XSF Discussion - 2020-11-10


  1. david has left
  2. david has joined
  3. tigran has joined
  4. debacle has left
  5. southerntofu has left
  6. lskdjf has left
  7. papatutuwawa has left
  8. papatutuwawa has joined
  9. adiaholic has left
  10. adiaholic has joined
  11. adiaholic has left
  12. adiaholic has joined
  13. alameyo has left
  14. alex-a-soto has left
  15. alex-a-soto has joined
  16. neshtaxmpp has left
  17. neshtaxmpp has joined
  18. neshtaxmpp has left
  19. dwd has left
  20. Shell has left
  21. papatutuwawa has left
  22. papatutuwawa has joined
  23. neshtaxmpp has joined
  24. Arne has left
  25. Arne has joined
  26. govanify has left
  27. govanify has joined
  28. tigran has left
  29. Shell has joined
  30. arc has left
  31. arc has joined
  32. govanify has left
  33. govanify has joined
  34. alameyo has joined
  35. adiaholic has left
  36. adiaholic has joined
  37. adiaholic has left
  38. adiaholic has joined
  39. govanify has left
  40. govanify has joined
  41. Calvin has left
  42. govanify has left
  43. govanify has joined
  44. govanify has left
  45. govanify has joined
  46. govanify has left
  47. govanify has joined
  48. papatutuwawa has left
  49. papatutuwawa has joined
  50. arc has left
  51. arc has joined
  52. govanify has left
  53. govanify has joined
  54. dwd has joined
  55. lovetox has joined
  56. DebXWoody has joined
  57. Mikaela has joined
  58. wladmis has left
  59. wladmis has joined
  60. lovetox has left
  61. govanify has left
  62. govanify has joined
  63. lorddavidiii has joined
  64. adiaholic has left
  65. wladmis has left
  66. Tobias has joined
  67. adiaholic has joined
  68. Yagiza has joined
  69. arc has left
  70. Maranda has left
  71. emus has joined
  72. Maranda has joined
  73. antranigv has left
  74. wurstsalat has joined
  75. lorddavidiii has left
  76. jcbrand has joined
  77. pasdesushi has joined
  78. lorddavidiii has joined
  79. Arne has left
  80. pasdesushi has left
  81. papatutuwawa has left
  82. papatutuwawa has joined
  83. marc has joined
  84. ChronosX88 has joined
  85. floretta has left
  86. alex-a-soto has left
  87. alex-a-soto has joined
  88. marc has left
  89. mdosch has left
  90. mdosch has joined
  91. lorddavidiii has left
  92. neshtaxmpp has left
  93. LNJ has joined
  94. neshtaxmpp has joined
  95. lorddavidiii has joined
  96. goffi has joined
  97. neshtaxmpp has left
  98. Alex has joined
  99. lorddavidiii has left
  100. lorddavidiii has joined
  101. neshtaxmpp has joined
  102. Arne has joined
  103. serge90 has joined
  104. Yagiza has left
  105. Yagiza has joined
  106. raghavgururajan has joined
  107. strypey has joined
  108. strypey has left
  109. j.r has left
  110. j.r has joined
  111. wladmis has joined
  112. lskdjf has joined
  113. Arne has left
  114. marc has joined
  115. wladmis has left
  116. adiaholic has left
  117. adiaholic has joined
  118. Arne has joined
  119. debacle has joined
  120. lorddavidiii has left
  121. lorddavidiii has joined
  122. winfried has left
  123. winfried has joined
  124. winfried has left
  125. winfried has joined
  126. adiaholic has left
  127. adiaholic has joined
  128. j.r has left
  129. adiaholic has left
  130. adiaholic has joined
  131. lorddavidiii has left
  132. j.r has joined
  133. lorddavidiii has joined
  134. antranigv has joined
  135. Steve Kille has left
  136. Steve Kille has joined
  137. lorddavidiii has left
  138. lorddavidiii has joined
  139. Arne has left
  140. Arne has joined
  141. lorddavidiii has left
  142. lorddavidiii has joined
  143. Arne has left
  144. Arne has joined
  145. serge90 has left
  146. lskdjf has left
  147. Shell has left
  148. Seve has left
  149. Seve has joined
  150. lskdjf has joined
  151. Seve has left
  152. Seve has joined
  153. lskdjf has left
  154. serge90 has joined
  155. Maranda has left
  156. Maranda has joined
  157. lskdjf has joined
  158. floretta has joined
  159. lskdjf has left
