Logs for jdev
[05:55:05] * mlundblad_laptop joined the chat.
[07:17:11] * tkoski joined the chat.
[07:29:48] * jprieur joined the chat.
[07:30:00] * jprieur left the chat.
[07:32:18] * jonas joined the chat.
[07:33:39] * Treebilou joined the chat.
[07:36:07] * luca tagliaferri joined the chat.
[07:36:27] * luca tagliaferri left the chat.
[07:36:35] * luca tagliaferri joined the chat.
[07:39:54] * Guus joined the chat.
[07:45:30] * ermine joined the chat.
[08:05:51] * Guus left the chat.
[08:06:20] * Guus joined the chat.
[08:35:35] * Ludovic left the chat.
[08:36:03] * nabatt joined the chat.
[08:49:27] * petermount joined the chat.
[09:07:36] * Zash joined the chat.
[09:09:55] * ermine left the chat.
[09:10:11] * ermine joined the chat.
[09:31:11] * alkino joined the chat.
[09:34:12] * alkino left the chat.
[10:42:22] * Tobias left the chat.
[10:49:19] * MattJ joined the chat.
[10:50:41] <MattJ> mlundblad_laptop, you implemented Jingle FT in Pidgin? Is it used for normal file transfers?
[10:52:15] <mlundblad_laptop> it's not yet merged into the main branch
[10:55:55] <MattJ> I don't suppose you have an Ubuntu deb for it? :)
[10:56:17] <MattJ> Compiling Pidgin is the *last* thing I plan to do today
[10:56:28] <Kev> s/last/only/
[10:58:27] <Zash> Hahaha
[11:04:51] <mlundblad_laptop> nope, I don't
[11:04:53] <mlundblad_laptop> :D
[11:33:34] * nabatt left the chat.
[11:46:45] * Link Mauve joined the chat.
[11:47:01] <MattJ> I guess I'll just have to implement sending files and be sure I interop with myself :)
[11:48:08] <MattJ> mlundblad_laptop, did you implement the "direct" candidate type?
[11:48:46] * nabatt joined the chat.
[11:52:01] <mlundblad_laptop> yes
[11:52:09] <mlundblad_laptop> both direct and proxy
[11:52:16] <mlundblad_laptop> and assisted
[11:52:23] <MattJ> Does direct include SOCKS5 negotiation?
[11:52:29] <MattJ> or just send the data?
[11:52:30] <mlundblad_laptop> yep
[11:52:36] <MattJ> Ok
[11:52:44] <mlundblad_laptop> it does socks5 negotiation
[11:52:45] <MattJ> For some reason Gajim won't speak to me when I try that
[11:52:58] <mlundblad_laptop> yeah, I tried it too
[11:53:02] <MattJ> Anyhow, if they're the same... why does the XEP need to distinguish them?
[11:53:33] * Zash left the chat.
[11:54:04] <mlundblad_laptop> not sure why that doesn't work, but it works pidgin-to-pidgin and the negotiating code is copied from the old SI stuff, and
I refactored it, so it should be the same
[11:54:20] <mlundblad_laptop> it still works with SI against a normal pidgin
[11:54:38] <mlundblad_laptop> but I suppose one might try investigating with wireshark
[11:55:00] <MattJ> Well I can't get Gajim<->Gajim to work, so I'm not particularly worried just yet :)
[11:55:10] <mlundblad_laptop> oh
[11:55:18] <mlundblad_laptop> I didn't even try that
[11:55:25] * jonas left the chat.
[11:55:54] <MattJ> I can't tell for sure, but it looks like it expects the connection to be SSL
[11:56:00] <mlundblad_laptop> ahh
[11:56:09] <mlundblad_laptop> I have not implemented SSL
[11:56:19] <mlundblad_laptop> maybe I'll get to that some day...
[11:56:35] <MattJ> I don't see where it's documented
[11:57:09] <mlundblad_laptop> I don't know if it really is, but I think XTLS is documented somewhere
[12:09:36] * MattJ left the chat.
[12:12:50] * MattJ joined the chat.
[12:16:19] * Zash joined the chat.
[12:35:24] * jonas joined the chat.
[12:35:26] * petermount left the chat.
[12:35:26] * petermount joined the chat.
[12:35:27] * Link Mauve left the chat.
