XSF Discussion - 2021-01-31

  1. marek has left

  2. marek has joined

  3. wladmis has left

  4. LNJ has left

  5. alameyo has left

  6. karoshi has left

  7. marek has left

  8. marek has joined

  9. wurstsalat has left

  10. Andrzej has joined

  11. stpeter has joined

  12. stpeter has left

  13. Zash has left

  14. Maranda has left

  15. Maranda has joined

  16. tom has joined

  17. Andrzej has left

  18. alameyo has joined

  19. larma has joined

  20. emus has left

  21. tom has left

  22. stp has left

  23. moparisthebest

    https://burtrum.org/up/53831ae2-c479-4137-a8c6-d2007b0680df/IMG_20210130_203835.jpg

  24. moparisthebest

    ^ Looks like XMPP isn't the only one with, eh, styling problems cc SamWhited jonas’

  25. moparisthebest

    Does matrix really use pseudo-xml for markup in it's text?

  26. moparisthebest

    For context, this is an IRC channel I'm joined to via conversations and biboumi and those people are joined from matrix

  27. SamWhited

    It's a subset of HTML, not XML

  28. SamWhited

    https://matrix.org/docs/spec/client_server/unstable#m-room-message-msgtypes

  29. moparisthebest

    > Clients should limit the HTML they render to avoid Cross-Site Scripting, HTML injection, and similar attacks. The strongly suggested set of HTML tags to permit, denying the use and rendering of anything else, is: ...

  30. moparisthebest

    Yikes, well, nothing could possibly go wrong there right?

  31. moparisthebest

    > Not all attributes on those tags should be permitted

  32. SamWhited

    There's an open proposal for a replacement (although I think it still uses HTML? I dunno, I haven't really read it): https://github.com/matrix-org/matrix-doc/pull/1767

  33. moparisthebest

    It's cool how when that PR is merged all clients will be instantly updated

  34. moparisthebest

    Since that was the point of not doing xeps I mean

  35. Zash has joined

  36. paul has left

  37. Zash has left

  38. Zash has joined

  39. alameyo has left

  40. Zash

    moparisthebest: It's HTML embedded in JSON, so it's perfectly safe. Mastodon does it that way too. But XHTML in XML is impossible to secure!!!!kk!!

