| poetaster | attah, I've gone down the rabbit hole: https://github.com/poetaster/fahrplan/tree/memorymanagement/ | 07:28 |
|---|---|---|
| *** Mikaela is now known as Guest1477 | 13:05 | |
| attah | poetaster: wow! happy hunting! | 18:27 |
| poetaster | attah, ah, you know how it is. The deeper you go, the more inclined you are to start from scratch ;) | 18:28 |
| attah | that is why i always start from scratch | 18:29 |
| attah | ...trust issues | 18:29 |
| attah | did i tell you about when i heard CUPS had added a JSON format? | 18:31 |
| poetaster | no. way. | 18:31 |
| poetaster | what happend. broken glass. spilt beer. | 18:31 |
| attah | https://github.com/istopwg/ippsample/blob/c75af30f55a0a5b7e28259e418b20354443c06d8/tools/ipptool.c#L2032 | 18:31 |
| attah | not exactly how i did it... | 18:32 |
| poetaster | oh dear. oh dear. well, you already know what dumpster fire I'm flailing a blanket at.... | 18:32 |
| poetaster | I'm treating it like a lesson in application profiling (cough, ouch, fire). | 18:33 |
| attah | trashcan fire, max | 18:33 |
| attah | ;) | 18:34 |
| poetaster | right you are. actually, considering the catastrophe that the web is, I can forget about memory leaks! | 18:34 |
| poetaster | damn. you took my dumpster away. | 18:34 |
| attah | in sweden we don't really distinguish between container and dumpster... | 18:35 |
| * attah mumbles something about cloud | 18:35 | |
| poetaster | as vengeance, this was my lunch reading: https://enturas.atlassian.net/wiki/spaces/PUBLIC/pages/728891505/NeTEx+examples+catalogue | 18:35 |
| poetaster | You will note that the 'Nordic' NeTEx Profile is authored by .... Norwegians!!!!! (duck ... run) | 18:36 |
| attah | How wide use does it have? | 18:38 |
| poetaster | California, London, France, coming to Germany. | 18:39 |
| poetaster | And Norway. | 18:39 |
| attah | https://xkcd.com/927/ ? | 18:40 |
| poetaster | oh shit. | 18:40 |
| poetaster | As far as I can tell, there 2 competing standards and sbb.ch. and a lot of 'stuff' 'that just works' | 18:41 |
| attah | So do you think you may be able to start culling backends? | 18:43 |
| poetaster | Yea. | 18:48 |
| poetaster | today I did the minimal fixes to get the efa backends back on-line (3 of them) and started weeding out. | 18:49 |
| poetaster | the danish hafas can be modernized, but dubai, san francisco, sbb.ch and probably norway need to go. | 18:50 |
| poetaster | I'm toying with implementing https://sdk.entur.org/index.html but not in fahrplan | 18:51 |
| poetaster | Oh, ireland works, too. For some reason that made me happy. | 18:52 |
| attah | Ireland always makes people happy | 18:52 |
| attah | And you are way too good to us | 18:52 |
| poetaster | What? I'm just sublimating my youthful urge to pick up a gun and join a revolution! | 18:53 |
| attah | One of the slowest revolutions on earth probably (: | 18:54 |
| poetaster | Heh. | 18:55 |
| attah | Hasn't this been going on since at least the advent of personal computers and a bit before? | 18:55 |
| poetaster | You mean memory leaks in c? | 18:56 |
| attah | that too | 18:57 |
| poetaster | Ah, I don't know. I just can't look at a code base and ignore it's screams for help. | 18:57 |
| poetaster | And I need practice writing c++. I am very suck slow. Which is ok when the payload you are waiting for is an XML document. | 18:58 |
| poetaster | Oh, finally! basil is taking donations for openrepos directly via hetzner. | 19:00 |
| attah | That was one of my excuses for SeqaPrint too... recently my manager said that i could/should count some as competence development O.o | 19:00 |
| poetaster | All my spare time and some spare cash. | 19:00 |
| poetaster | Absolutely. Seaprint is nice work. in a domain that acutally produces physical things! | 19:01 |
| attah | I keep waiting for the gotcha that completely invalidates it | 19:02 |
| poetaster | Don't see it coming. Unless jolla is planning something and I very much doubt that!? | 19:04 |