[12:35:37] * Link Mauve joined the chat.
[12:35:48] * Link Mauve left the chat.
[12:36:32] <petermount> hmmm, is there something weird going on with jabber.org? had a weird presence issue where I appeared to go offline, but was
still connected to here...
[12:36:38] * Link Mauve joined the chat.
[12:37:00] <petermount> disconnecting and reconnecting fixed the presence... so think it was s2s based...
[12:44:12] * luca tagliaferri left the chat.
[12:46:34] * Zash left the chat.
[12:48:50] * luca tagliaferri joined the chat.
[13:00:55] * Zash joined the chat.
[13:01:12] * Link Mauve left the chat.
[13:02:19] * Link Mauve joined the chat.
[13:20:43] * tofu left the chat.
[13:20:47] * tofu joined the chat.
[13:20:57] * tofu left the chat.
[13:21:10] * tofu joined the chat.
[13:37:44] * Tobias joined the chat.
[13:42:43] * Ludovic joined the chat.
[14:12:06] * Pinky joined the chat.
[14:12:10] <Pinky> hi all
[14:12:31] <Pinky> any news about gtalk <-> xmpp federation problem?
[14:12:45] <MattJ> Is there still a problem?
[14:13:13] <jonas> Pinky, for us (jabber.se) it suddenly started working around a week ago
[14:13:22] <petermount> to be honest I've not tried it recently...
[14:13:25] <Pinky> hm, we have dirty hosts patch discused here
[14:13:52] <MattJ> Well it never broke for me, so I'm not in the best position to say whether it's working now :)
[14:14:15] <jonas> the problem was with google, not with any "normal" xmpp installation
[14:14:24] <petermount> mattj: it was always google -> conference.jabber.org I had a problem with
[14:15:11] * tofu left the chat.
[14:15:32] * tkoski left the chat.
[14:15:44] <jonas> Pinky, are you having problems with gtalk?
[14:15:56] <Pinky> jonas: time to time
[14:16:14] <Pinky> johnny: and we have 7 domains now, and today njs.netlab.cz works and jabber.cz not :-D
[14:16:17] * tofu joined the chat.
[14:16:29] * petermount-google joined the chat.
[14:16:30] * petermount-google left the chat.
[14:16:30] * petermount-google joined the chat.
[14:16:30] * petermount-google left the chat.
[14:16:31] <Pinky> johnny: same server, the same settings :-D
[14:16:43] * petermount-google joined the chat.
[14:16:43] * petermount-google left the chat.
[14:16:43] <jonas> Pinky, thats how it was for us too
[14:16:49] <jonas> same server, two domains, one working, the other not
[14:17:10] <Pinky> jonas: and now works all your domains?
[14:17:21] <jonas> the problem was that google server "froze" when sending dailback verify request
[14:17:27] <jonas> Pinky, yes, they both work now
[14:17:28] <Pinky> jonas: we have /etc/hosts with added gtalk servers?
[14:17:40] <jonas> just started to work, with no warning and we didnt change anything
[14:17:45] <Pinky> heh
[14:17:50] <jonas> i was minding my own business, and suddenly started receiving data
[14:17:51] <petermount> hmmm, google isn't working for me atm with conference.jabber.org... one window shows I'm in here, this one showed petermount-google
entering and then leaving immediately....
[14:18:51] <Kev> petermount: Right, that's a long-standing Google Talk bug.
[14:19:10] <jonas> its too bad that it's practically impossible to get in touch with the gtalk server guys
[14:19:17] <petermount> thats the usual one I see - not tried it for some time
[14:20:25] <petermount> I had seen some presence weirdness earlier but other than that...
[14:45:15] * deryni joined the chat.
[14:47:56] * Neustradamus left the chat.
[14:49:39] * Neustradamus joined the chat.
[14:53:56] * mlundblad_laptop left the chat.
[14:54:33] * rappel joined the chat.
[14:54:33] * rappel left the chat.
[14:54:33] * rappel joined the chat.
[14:54:33] * rappel left the chat.
[14:56:15] * rappel joined the chat.
[14:56:15] * rappel left the chat.
[15:35:00] * hawke joined the chat.
[15:46:14] * Pinky left the chat.
[15:50:07] * bjc joined the chat.
[15:51:11] * jonas left the chat.