  160. lskdjf has joined
  161. lskdjf has left
  162. lskdjf has joined
  163. lskdjf has left
  164. lskdjf has joined
  165. lskdjf has left
  166. lovetox has joined
  167. lorddavidiii has left
  168. lorddavidiii has joined
  169. lovetox has left
  170. lorddavidiii has left
  171. Andrzej has joined
  172. lorddavidiii has joined
  173. Andrzej has left
  174. Andrzej has joined
  175. Andrzej has left
  176. Andrzej has joined
  177. Calvin has joined
  178. lskdjf has joined
  179. serge90 has left
  180. Andrzej has left
  181. Andrzej has joined
  182. Arne has left
  183. Arne has joined
  184. edhelas has left
  185. edhelas has joined
  186. serge90 has joined
  187. lskdjf has left
  188. Dele Olajide has joined
  189. Dele Olajide has left
  190. adiaholic has left
  191. adiaholic has joined
  192. adiaholic has left
  193. adiaholic has joined
  194. jcbrand has left
  195. southerntofu has joined
  196. LNJ has left
  197. jcbrand has joined
  198. alameyo has left
  199. adiaholic has left
  200. adiaholic has joined
  201. alameyo has joined
  202. LNJ has joined
  203. lskdjf has joined
  204. serge90 has left
  205. wladmis has joined
  206. lorddavidiii has left
  207. lorddavidiii has joined
  208. lskdjf has left
  209. lskdjf has joined
  210. wladmis has left
  211. wladmis has joined
  212. lskdjf has left
  213. lskdjf has joined
  214. Maranda has left
  215. Maranda has joined
  216. lskdjf has left
  217. lskdjf has joined
  218. lskdjf has left
  219. lskdjf has joined
  220. Arne has left
  221. adiaholic has left
  222. adiaholic has joined
  223. Maranda has left
  224. Maranda has joined
  225. mdosch > Memberbot is online now for our 2020 elections. Great applicants again this year Is there any documentation how to use the memberbot? I failed to find it. 😔
  226. Zash Say "hello" or something to it
  227. lskdjf has left
  228. mdosch xmpp:memberbot@xmpp.org is not replying to 'help' or 'hello'.
  229. neshtaxmpp has left
  230. MattJ Then poke Alex and make sure he has your up-to-date JID
  231. Arne has joined
  232. MattJ and that your s2s is working :)
  233. larma jonas’, regarding opengraph and phishing: https://www.der-postillon.com/2020/05/reichelt-twitter.html (sorry, German article)
  234. jonas’ also satire
  235. jonas’ I don’t like the postillons style, so I’ll just not click that, sorry
  236. Alex mdosch, please send me your prefereed Jid for voting and I will verify, or should I just take it from your membership application?
  237. Wojtek has joined
  238. mdosch Alex: martin@mdosch.de
  239. mdosch Thanks :)
  240. MattJ I definitely agree that sender/server-provided link previews are the way to go
  241. jonas’ I think there is a huge difference between sender and server
  242. Zash Why not a bot?
  243. jonas’ same thing as server
  244. Zash Why not random anonymous users?!
  245. MattJ I mean to cover any form of "the preview data is embedded in the message"
  246. MattJ Although intuitively it seems wrong (trusting information provided by another party), generating the preview on the recipient side only adds problems and doesn't solve any of the possible "attacks"
  247. Holger Alex: While you're at it 🙂 holger@jabber.fu-berlin.de
  248. MattJ If the link is malicious it can easily serve different content to different requests, e.g. if it sees an XMPP client's user-agent instead of a browser
  249. MattJ Meanwhile it leaks activity, your network address, and other information to the web server behind the link, without user action
  250. Alex adeed both Jids, can you try again?
  251. mdosch >10.11.20 16:35:14 - Subscription received from memberbot@xmpp.org Alex: Thanks!
  252. larma jonas’: the article is about how they maliciously changed link preview by updating opengraph data after someone shared one of their articles on twitter.
  253. jonas’ MattJ, it does solve the case where an attacker just wants to prank you
  254. jonas’ take $urlToOffensivePictureInFullscreen, attach wrong preview, done.