| attah | But given how relatively easy it was it should have been done before (not necessarily for Sailfish, but still)... and it wasn't | 19:05 |
| Nico | attah: Did they tell you that, because they were thinking you lack practice? :D | 19:05 |
| attah | Nico: More like lack (imagination for) things to practice on | 19:06 |
| attah | I somehow always have plenty of actual work xD | 19:06 |
| Nico | Hm, I would have probably complained to my employer, that they are being rude ;p | 19:06 |
| attah | The rest of the company is pretty much all about C++, so i kind of get it | 19:09 |
| attah | Not so sure it is the future tho | 19:10 |
| * Nico looks at all his projects he tends to start in C++ | 19:10 | |
| Nico | I should learn to be comfortable in other langs :D | 19:10 |
| poetaster | ah, the language question. dlang. erlang. scheme :) | 19:11 |
| attah | You should! No need to feel compelled to switch... but it definitely helps | 19:11 |
| attah | When i "came back" to C++ i had a certain lack of respect for what was supposedly impossible | 19:12 |
| attah | ...and some design learnings didn't hurt either | 19:13 |
| poetaster | That's the key. design learning. most of the memory problems in fahrplan are an extension of poor design. | 19:13 |
| Nico | Well, I currently use C++20 for my toy projects, which is a lot of fun | 19:14 |
| Nico | I use some other langs for projects not started by me, dart, python, rust, etc. But they just don't feel right :D | 19:14 |
| attah | Old crusty api taking a function pointer and a null-pointer to extra data to supply to it? Pass a lambda and you don't have to faff around with structs if you need more than one thing | 19:14 |
| poetaster | bada bing. | 19:14 |
| attah | Nico: https://learnyousomeerlang.com/content | 19:15 |
| Nico | Asynchronous request? Just await it or switch threads using co_await :D | 19:15 |
| poetaster | attah, yeah, nico yeah :) | 19:15 |
| poetaster | but I'm having fun learning audio synthesis with SDL (really no one's idea of a good time) | 19:16 |
| attah | await? nah... receive! | 19:16 |
| poetaster | promise?! | 19:16 |
| Nico | I don't know, what I would use Erlang for atm. Maybe to write a matrix server? :D | 19:16 |
| attah | Nico: yes! | 19:16 |
| Nico | Sounds like a lot of effort | 19:16 |
| poetaster | matrix REALLY needs a proper reference server. synapse is a piece of shit. | 19:16 |
| poetaster | and erland is a good idea. | 19:17 |
| poetaster | s/erland/erlang/ | 19:17 |
| Nico | Synapse isn't even that bad anymore and I have a lot of patches for it :D | 19:17 |
| attah | How big is this protocol anyway? | 19:17 |
| Nico | Most stuff is client side imo | 19:17 |
| poetaster | naught in comparison with xmpp. | 19:17 |
| Nico | But I also wrote more client side code | 19:17 |
| poetaster | in what language? | 19:18 |
| attah | Making *a server* is trivial... i.e. ordo-protocol-size | 19:18 |
| Nico | poetaster: C++ | 19:18 |
| poetaster | true. | 19:18 |
| poetaster | ah. what's the state of libolm in c++? | 19:18 |
| poetaster | I would guess it's reference, but lost track. | 19:19 |
| Nico | I just use the C libolm with a small wrapper | 19:19 |
| poetaster | ah. ok. | 19:19 |
| Nico | Reimplementing libolm is annoying, because... you need bug to bug compatibility :D | 19:19 |
| poetaster | heh. | 19:19 |
| Nico | The server2server API is not that bad with Matrix: https://spec.matrix.org/latest/server-server-api/ | 19:20 |
| Nico | The devil is in the details and the client side API :D | 19:20 |
| poetaster | I have to admit, I'm more inclined to: 1. build the ultimate ejabberd (erlang!) manual including stun/turn/bosh done right and | 19:21 |
| poetaster | 2. build some modern clients. | 19:21 |
| Nico | I don't like XMPP... It makes too much stuff only work in some clients with some servers and I have no idea, what I should use :D | 19:22 |
| poetaster | what do you use as a matrix client (I use a hacked version of gomuks) | 19:22 |
| Nico | Well | 19:23 |