[16:03:26] * niekie left the chat.
[16:03:39] * niekie joined the chat.
[16:11:49] * Zash left the chat.
[16:21:36] * julm joined the chat.
[16:27:56] * Florob joined the chat.
[16:34:23] * nabatt left the chat.
[16:43:44] * jugg left the chat.
[17:05:00] * hawke left the chat.
[17:05:00] * hawke joined the chat.
[17:07:30] * petermount left the chat.
[17:12:22] * Zash joined the chat.
[17:33:35] * evilotto joined the chat.
[17:45:27] * Link Mauve left the chat.
[17:46:51] * Zash left the chat.
[18:11:15] * alkino joined the chat.
[18:19:17] * Zash joined the chat.
[18:34:30] * mlundblad joined the chat.
[18:45:28] * wеstsibe joined the chat.
[18:50:35] * Link Mauve joined the chat.
[19:11:46] * wеstsibe left the chat.
[19:28:29] * Guus left the chat.
[19:29:00] * Zash left the chat.
[19:29:31] * hawke left the chat.
[19:29:34] * hawke joined the chat.
[19:33:58] * psa joined the chat.
[19:52:49] * darco joined the chat.
[20:50:16] * Zash joined the chat.
[20:51:27] <Zash> We should all enforce encrypted s2s
[20:51:36] <Zash> The world would be a better place
[20:52:10] * Asterix left the chat.
[20:52:27] * tofu left the chat.
[20:52:32] * tofu joined the chat.
[20:53:53] <psa> Zash: indeed -- step 1 is to do that from client to server
[20:57:16] <Zash> psa: Nothing stops you from enforcing encryption on c2s afaik, but if you do it with s2s, you won't be able to talk to anyone
using gtalk :(
[20:57:46] <psa> Zash: actually, something prevented us from enforcing encryption on c2s at jabber.org -- too many older clients broke
[20:57:56] <psa> but I hope we can get there soonish
[20:58:23] <psa> (well, the broken clients did old-style ssl on port 5223 but not starttls)
[20:58:26] <Zash> and people should use old clients because ... ;)
[21:01:59] * Treebilou left the chat.
[21:02:20] <psa> well
[21:02:50] <psa> one example was iChat on OS X 10.4, which presumably will be end-of-lifed before too much longer
[21:06:48] <psa> wow, I'm sure that everyone here has read it by now, but http://www.telegraph.co.uk/technology/google/7951269/Young-will-have-to-change-names-to-escape-cyber-past-warns-Googles-Eric-Schmidt.html
is scary stuff
[21:07:33] <evilotto> what is the argument for forcing encryption to be used everywhere?
[21:09:37] <psa> evilotto: because Mallory and Eve aren't part of your social network?
[21:09:42] <johnny> psa, sure... but the irrelevant part is who said it
[21:09:49] <johnny> that's just a fact in general.. with or without google
[21:09:50] <Zash> Everything passing the swedish border is captured and analyzed ...
[21:10:05] <johnny> it's not really that scary
[21:10:06] <psa> johnny: welcome to the future
[21:10:08] <johnny> i mean.. new scary
[21:10:14] <johnny> it's the same old
[21:10:18] <psa> I didn't say I was surprised
[21:10:19] <johnny> welcome to the past
[21:10:26] <johnny> small towns
[21:10:30] <johnny> very similiar
[21:10:35] <johnny> except the small town is the world
[21:10:41] <psa> perhaps
[21:11:27] <Zash> /me doesn't think we should make it too easy to eavesdrop ...
[21:11:38] <johnny> sometimes it's hard to tell which people have the most problem with..
[21:12:08] <johnny> the fact that everybody can know everything about you.. or the fact that a big corp/credit bureau/government knows more than
everybody else knwos about you
[21:12:27] * smoku joined the chat.
[21:12:45] <johnny> would be nice for people to separate those two things
[21:13:23] <johnny> it's not completely possible to stop either one.. even if everybody used disapora or whatever
[21:13:35] <johnny> there's always copy/paste
[21:14:08] <johnny> unless we call in with the whole output protection schemes.. to protect ourselves
[21:14:11] <johnny> fall in*
[21:14:17] <johnny> but we all know that would only stop the n00bs
[21:14:59] * Neustradamus left the chat.