  255. jonas’ that attack does not need control over the webserver ("serve different content to different users")
  256. MattJ Agree, but they could just provide the link without a preview too and you'd probably open it anyway if you trust them :)
  257. Zash Solution in search of a problem: What if, the XMPP server offers a caching HTTP proxy to its users?
  258. Steve Kille has left
  259. MattJ and the same thing can be done in the recipient-generates-preview world
  260. jonas’ MattJ, they can’t if previews are generated locally.
  261. Zash Credentials via XEP-0215 or somesuch
  262. MattJ so it doesn't fix anything
  263. jonas’ how does a recipient-generated preview not fix that case?
  264. MattJ Because they can provide a URL that does what I described above
  265. Zash How about *everyone* generates their own preview, then we compare?
  266. Steve Kille has joined
  267. lorddavidiii has left
  268. larma Zash, consider e2ee, you'd leak message content to the server if you use a server-provided proxy
  269. lskdjf has joined
  270. tigran has joined
  271. Zash If you do HTTPS over SOCKS5 it leaks hostname to the XMPP server in exchange for not leaking your own IP to the proxy target.
  272. Zash So. Dunno, tradeoffs.
  273. larma yeah, but sender provided link previews do not leak anything...
  274. Zash Also, trust the server, the server is good!! ;)
  275. larma https://www.mysk.blog/2020/10/25/link-previews/ (lists which messaging apps do what, in case someone is interested)
  276. marc has left
  277. marc has joined
  278. lskdjf has left
  279. lskdjf has joined
  280. Ge0rG jonas’: I wanted to do some editing of CS'21, how long are you still available to merge a PR?
  281. jonas’ Ge0rG, today?
  282. jonas’ 30 minutes probably
  283. Ge0rG jonas’: yes, thanks
  284. Ge0rG just realized there were no additional votes on ibr-token yet. Wanted to add it to Future Development.
  285. Steve Kille has left
  286. Holger Alex: Works for me as well, thank you.
  287. Alex 👍
  288. Steve Kille has joined
  289. andrey.g has joined
  290. Ge0rG jonas’: are you opposed to have Extended Channel Search (XEP-0433) as "specification of note" in IM?
  291. tigran has left
  292. jonas’ Ge0rG, no, sgtm
  293. stpeter has joined
  294. stpeter has left
  295. sonny has left
  296. sonny has joined
  297. wurstsalat larma: thanks for that comprehensive link!
  298. sonny has left
  299. sonny has joined
  300. lorddavidiii has joined
  301. edhelas > The moment the link was sent, several Facebook servers immediately started downloading the file from our server. Since it wasn’t just one server, that large 2.6 GB file was downloaded several times. In total, approximately 24.7 GB of data was downloaded from our server by Facebook servers.
  302. edhelas damn, they really have bandwidth and space available
  303. vanitasvitae 😀
  304. vanitasvitae 🍿️
  305. edhelas my next question would be "what is the actual limit before we see some availability issue on status.facebook.com" :p
  306. jonas’ I have that one file somewhere which is like 4k on my disk but is effectively several hundred GBs of zeroes…
  307. Ge0rG jonas’: https://gitlab.com/xsf/xeps/-/merge_requests/35
  308. jonas’ I do like to use it to stresstest URL resolving bots :)
  309. Ge0rG jonas’: luckily traffic is free, eh?
  310. jonas’ Ge0rG, can you rebase on current master/main first please?
  311. jonas’ Ge0rG, it’s not, but the bots usually die quickly
  312. edhelas for Movim I do have something like that, only for pictures, it's generated by the sender, and only limited to a few Mb
  313. Ge0rG jonas’: rebases & repushed
  314. jonas’ Ge0rG, also fun is the same thing but with <!DOCTYPE html>\n<html><title> in front of it :>
  315. marc has left
  316. marc has joined
  317. lovetox has joined
  318. Wojtek has left
  319. lskdjf has left
  320. lskdjf has joined
  321. Neustradamus Memberbot does not work, impossible to start
  322. Wojtek has joined
  323. lskdjf has left
  324. lskdjf has joined
  325. lskdjf has left
  326. lskdjf has joined
  327. lskdjf has left
  328. lskdjf has joined
  329. mathieui seems to work fine here
  330. lskdjf has left
  331. lskdjf has joined
  332. lskdjf has left
  333. lskdjf has joined
  334. lskdjf has left
  335. lskdjf has joined
  336. LNJ has left
  337. marc has left
  338. lskdjf has left
  339. lskdjf has joined
  340. Wojtek has left
  341. alex-a-soto has left
  342. alex-a-soto has joined
  343. marc has joined
  344. moparisthebest Neustradamus, is it just not responding or?