| Nico | I develop Nheko | 19:23 |
| Nico | So I am kinda biased | 19:23 |
| poetaster | ah! of course! Nheko is also a lot better than most. I actually still have it installed :) | 19:24 |
| poetaster | mirage drove me nuts. looked nice. had the same resource usage as an electron app. | 19:25 |
| poetaster | but, seriously, if you have cycles for it, writing a matrix server in erlang would be cool. | 19:27 |
| Nico | Well, a friend is trying to talk me into writing a C++ one :D | 19:27 |
| poetaster | that's going to be more code :) | 19:28 |
| attah | What http server would you take? | 19:29 |
| poetaster | doesn't everyone just use socat? | 19:29 |
| Nico | Dunno yet, Matrix has a lot of requirements with the shenanigans you need, because you need to send to different hosts than the tls connection is for, do dns requests, etc | 19:30 |
| Nico | And most http libs suck at that :D | 19:30 |
| attah | Sounds like you need Erlang | 19:30 |
| poetaster | gwsocket just use websockets? | 19:31 |
| attah | i think dns stuff is even in the standard lib... and then Cowboy as http server | 19:31 |
| poetaster | I don't know if a web server is, strictly speaking, required? | 19:33 |
| attah | REST behavior framework? | 19:33 |
| poetaster | yeah, it is http based. | 19:34 |
| poetaster | + webrtc. | 19:35 |
| Nico | Yeah, you just implement http endpoints | 19:35 |
| Nico | And send http requests | 19:35 |
| Nico | I.e. for my clients I just use libcurl wrapped in libevent wrapped in C++ :D | 19:36 |
| poetaster | I actually wrote my matrix admin tool with curl. | 19:36 |
| attah | i believe the Cowboy-related http client is called Gun | 19:36 |
| Nico | Good name :D | 19:36 |
| attah | and they depend on ranch... | 19:36 |
| poetaster | oh, is that evil ... | 19:39 |
| poetaster | curl --insecure -XDELETE -H "Authorization: Bearer $access_token" -H "Content-Type: application/json" -d '{"message":"Removed","block":true,"purge":true}' "https://hostname:8448/_synapse/admin/v1/rooms/$url_room" | jq | 19:39 |
| poetaster | that was before Synapse-Admin existed. | 19:41 |
| poetaster | nico, do you know if the media archive can be disabled and people still exchange images? | 19:42 |
| Nico | How would you exchange images without the media repo? | 19:42 |
| poetaster | over the wire. they don't need to be stored. | 19:42 |
| Nico | Like it has 3 endpoints, upload, download and thumbnail :D | 19:42 |
| Nico | In Matrix everything is stored | 19:43 |
| Nico | But you can run a purge cron job and delte the images automtically every night | 19:43 |
| poetaster | the problem is you can scrape the data. it's not 'so bad' if it's encrypted. | 19:43 |
| Nico | How do you scrape random ids in your media repo? | 19:43 |
| Nico | Like that would take as long as cracking a 12 char password or so | 19:44 |
| poetaster | I have journalists that have been accused of treason as users. | 19:44 |
| Nico | 25 actually | 19:44 |
| poetaster | so, state actors ina mix | 19:44 |
| Nico | Well, then encrypt the images and chats :3 | 19:44 |
| poetaster | Of course they are. but I've already been tasked with finding a more secure solution. | 19:45 |
| Nico | I still plan to require downloads to be authenticated, but that is an uphill battle... | 19:45 |
| poetaster | yeah, authentication would solve our problem. | 19:45 |
| poetaster | why? | 19:45 |
| Nico | Because it would complicate writing webclients... | 19:46 |
| Nico | Which is a stupid reason, if those clients support E2EE... | 19:46 |
| poetaster | an access token is not too much to ask, is it? | 19:47 |
| Nico | You can't add an access token to an `<img>` tag | 19:47 |
| poetaster | HTTP AUTH :) | 19:48 |
| Nico | NO! | 19:48 |
| poetaster | sure, why not. it's just header foo. | 19:49 |
| poetaster | just kidding. | 19:49 |
| poetaster | I think it's sufficient to have an authenticated session. | 19:51 |
| poetaster | and that's already built in. it just isn't USED when requesting images. I consider it a bug. | 19:51 |