  41. alameyo has joined

  42. chronosx88 has left

  43. chronosx88 has joined

  44. neshtaxmpp has left

  45. chronosx88 has left

  46. stp has joined

  47. wladmis has joined

  48. govanify has left

  49. govanify has joined

  50. govanify has left

  51. govanify has joined

  52. Andrzej has joined

  53. stpeter has joined

  54. stpeter has left

  55. stp has left

  56. wladmis has left

  57. wladmis has joined

  58. Andrzej has left

  59. debacle has left

  60. govanify has left

  61. govanify has joined

  62. arc has left

  63. arc has joined

  64. govanify has left

  65. govanify has joined

  66. Andrzej has joined

  67. murabito has left

  68. murabito has joined

  69. Andrzej has left

  70. Andrzej has joined

  71. wladmis has left

  72. fuana has joined

  73. Andrzej has left

  74. Andrzej has joined

  75. stpeter has joined

  76. stpeter has left

  77. govanify has left

  78. govanify has joined

  79. Vaulor has joined

  80. marek has left

  81. Seve has joined

  82. marek has joined

  83. Andrzej has left

  84. fuana has left

  85. arc has left

  86. arc has joined

  87. Andrzej has joined

  88. wladmis has joined

  89. karoshi has joined

  90. Andrzej has left

  91. Andrzej has joined

  92. marek has left

  93. Adi has left

  94. marek has joined

  95. Adi has joined

  96. paul has joined

  97. Andrzej has left

  98. lorddavidiii has joined

  99. mukt2 has left

  100. govanify has left

  101. govanify has joined

  102. stpeter has joined

  103. stpeter has left

  104. Mikaela has joined

  105. chronosx88 has joined

  106. marek has left

  107. marek has joined

  108. wladmis has left

  109. chronosx88 has left

  110. chronosx88 has joined

  111. mukt2 has joined

  112. ti_gj06 has joined

  113. govanify has left

  114. govanify has joined

  115. jcbrand has joined

  116. mukt2 has left

  117. neshtaxmpp has joined

  118. andy has joined

  119. Andrzej has joined

  120. marek has left

  121. marek has joined

  122. LNJ has joined

  123. mukt2 has joined

  124. mukt2 has left

  125. mukt2 has joined

  126. Andrzej has left

  127. Andrzej has joined

  128. antranigv has left

  129. mukt2 has left

  130. karoshi has left

  131. karoshi has joined

  132. Andrzej has left

  133. mukt2 has joined

  134. goffi has joined

  135. Seve has left

  136. karoshi has left

  137. karoshi has joined

  138. wurstsalat has joined

  139. emus has joined

  140. Andrzej has joined

  141. karoshi has left

  142. stp has joined

  143. ti_gj06 has left

  144. karoshi has joined

  145. stpeter has joined

  146. stpeter has left

  147. Tobias has joined

  148. Daniel has left

  149. Daniel has joined

  150. mukt2 has left

  151. ti_gj06 has joined

  152. karoshi has left

  153. Daniel has left

  154. Daniel has joined

  155. mukt2 has joined

  156. Andrzej has left

  157. karoshi has joined

  158. stp has left

  159. serge90 has joined

  160. ti_gj06 has left

  161. andy has left

  162. andy has joined

  163. Adi has left

  164. Adi has joined

  165. marek has left

  166. mimi89999 has left

  167. marek has joined

  168. mimi89999 has joined

  169. Seve has joined

  170. Jan has joined

  171. ti_gj06 has joined

  172. antranigv has joined

  173. Andrzej has joined

  174. andy has left

  175. Neustradamus has joined

  176. mukt2 has left

  177. karoshi has left

  178. mukt2 has joined

  179. karoshi has joined

  180. neshtaxmpp has left

  181. mukt2 has left

  182. alameyo has left

  183. karoshi has left

  184. karoshi has joined

  185. stp has joined

  186. debacle has joined

  187. goffi has left

  188. wladmis has joined

  189. Andrzej has left

  190. Guus has joined

  191. alameyo has joined

  192. neshtaxmpp has joined

  193. moparisthebest has left

  194. moparisthebest has joined

  195. mukt2 has joined

  196. deuill has left

  197. Andrzej has joined

  198. deuill has joined

  199. eevvoor has joined

  200. mathijs has left

  201. mathijs has joined

  202. Guus has left

  203. karoshi has left

  204. mukt2 has left

  205. debacle has left

  206. lorddavidiii has left

  207. karoshi has joined

  208. Andrzej has left

  209. goffi has joined

  210. mukt2 has joined

  211. peetah has left

  212. mathijs has left

  213. mathijs has joined

  214. Andrzej has joined

  215. andy has joined

  216. karoshi has left

  217. mukt2 has left

  218. mdosch has left