[21:15:43] * Neustradamus joined the chat.
[21:21:35] * hawke left the chat.
[21:21:36] * hawke joined the chat.
[21:24:23] * niekie left the chat.
[21:24:25] * Zash left the chat.
[21:29:29] * mlundblad left the chat.
[21:31:36] * darco left the chat.
[21:35:23] * tofu left the chat.
[21:35:38] * tofu joined the chat.
[21:36:25] * tofu left the chat.
[21:36:37] * bjc left the chat.
[21:36:40] * tofu joined the chat.
[21:44:27] * psa left the chat.
[21:49:16] * ermine left the chat.
[21:59:23] * johnny left the chat.
[21:59:45] * Ludovic left the chat.
[22:06:00] <evilotto> psa: do mallory and eve exist? do we care? should we care? should we be forced to care, even if we feel we don't need to?
[22:07:27] * deryni left the chat.
[22:07:42] <evilotto> I recall reading something a few years ago that encryption only solves a small part of the security problem, but it's the
only part that we know anything about how to solve, so it gets a lot of attention.
[22:10:52] <evilotto> listening in on a connection in the first place is not a trivial undertaking, although it is somewhat easier with wireless
connections.
[22:11:25] * niekie joined the chat.
[22:14:53] <evilotto> I'll admin I'm a programmer, not a security guy. But I haven't seen some of these simple questions answered.
[22:19:17] <evilotto> I'm not saying that I expect you to answer them; it's just a general thing. I see lots of people saying "isn't ti great that
you can use https everywhere now?" (or "s2s should force encryption") but without saying what the tangible benefits are.
[22:26:15] * alkino left the chat.
[22:27:45] * smoku left the chat.
[22:33:52] * johnny joined the chat.
[22:59:43] * Zash joined the chat.
[23:10:52] * Link Mauve left the chat.
[23:21:44] <MattJ> evilotto, I agree that a lot of people go for "security" without knowing what they mean
[23:22:03] <MattJ> But I don't think full security is /that/ hard to get, if that's what you really want
[23:23:02] <MattJ> One of the main problems is that most users (I mean all users, not just technical users) will still dismiss cert warning dialogs
[23:24:10] <Zash> What was up with s2s cert verification btw?
[23:24:30] <MattJ> what where?
[23:24:57] * Zash left the chat.
[23:25:08] * Zash joined the chat.
[23:25:26] <Zash> Do servers validate other servers certs?
[23:25:44] <Zash> /me slaps ^W for doing the Wrong thing
[23:26:40] <MattJ> Zash, some do
[23:27:08] <MattJ> Forcing s2s encryption is a tricky business
[23:27:30] <Zash> Hm
[23:27:44] <MattJ> It ultimately implies that you only want to speak to people who have certs from the CAs in your trusted cert store
[23:28:03] <MattJ> If that's the case, go ahead
[23:28:32] <MattJ> But at the moment that will be relatively few people you'll be speaking to :)
[23:28:35] <Zash> tricky indeed
[23:29:27] <evilotto> Security is subtle. An interesting example: which auth method is more secure, PLAIN or DIGEST-MD5 ? (and why)
[23:29:50] <Zash> SCRAM-SHA1 \o/
[23:30:08] <MattJ> evilotto, SCRAM-SHA1 :P
[23:30:13] <Tobias> what's that DIGEST-MD5 thing you're talking about?
[23:30:26] * hawke left the chat.
[23:30:33] <Zash> evilotto, last year called ... ;)
[23:30:39] <MattJ> Heh
[23:30:56] <MattJ> evilotto, though to answer your question, despite the flaws, DIGEST-MD5 is more secure
[23:31:07] <evilotto> last year? crap, my phone is still 5 years old, so that's 4 years newer!!
[23:31:21] <Tobias> Zash: what does it want? does it want its auth mechanism back?
[23:31:35] <Zash> Tobias, yes, it does!
[23:32:23] <Zash> Le old plain text password on wire or in database ...
[23:32:27] <evilotto> ok, now why is it more secure? (the answer I'm expecting is that it does not send the password across the wire in cleartext)
[23:32:50] <Zash> evilotto, SCRAM doesn't need a password anywhere afaik
[23:33:29] <Zash> (anywhere as in client, wire (encrypted or not) or server)
[23:33:53] <MattJ> evilotto, 1) it doesn't send the password along the wire in cleartext 2) it allows the client to auth the server
[23:34:25] <evilotto> I'm not familiar with scram; I'm just trying to make a point
[23:34:36] <Tobias> for whom?