  345. LNJ has joined
  346. Zash s2s seems to be working fine from what I can tell
  347. Neustradamus Now it is good
  348. Neustradamus There was 2 connections before, now only one.
  349. Zash Oh, not using jabber.org?
  350. Neustradamus This problem has been solved, I think with a change in OpenSSL. But it is not the solution to do not migrate completely to Prosody...
  351. intosi has left
  352. lskdjf has left
  353. lskdjf has joined
  354. intosi has joined
  355. lskdjf has left
  356. lskdjf has joined
  357. lskdjf has left
  358. lskdjf has joined
  359. lskdjf has left
  360. lskdjf has joined
  361. lskdjf has left
  362. lskdjf has joined
  363. lskdjf has left
  364. lskdjf has joined
  365. adiaholic has left
  366. alex-a-soto has left
  367. alex-a-soto has joined
  368. neshtaxmpp has joined
  369. lskdjf has left
  370. lskdjf has joined
  371. Wojtek has joined
  372. lskdjf has left
  373. lskdjf has joined
  374. intosi has left
  375. LNJ has left
  376. ChronosX88 has left
  377. Ge0rG jonas’: thanks for merging!
  378. Ge0rG Looks like I missed adding AV to the categories list in the intro. Also should find a better name for "feature providers"
  379. serge90 has joined
  380. Ge0rG Maybe just "specifications"?
  381. LNJ has joined
  382. intosi has joined
  383. lskdjf has left
  384. andrey.g has left
  385. lovetox has left
  386. akkiko has joined
  387. lskdjf has joined
  388. akkiko has left
  389. APach has left
  390. APach has joined
  391. serge90 has left
  392. lorddavidiii has left
  393. nad287 has joined
  394. akkiko has joined
  395. Yagiza has left
  396. lovetox has joined
  397. Nekit has left
  398. lskdjf has left
  399. Shell has joined
  400. lskdjf has joined
  401. winfried has left
  402. winfried has joined
  403. winfried has left
  404. winfried has joined
  405. Lance has left
  406. Lance has joined
  407. Lance has left
  408. pasdesushi has joined
  409. lorddavidiii has joined
  410. govanify has left
  411. govanify has joined
  412. lskdjf has left
  413. lskdjf has joined
  414. lskdjf has left
  415. lskdjf has joined
  416. lskdjf has left
  417. lskdjf has joined
  418. lskdjf has left
  419. lskdjf has joined
  420. DebXWoody has left
  421. akkiko has left
  422. pasdesushi has left
  423. disgyze has left
  424. pasdesushi has joined
  425. pasdesushi has left
  426. alex-a-soto has left
  427. alex-a-soto has joined
  428. pasdesushi has joined
  429. DebXWoody has joined
  430. DebXWoody has left
  431. DebXWoody has joined
  432. DebXWoody has left
  433. DebXWoody has joined
  434. Mikaela has left
  435. lovetox has left
  436. pasdesushi has left
  437. pasdesushi has joined
  438. Syndace has left
  439. Syndace has joined
  440. pasdesushi has left
  441. pasdesushi has joined
  442. pasdesushi has left
  443. pasdesushi has joined
  444. Andrzej has left
  445. DebXWoody has left
  446. arc has joined
  447. Tobias has left
  448. pasdesushi has left
  449. pasdesushi has joined
  450. marc has left
  451. marc has joined
  452. andrey.g has joined
  453. pasdesushi has left
  454. Andrzej has joined
  455. nad287 has left
  456. pasdesushi has joined
  457. lorddavidiii has left
  458. pasdesushi has left
  459. goffi has left
  460. Lance has joined
  461. Lance has left
  462. dwd has left
  463. debacle has left
  464. marc has left
  465. dwd has joined
  466. marc has joined
  467. Andrzej has left
  468. andrey.g has left
  469. Andrzej has joined
  470. alex-a-soto has left
  471. alex-a-soto has joined
  472. pasdesushi has joined
  473. Lance has joined
  474. pasdesushi has left
  475. jcbrand has left
  476. Andrzej has left
  477. pasdesushi has joined
  478. LNJ has left
  479. wurstsalat has left
  480. pasdesushi has left
  481. emus has left
  482. Wojtek has left
  483. Vaulor has left
  484. Andrzej has joined