  219. mdosch has joined

  220. lorddavidiii has joined

  221. andy has left

  222. mukt2 has joined

  223. karoshi has joined

  224. goffi has left

  225. Andrzej has left

  226. peetah has joined

  227. alameyo has left

  228. alameyo has joined

  229. nyco has left

  230. papatutuwawa has joined

  231. Andrzej has joined

  232. karoshi has left

  233. Neustradamus has left

  234. Neustradamus has joined

  235. tom has joined

  236. tom has left

  237. ti_gj06 has left

  238. mukt2 has left

  239. alameyo has left

  240. alameyo has joined

  241. karoshi has joined

  242. nyco has joined

  243. peetah has left

  244. stp has left

  245. nyco has left

  246. Andrzej has left

  247. mukt2 has joined

  248. ti_gj06 has joined

  249. peetah has joined

  250. ti_gj06 has left

  251. papatutuwawa has left

  252. alameyo has left

  253. nyco has joined

  254. mathijs has left

  255. Andrzej has joined

  256. mukt2 has left

  257. mathijs has joined

  258. chronosx88 has left

  259. chronosx88 has joined

  260. Andrzej has left

  261. chronosx88 has left

  262. chronosx88 has joined

  263. mukt2 has joined

  264. goffi has joined

  265. SamWhited

    Both are impossible to secure. reusing the layer your client is built in (possibly) internally is just a bad idea period.

  266. alameyo has joined

  267. larma has left

  268. debacle has joined

  269. papatutuwawa has joined

  270. mukt2 has left

  271. LNJ has left

  272. alameyo has left

  273. LNJ has joined

  274. ti_gj06 has joined

  275. Andrzej has joined

  276. stpeter has joined

  277. stpeter has left

  278. peetah has left

  279. nyco has left

  280. peetah has joined

  281. mukt2 has joined

  282. debacle has left

  283. deuill has left

  284. ti_gj06 has left

  285. lorddavidiii has left

  286. mukt2 has left

  287. deuill has joined

  288. papatutuwawa has left

  289. papatutuwawa has joined

  290. chronosx88 has left

  291. chronosx88 has joined

  292. Andrzej has left

  293. werdan has joined

  294. mukt2 has joined

  295. Neustradamus has left

  296. nyco has joined

  297. lorddavidiii has joined

  298. mukt2 has left

  299. alacer has left

  300. Neustradamus has joined

  301. alacer has joined

  302. werdan has left

  303. peetah has left

  304. peetah has joined

  305. peetah has left

  306. peetah has joined

  307. chronosx88 has left

  308. chronosx88 has joined

  309. papatutuwawa has left

  310. nyco has left

  311. nyco has joined

  312. mukt2 has joined

  313. paul has left

  314. larma has joined

  315. mukt2 has left

  316. Andrzej has joined

  317. chronosx88 has left

  318. chronosx88 has joined

  319. mukt2 has joined

  320. chronosx88 has left

  321. chronosx88 has joined

  322. Guus has joined

  323. nyco has left

  324. nyco has joined

  325. mukt2 has left

  326. peetah has left

  327. peetah has joined

  328. ti_gj06 has joined

  329. chronosx88 has left

  330. chronosx88 has joined

  331. chronosx88 has left

  332. chronosx88 has joined

  333. Andrzej has left

  334. lorddavidiii has left

  335. arc has left

  336. arc has joined

  337. peetah has left

  338. chronosx88 has left

  339. chronosx88 has joined

  340. mukt2 has joined

  341. peetah has joined

  342. lorddavidiii has joined

  343. Andrzej has joined

  344. arc has left

  345. arc has joined

  346. mukt2 has left

  347. lskdjf has joined

  348. ti_gj06 has left

  349. Andrzej has left

  350. fuana has joined

  351. stpeter has joined

  352. stpeter has left

  353. lskdjf has left

  354. lskdjf has joined

  355. fuana has left

  356. lskdjf has left

  357. lskdjf has joined

  358. mukt2 has joined

  359. Guus has left

  360. lskdjf has left

  361. lskdjf has joined

  362. lskdjf has left

  363. lskdjf has joined

  364. ti_gj06 has joined

  365. mukt2 has left

  366. Guus has joined

  367. lskdjf has left

  368. fuana has joined

  369. lskdjf has joined

  370. lskdjf has left

  371. lskdjf has joined

  372. Guus has left

  373. fuana has left

  374. lskdjf has left

  375. lskdjf has joined

  376. mukt2 has joined

  377. lskdjf has left

  378. lskdjf has joined

  379. stpeter has joined

  380. stpeter has left

  381. lskdjf has left

  382. lskdjf has joined

  383. moparisthebest

    Speaking of impossible to secure, add mam and carbons to the list https://monal.im/blog/cve-2020-26547/

  384. Zash

    Welcome to the club!

  385. moparisthebest

    The list of clients that haven't had that vuln is probably shorter

  386. Zash

    That list is probably the list of clients where nobody has looked yet. 🙁

  387. moparisthebest

    Likely

  388. Zash

    Ge0rG can confirm 🙂

  389. moparisthebest

    Anyone look at siskin yet

  390. Zash

    https://wiki.xmpp.org/web/XEP-Remarks/XEP-0280:_Message_Carbons#Client-Side_Processing

  391. moparisthebest

    Add it to the list! Any similar note for mam?

  392. lskdjf has left

  393. lskdjf has joined

  394. fuana has joined

  395. Zash

    https://wiki.xmpp.org/web/XEP-Remarks/XEP-0313:_Message_Archive_Management looks like

  396. mukt2 has left

  397. Zash

    IIRC similar issue with rosters have been a thing in the past

  398. Daniel

    > The list of clients that haven't had that vuln is probably shorter Conversations is on that list

  399. lskdjf has left

  400. lskdjf has joined

  401. moparisthebest

    Possibly alone

  402. Zash

    Daniel: 🥇️

  403. Zash

    A winrar is you!

  404. lskdjf has left

  405. lskdjf has joined

  406. Ge0rG

    BTW, I've recently added those lists to the wiki because of the "new" pidgin Carbons code being vulnerable

  407. fuana has left

  408. Ge0rG

    Maybe somebody can add the Monal link?

  409. lskdjf has left

  410. lskdjf has joined

  411. jcbrand has left

  412. Zash

    On it

  413. lskdjf has left

  414. lskdjf has joined

  415. Zash

    Done

  416. Zash

    Hope the link title is ok. If not, fix it! 😉

  417. Neustradamus has left

  418. Neustradamus has joined

  419. Ge0rG

    👍

  420. lskdjf has left

  421. lskdjf has joined

  422. jcbrand has joined

  423. lskdjf has left

  424. lskdjf has joined

  425. fuana has joined

  426. lskdjf has left

  427. lskdjf has joined

  428. fuana has left

  429. karoshi has left

  430. lskdjf has left

  431. lskdjf has joined

  432. Yagiza has left

  433. peetah has left

  434. lskdjf has left

  435. lskdjf has joined

  436. peetah has joined

  437. peetah has left

  438. peetah has joined

  439. LNJ has left

  440. fuana has joined

  441. lskdjf has left

  442. lskdjf has joined

  443. karoshi has joined

  444. Yagiza has joined

  445. Andrzej has joined

  446. fuana has left

  447. paul has joined

  448. LNJ has joined

  449. mukt2 has joined

  450. ti_gj06 has left

  451. karoshi has left

  452. fuana has joined

  453. karoshi has joined

  454. LNJ has left

  455. fuana has left

  456. mukt2 has left

  457. LNJ has joined

  458. karoshi has left

  459. LNJ has left

  460. fuana has joined

  461. serge90 has left

  462. lskdjf has left

  463. jonas’

    moparisthebest, since you mentioned it here the other day, pester your XMPP client developer about supporting the color vision deficiency fixes for '392 :)

  464. adiaholic has left

  465. Guus has joined

  466. fuana has left

  467. karoshi has joined

  468. alameyo has joined

  469. papatutuwawa has joined

  470. adiaholic has joined

  471. deuill has left

  472. ti_gj06 has joined

  473. LNJ has joined

  474. lovetox has left

  475. lovetox has joined

  476. marek has left

  477. debacle has joined

  478. mukt2 has joined

  479. marek has joined

  480. mukt2 has left

  481. fuana has joined

  482. deuill has joined

  483. lorddavidiii has left

  484. fuana has left

  485. andrey.g has joined

  486. test1 has joined

  487. lskdjf has joined

  488. flow

    https://www.nic.at/media/files/News_and_PR/BachelorArbeit.pdf

  489. Zash

    DE-crypted?