[23:35:07] <Florob> evilotto, so, what is that point?
[23:35:08] <evilotto> For *them*. (y'know, like "they say" kind of them)
[23:37:26] <MattJ> Florob, maybe there wasn't one :)
[23:37:35] <evilotto> I think the correct answer is (as always), "it depends". In particular, since digest-md5 requires the server to store the
password (or A1), if your database is comprimised then it is easier to fake authentication. With plaintext authentication
the password is stored as a hash that you can't reconstruct without knowing the password.
[23:37:53] <evilotto> scram may solve exactly that problem.
[23:38:02] <MattJ> It does
[23:38:14] <MattJ> But since we're not talking about SCRAM...
[23:38:29] <MattJ> I'd still argue that plaintext and hash over the wire is more secure than PLAIN
[23:38:43] <MattJ> *plaintext in db
[23:39:17] <Tobias> sure
[23:39:40] <evilotto> so the question is, which is more secure, the wire, or the server?
[23:39:46] <MattJ> The server
[23:39:49] <Zash> Why do people think that PLAIN is better?
[23:40:26] <Zash> MattJ, unless you're doing webdev with php ... :P
[23:40:26] <MattJ> evilotto, using PLAIN and hash on the server is certainly never secure
[23:40:35] * waqas joined the chat.
[23:40:39] <evilotto> and where have more large-scale security breaches occurred?
[23:40:51] * waqas left the chat.
[23:41:12] <MattJ> evilotto, depends who you're protecting yourself from
[23:41:29] <MattJ> I'm not saying such breaches don't happen, but the large ones are the ones you hear about
[23:41:48] * waqas joined the chat.
[23:41:49] <MattJ> Sniffing the wire is *much* easier if the server is properly secured
[23:41:59] <evilotto> exactly. wire-level encryption defends you from the equivalent of muggers. The bank robbers have much more effective means.
[23:44:12] <Florob> evilotto, that certainly depends on point of view. If people are hading out there purses to everyone just like that muggers
may be more effective ;)
[23:44:23] <Florob> *handing
[23:45:21] <evilotto> I was also surprised when I learned that there are companies that sell appliances for monitoring encrypted communications
(e.g., in a corporate firewall). My first reaction was "that's impossible!". 2 seconds later I thought "well, unless they
...." Which gets back to blind user behavior of dismissing warning dialog boxes.
[23:46:35] <MattJ> Indeed, which makes wire sniffing the easiest route :)
[23:47:12] <MattJ> Especially if you're in a position of authority and can force a CA to give you a cert
[23:48:19] <Florob> Yeah... I saw a similar box going though 10GB Ethernet traffic. Apparently they could basically go through UMTS traffic of
an entire region with that thing (unencrypted though). But surely no provider would ever do that
[23:48:39] <Zash> Surely ...
[23:51:06] <Zash> /me points out that all traffic crossing the Swedish border is intercepted and might be analyzed by some wery smart people
using one of the largest supercomputers in the world ...
[23:51:57] <evilotto> /me says uff da to that!
[23:51:58] <Zash> And lots of other countries are probably doing that as well
[23:52:38] * Florob left the chat.
[23:52:45] * Florob joined the chat.
[23:56:11] * Zash left the chat.
[00:05:41] * Tobias left the chat.
[00:29:41] * jugg joined the chat.
[00:40:47] * Kev left the chat.
[00:44:04] * Kev joined the chat.
[01:03:28] * evilotto left the chat.
[01:19:59] * MattJ left the chat.
[02:01:59] * bear left the chat.
[02:14:10] * MattJ joined the chat.
[02:22:28] * waqas left the chat.
[02:22:44] * waqas joined the chat.
[02:28:18] * Florob left the chat.
[03:02:13] * zanchin left the chat.
[03:03:34] * evilotto joined the chat.
[03:25:26] * zanchin joined the chat.
[03:35:40] * MattJ left the chat.
[03:46:34] * johnny left the chat.
[04:53:33] * waqas left the chat.