| Nico | Well, again, that doesn't work properly in simple matrix web clients | 19:52 |
| poetaster | that's no excuse. | 19:53 |
| Nico | That's usually why my MSCs don't get merged ;-) | 19:53 |
| poetaster | I mean, I literally being forced to run a bunch of alternatives because of an audit. | 19:54 |
| Nico | Because a random string as a password for each media file is not enough? | 19:54 |
| poetaster | current contenders are rocketchat (puke), libervia (aka salut-a-tois) and next cloud talk (puke). | 19:54 |
| poetaster | correct. | 19:55 |
| Nico | Okay, can you tell me why a random string as the password for each media file is not enough? | 19:55 |
| poetaster | Although I'm a fan of security through obscurity (guess my favourite epic greek poems !) that is what you are suggesting. | 19:58 |
| Nico | No, I mean, what is the difference between an access_token and a random string required to view the image? | 19:59 |
| poetaster | and although I believe those with the compute power to do so would just 'seize the machines', the audit is not mine contradict | 19:59 |
| Nico | Yeah, but I need to write some proper arguments into the MSC :D | 20:00 |
| poetaster | I had already gone beyond access_token to session. The client MUST maintain a token to resume the session, no? | 20:00 |
| poetaster | If I don't log out of gomuks, I can move from country to country without signing in. | 20:02 |
| poetaster | But I've probably got something poorly configured :) | 20:02 |
| poetaster | soooo, why doesn't synapse check to see if it currently has a session with the requesting client? | 20:03 |
| Nico | Synapse can't really know it, unless it cross-correlates the connections/IPs | 20:04 |
| Nico | Because you can't add a header to an img tag in html | 20:04 |
| poetaster | http request. not tag. | 20:08 |
| Nico | Well, the problem is that the protocol stewards want to support simple html clients, that directly use image urls in img tags instead of setting up a service worker or abusing data urls | 20:09 |
| Nico | I disagree with that, but they say authentication is not needed, since none guesses a 25char random id | 20:09 |
| poetaster | ok. I can post to the github repos directly and not bother you. it's on my to-do list anyway. | 20:09 |
| Nico | There should be an open issue for it already :3 | 20:10 |
| poetaster | Oh, there was. But it's deep sixed. | 20:10 |
| poetaster | That is what accelerated the audit to push me to erect 4 different tests systems. | 20:11 |
| Nico | And the test systems have end to end encryption? | 20:12 |
| poetaster | Of course. | 20:12 |
| Nico | Didn't know nextcloud talk had that, neat | 20:13 |
| poetaster | libervia uses OMEMO, I'm not sure what rocketchat's crypto is, nor have I finished digging through nc talk have e2 | 20:14 |
| poetaster | the criteria for solutions was e2e++ someone wanted support for yubikey 2fa. I talked them down from that. | 20:15 |
| Nico | Looks like rocktchat doesn't even use a ratchet? o.o | 20:16 |
| poetaster | rocketchat, I believe, is doing public key exchange | 20:18 |
| Nico | So does https | 20:19 |
| Nico | Problem is how you build the session keys with that, how they are rotated, what backward and forward secrecies you want to provide, etc | 20:19 |
| poetaster | https://docs.rocket.chat/guides/security/end-to-end-encryption-algorithms | 20:20 |
| Nico | > When starting a new E2EE session, first, if an existing session key exists in the room subscription of the current user, it is downloaded and decrypted using the user’s private key and then used to encrypt future messages. In case an existing session key is not found in the database, a new session key is generated by the current user and then stored in the database encrypted for every user in the room. | 20:20 |
| Nico | > Once a session key has been obtained in the above manner, we enter E2EE mode, and all messages sent henceforth are encrypted using this session key. | 20:20 |
| