  48. papatutuwawa has left

  49. papatutuwawa has joined

  50. arc has left

  51. arc has joined

  52. govanify has left

  53. govanify has joined

  54. dwd has joined

  55. lovetox has joined

  56. DebXWoody has joined

  57. Mikaela has joined

  58. wladmis has left

  59. wladmis has joined

  60. lovetox has left

  61. govanify has left

  62. govanify has joined

  63. lorddavidiii has joined

  64. adiaholic has left

  65. wladmis has left

  66. Tobias has joined

  67. adiaholic has joined

  68. Yagiza has joined

  69. arc has left

  70. Maranda has left

  71. emus has joined

  72. Maranda has joined

  73. antranigv has left

  74. wurstsalat has joined

  75. lorddavidiii has left

  76. jcbrand has joined

  77. pasdesushi has joined

  78. lorddavidiii has joined

  79. Arne has left

  80. pasdesushi has left

  81. papatutuwawa has left

  82. papatutuwawa has joined

  83. marc has joined

  84. ChronosX88 has joined

  85. floretta has left

  86. alex-a-soto has left

  87. alex-a-soto has joined

  88. marc has left

  89. mdosch has left

  90. mdosch has joined

  91. lorddavidiii has left

  92. neshtaxmpp has left

  93. LNJ has joined

  94. neshtaxmpp has joined

  95. lorddavidiii has joined

  96. goffi has joined

  97. neshtaxmpp has left

  98. Alex has joined

  99. lorddavidiii has left

  100. lorddavidiii has joined

  101. neshtaxmpp has joined

  102. Arne has joined

  103. serge90 has joined

  104. Yagiza has left

  105. Yagiza has joined

  106. raghavgururajan has joined

  107. strypey has joined

  108. strypey has left

  109. j.r has left

  110. j.r has joined

  111. wladmis has joined

  112. lskdjf has joined

  113. Arne has left

  114. marc has joined

  115. wladmis has left

  116. adiaholic has left

  117. adiaholic has joined

  118. Arne has joined

  119. debacle has joined

  120. lorddavidiii has left

  121. lorddavidiii has joined

  122. winfried has left

  123. winfried has joined

  124. winfried has left

  125. winfried has joined

  126. adiaholic has left

  127. adiaholic has joined

  128. j.r has left

  129. adiaholic has left

  130. adiaholic has joined

  131. lorddavidiii has left

  132. j.r has joined

  133. lorddavidiii has joined

  134. antranigv has joined

  135. Steve Kille has left

  136. Steve Kille has joined

  137. lorddavidiii has left

  138. lorddavidiii has joined

  139. Arne has left

  140. Arne has joined

  141. lorddavidiii has left

  142. lorddavidiii has joined

  143. Arne has left

  144. Arne has joined

  145. serge90 has left

  146. lskdjf has left

  147. Shell has left

  148. Seve has left

  149. Seve has joined

  150. lskdjf has joined

  151. Seve has left

  152. Seve has joined

  153. lskdjf has left

  154. serge90 has joined

  155. Maranda has left

  156. Maranda has joined

  157. lskdjf has joined

  158. floretta has joined

  159. lskdjf has left

  160. lskdjf has joined

  161. lskdjf has left

  162. lskdjf has joined

  163. lskdjf has left

  164. lskdjf has joined

  165. lskdjf has left

  166. lovetox has joined

  167. lorddavidiii has left

  168. lorddavidiii has joined

  169. lovetox has left

  170. lorddavidiii has left

  171. Andrzej has joined

  172. lorddavidiii has joined

  173. Andrzej has left

  174. Andrzej has joined

  175. Andrzej has left

  176. Andrzej has joined

  177. Calvin has joined

  178. lskdjf has joined

  179. serge90 has left

  180. Andrzej has left

  181. Andrzej has joined

  182. Arne has left

  183. Arne has joined

  184. edhelas has left

  185. edhelas has joined

  186. serge90 has joined

  187. lskdjf has left

  188. Dele Olajide has joined

  189. Dele Olajide has left

  190. adiaholic has left

  191. adiaholic has joined

  192. adiaholic has left

  193. adiaholic has joined

  194. jcbrand has left

  195. southerntofu has joined

  196. LNJ has left

  197. jcbrand has joined

  198. alameyo has left

  199. adiaholic has left

  200. adiaholic has joined

  201. alameyo has joined

  202. LNJ has joined

  203. lskdjf has joined

  204. serge90 has left

  205. wladmis has joined

  206. lorddavidiii has left

  207. lorddavidiii has joined

  208. lskdjf has left

  209. lskdjf has joined

  210. wladmis has left

  211. wladmis has joined

  212. lskdjf has left

  213. lskdjf has joined

  214. Maranda has left

  215. Maranda has joined

  216. lskdjf has left

  217. lskdjf has joined

  218. lskdjf has left

  219. lskdjf has joined

  220. Arne has left

  221. adiaholic has left

  222. adiaholic has joined

  223. Maranda has left

  224. Maranda has joined

  225. mdosch

    > Memberbot is online now for our 2020 elections. Great applicants again this year Is there any documentation how to use the memberbot? I failed to find it. 😔

  226. Zash

    Say "hello" or something to it

  227. lskdjf has left

  228. mdosch

    xmpp:memberbot@xmpp.org is not replying to 'help' or 'hello'.

  229. neshtaxmpp has left

  230. MattJ

    Then poke Alex and make sure he has your up-to-date JID

  231. Arne has joined

  232. MattJ

    and that your s2s is working :)

  233. larma

    jonas’, regarding opengraph and phishing: https://www.der-postillon.com/2020/05/reichelt-twitter.html (sorry, German article)

  234. jonas’

    also satire

  235. jonas’

    I don’t like the postillons style, so I’ll just not click that, sorry

  236. Alex

    mdosch, please send me your prefereed Jid for voting and I will verify, or should I just take it from your membership application?

  237. Wojtek has joined

  238. mdosch

    Alex: martin@mdosch.de

  239. mdosch

    Thanks :)

  240. MattJ

    I definitely agree that sender/server-provided link previews are the way to go

  241. jonas’

    I think there is a huge difference between sender and server

  242. Zash

    Why not a bot?

  243. jonas’

    same thing as server

  244. Zash

    Why not random anonymous users?!

  245. MattJ

    I mean to cover any form of "the preview data is embedded in the message"

  246. MattJ

    Although intuitively it seems wrong (trusting information provided by another party), generating the preview on the recipient side only adds problems and doesn't solve any of the possible "attacks"

  247. Holger

    Alex: While you're at it 🙂 holger@jabber.fu-berlin.de

  248. MattJ

    If the link is malicious it can easily serve different content to different requests, e.g. if it sees an XMPP client's user-agent instead of a browser

  249. MattJ

    Meanwhile it leaks activity, your network address, and other information to the web server behind the link, without user action

  250. Alex

    adeed both Jids, can you try again?

  251. mdosch

    >10.11.20 16:35:14 - Subscription received from memberbot@xmpp.org Alex: Thanks!

  252. larma

    jonas’: the article is about how they maliciously changed link preview by updating opengraph data after someone shared one of their articles on twitter.

  253. jonas’

    MattJ, it does solve the case where an attacker just wants to prank you

  254. jonas’

    take $urlToOffensivePictureInFullscreen, attach wrong preview, done.

  255. jonas’

    that attack does not need control over the webserver ("serve different content to different users")

  256. MattJ

    Agree, but they could just provide the link without a preview too and you'd probably open it anyway if you trust them :)

  257. Zash

    Solution in search of a problem: What if, the XMPP server offers a caching HTTP proxy to its users?

  258. Steve Kille has left

  259. MattJ

    and the same thing can be done in the recipient-generates-preview world

  260. jonas’

    MattJ, they can’t if previews are generated locally.

  261. Zash

    Credentials via XEP-0215 or somesuch

  262. MattJ

    so it doesn't fix anything

  263. jonas’

    how does a recipient-generated preview not fix that case?

  264. MattJ

    Because they can provide a URL that does what I described above

  265. Zash

    How about *everyone* generates their own preview, then we compare?

  266. Steve Kille has joined

  267. lorddavidiii has left

  268. larma

    Zash, consider e2ee, you'd leak message content to the server if you use a server-provided proxy

  269. lskdjf has joined

  270. tigran has joined

  271. Zash

    If you do HTTPS over SOCKS5 it leaks hostname to the XMPP server in exchange for not leaking your own IP to the proxy target.

  272. Zash

    So. Dunno, tradeoffs.

  273. larma

    yeah, but sender provided link previews do not leak anything...

  274. Zash

    Also, trust the server, the server is good!! ;)

  275. larma

    https://www.mysk.blog/2020/10/25/link-previews/ (lists which messaging apps do what, in case someone is interested)

  276. marc has left

  277. marc has joined

  278. lskdjf has left

  279. lskdjf has joined

  280. Ge0rG

    jonas’: I wanted to do some editing of CS'21, how long are you still available to merge a PR?

  281. jonas’

    Ge0rG, today?

  282. jonas’

    30 minutes probably

  283. Ge0rG

    jonas’: yes, thanks

  284. Ge0rG just realized there were no additional votes on ibr-token yet. Wanted to add it to Future Development.

  285. Steve Kille has left

  286. Holger

    Alex: Works for me as well, thank you.

  287. Alex

    👍

  288. Steve Kille has joined

  289. andrey.g has joined

  290. Ge0rG

    jonas’: are you opposed to have Extended Channel Search (XEP-0433) as "specification of note" in IM?

  291. tigran has left

  292. jonas’

    Ge0rG, no, sgtm

  293. stpeter has joined

  294. stpeter has left

  295. sonny has left

  296. sonny has joined

  297. wurstsalat

    larma: thanks for that comprehensive link!

  298. sonny has left

  299. sonny has joined

  300. lorddavidiii has joined

  301. edhelas

    > The moment the link was sent, several Facebook servers immediately started downloading the file from our server. Since it wasn’t just one server, that large 2.6 GB file was downloaded several times. In total, approximately 24.7 GB of data was downloaded from our server by Facebook servers.

  302. edhelas

    damn, they really have bandwidth and space available

  303. vanitasvitae

    😀

  304. vanitasvitae

    🍿️

  305. edhelas

    my next question would be "what is the actual limit before we see some availability issue on status.facebook.com" :p

  306. jonas’

    I have that one file somewhere which is like 4k on my disk but is effectively several hundred GBs of zeroes…

  307. Ge0rG

    jonas’: https://gitlab.com/xsf/xeps/-/merge_requests/35

  308. jonas’

    I do like to use it to stresstest URL resolving bots :)

  309. Ge0rG

    jonas’: luckily traffic is free, eh?

  310. jonas’

    Ge0rG, can you rebase on current master/main first please?

  311. jonas’

    Ge0rG, it’s not, but the bots usually die quickly

  312. edhelas

    for Movim I do have something like that, only for pictures, it's generated by the sender, and only limited to a few Mb

  313. Ge0rG

    jonas’: rebases & repushed

  314. jonas’

    Ge0rG, also fun is the same thing but with <!DOCTYPE html>\n<html><title> in front of it :>

  315. marc has left

  316. marc has joined

  317. lovetox has joined

  318. Wojtek has left

  319. lskdjf has left

  320. lskdjf has joined

  321. Neustradamus

    Memberbot does not work, impossible to start

  322. Wojtek has joined

  323. lskdjf has left

  324. lskdjf has joined

  325. lskdjf has left

  326. lskdjf has joined

  327. lskdjf has left

  328. lskdjf has joined

  329. mathieui

    seems to work fine here

  330. lskdjf has left

  331. lskdjf has joined

  332. lskdjf has left

  333. lskdjf has joined

  334. lskdjf has left

  335. lskdjf has joined

  336. LNJ has left

  337. marc has left

  338. lskdjf has left

  339. lskdjf has joined

  340. Wojtek has left

  341. alex-a-soto has left

  342. alex-a-soto has joined

  343. marc has joined

  344. moparisthebest

    Neustradamus, is it just not responding or?

  345. LNJ has joined

  346. Zash

    s2s seems to be working fine from what I can tell

  347. Neustradamus

    Now it is good

  348. Neustradamus

    There was 2 connections before, now only one.

