-
khirput
Any way of blocking them? It's getting very tiring opening the gallery and getting "surprised"...
-
khirput
I'm using a fork of Conversations on Android. Just wondering if I can do that at the app level.
-
Menel
You can configure your fork to not download pictures in public channels. Beside the spam that is also a security risk.
-
khirput
Security? How so?✎ -
khirput
Menel: Security? How so? ✏
-
khirput
And thanks, just disabled that š
-
Menel
Viruses are possible... There was a bug not long ago that clients just believed the size of the picture, but if the sever continues to send data, they would continue until their storage is full. Especially conversations forks were vulnerable for a longer time after it was known.
-
khirput
Oh, right. They didn't use hashes?
-
jonasā
hashes?
-
Kev
Looks like we've made it into GSoC again. Congrats to everyone involved.
-
jonasā
\o/
-
wurstsalat
āā |ā āµā |ā āā āŖ
-
khirput
jonasā: some kind of hash to check the properties of the file match what the server is giving them?
-
jonasā
nah, simpler than that.
-
jonasā
they ignored the Content-Length header
-
khirput
Right
-
khirput
Are there any public security audits of XMPP that have been done recently?
-
jonasā
XMPP is tricky to audit, as it's a protocol
-
jonasā
a rather modular protocol to make things trickier
-
jonasā
I don't know if there are audits of specific applications though
-
jonasā
probably there are
-
Menel
I bet it is always per application. Or are there audits for https?
-
jonasā
Menel, I wouldn't be surprised if there are audits of TLS
-
jonasā
protocols can be fatally broken, too
-
jonasā
(e.g. with downgrade attacks or so)
-
emus
> Kev: > 2023-02-23 09:19 (GMT+01:00) > Looks like we've made it into GSoC again. Congrats to everyone involved. good to know, havent had the chance to check yet š š§š»
-
emus
Kev: but kev, where you got the information from exactly?
-
Kev
When the mail went out about accepted orgs I checked the site.
-
emus
I see they published already: https://summerofcode.withgoogle.com/programs/2023/organizations/xmpp-standards-foundation then is fine. Just saying because we are not allowed to tell before Google has published on the website
-
Kev
I know, I've done this before ;)
-
emus
Kev: Perfect šš
-
singpolyma
khirput: my fork of Conversations includes the ability to permanently block any image or media or avatar in the current pre-release, as well as some other moderation related stuff, if you're interested