  490. Zash

    Ah, nm, some kind of fore-word

  491. serge90 has joined

  492. lskdjf has left

  493. lskdjf has joined

  494. lskdjf has left

  495. lskdjf has joined

  496. lskdjf has left

  497. lskdjf has joined

  498. test1 has left

  499. test1 has joined

  500. test1 has left

  501. test1 has joined

  502. test1 has left

  503. test1 has joined

  504. test1 has left

  505. stpeter has joined

  506. stpeter has left

  507. APach has left

  508. APach has joined

  509. Yagiza has left

  510. Neustradamus has left

  511. Neustradamus has joined

  512. Andrzej has left

  513. mukt2 has joined

  514. test1 has joined

  515. test1 has left

  516. mukt2 has left

  517. Andrzej has joined

  518. werdan has joined

  519. fuana has joined

  520. chronosx88 has left

  521. chronosx88 has joined

  522. werdan has left

  523. fuana has left

  524. Andrzej has left

  525. ti_gj06 has left

  526. fuana has joined

  527. mukt2 has joined

  528. Andrzej has joined

  529. fuana has left

  530. APach has left

  531. APach has joined

  532. test1 has joined

  533. test1 has left

  534. mukt2 has left

  535. test1 has joined

  536. test1 has left

  537. test1 has joined

  538. test1 has left

  539. wladmis has left

  540. wladmis has joined

  541. APach has left

  542. APach has joined

  543. goffi has left

  544. Andrzej has left

  545. eevvoor has left

  546. fuana has joined

  547. fuana has left

  548. Tobias has left

  549. test1 has joined

  550. mukt2 has joined

  551. test1 has left

  552. goffi has joined

  553. deuill has left

  554. test1 has joined

  555. test1 has left

  556. test1 has joined

  557. lskdjf has left

  558. deuill has joined

  559. test1 has left

  560. test1 has joined

  561. test1 has left

  562. moparisthebest

    on the topic of programatically generated avatars instead of colors from the other day, lol https://social.tchncs.de/@cark/105651953031693352

  563. moparisthebest

    I don't speak german but the gist seems to be gitea generated a swastika for some users cc jonas’

  564. Zash

    Praise the sun.

  565. mukt2 has left

  566. Zash

    Can't have nice things or rotational symmetry.

  567. moparisthebest

    1. randomly generated avatars 2. not offending users; pick 1

  568. Zash

    And whatever you do, don't let the Internet train your AI!

  569. goffi has left

  570. stpeter has joined

  571. stpeter has left

  572. lovetox has left

  573. larma has left

  574. goffi has joined

  575. antranigv has left

  576. adiaholic has left

  577. adiaholic has joined

  578. alameyo has left

  579. chronosx88 has left

  580. alameyo has joined

  581. antranigv has joined

  582. Adi has left

  583. goffi has left

  584. Dele Olajide has joined

  585. Dele Olajide has left

  586. Mikaela has left

  587. deuill has left

  588. karoshi has left

  589. Guus has left

  590. Adi has joined

  591. jcbrand has left

  592. deuill has joined

  593. Lance has joined

  594. marek has left

  595. Lance has left

  596. marek has joined

  597. Andrzej has joined

  598. papatutuwawa has left

  599. andrey.g has left

  600. neshtaxmpp has left

  601. jcbrand has joined

  602. mukt2 has joined

  603. Alex has left

  604. Andrzej has left

  605. mukt2 has left

  606. alameyo has left

  607. wurstsalat has left

  608. alameyo has joined

  609. paul has left

  610. larma has joined

  611. LNJ has left

  612. Seve has left

  613. marek has left

  614. marek has joined

  615. mukt2 has joined