  349. Zash

    Oh, not using jabber.org?

  350. Neustradamus

    This problem has been solved, I think with a change in OpenSSL. But it is not the solution to do not migrate completely to Prosody...

  351. intosi has left

  352. lskdjf has left

  353. lskdjf has joined

  354. intosi has joined

  355. lskdjf has left

  356. lskdjf has joined

  357. lskdjf has left

  358. lskdjf has joined

  359. lskdjf has left

  360. lskdjf has joined

  361. lskdjf has left

  362. lskdjf has joined

  363. lskdjf has left

  364. lskdjf has joined

  365. adiaholic has left

  366. alex-a-soto has left

  367. alex-a-soto has joined

  368. neshtaxmpp has joined

  369. lskdjf has left

  370. lskdjf has joined

  371. Wojtek has joined

  372. lskdjf has left

  373. lskdjf has joined

  374. intosi has left

  375. LNJ has left

  376. ChronosX88 has left

  377. Ge0rG

    jonas’: thanks for merging!

  378. Ge0rG

    Looks like I missed adding AV to the categories list in the intro. Also should find a better name for "feature providers"

  379. serge90 has joined

  380. Ge0rG

    Maybe just "specifications"?

  381. LNJ has joined

  382. intosi has joined

  383. lskdjf has left

  384. andrey.g has left

  385. lovetox has left

  386. akkiko has joined

  387. lskdjf has joined

  388. akkiko has left

  389. APach has left

  390. APach has joined

  391. serge90 has left

  392. lorddavidiii has left

  393. nad287 has joined

  394. akkiko has joined

  395. Yagiza has left

  396. lovetox has joined

  397. Nekit has left

  398. lskdjf has left

  399. Shell has joined

  400. lskdjf has joined

  401. winfried has left

  402. winfried has joined

  403. winfried has left

  404. winfried has joined

  405. Lance has left

  406. Lance has joined

  407. Lance has left

  408. pasdesushi has joined

  409. lorddavidiii has joined

  410. govanify has left

  411. govanify has joined

  412. lskdjf has left

  413. lskdjf has joined

  414. lskdjf has left

  415. lskdjf has joined

  416. lskdjf has left

  417. lskdjf has joined

  418. lskdjf has left

  419. lskdjf has joined

  420. DebXWoody has left

  421. akkiko has left

  422. pasdesushi has left

  423. disgyze has left

  424. pasdesushi has joined

  425. pasdesushi has left

  426. alex-a-soto has left

  427. alex-a-soto has joined

  428. pasdesushi has joined

  429. DebXWoody has joined

  430. DebXWoody has left

  431. DebXWoody has joined

  432. DebXWoody has left

  433. DebXWoody has joined

  434. Mikaela has left

  435. lovetox has left

  436. pasdesushi has left

  437. pasdesushi has joined

  438. Syndace has left

  439. Syndace has joined

  440. pasdesushi has left

  441. pasdesushi has joined

  442. pasdesushi has left

  443. pasdesushi has joined

  444. Andrzej has left

  445. DebXWoody has left

  446. arc has joined

  447. Tobias has left

  448. pasdesushi has left

  449. pasdesushi has joined

  450. marc has left

  451. marc has joined

  452. andrey.g has joined

  453. pasdesushi has left

  454. Andrzej has joined

  455. nad287 has left

  456. pasdesushi has joined

  457. lorddavidiii has left

  458. pasdesushi has left

  459. goffi has left

  460. Lance has joined

  461. Lance has left

  462. dwd has left

  463. debacle has left

  464. marc has left

  465. dwd has joined

  466. marc has joined

  467. Andrzej has left

  468. andrey.g has left

  469. Andrzej has joined

  470. alex-a-soto has left

  471. alex-a-soto has joined

  472. pasdesushi has joined

  473. Lance has joined

  474. pasdesushi has left

  475. jcbrand has left

  476. Andrzej has left

  477. pasdesushi has joined

  478. LNJ has left

  479. wurstsalat has left

  480. pasdesushi has left

  481. emus has left

  482. Wojtek has left

  483. Vaulor has left

  484. Andrzej has joined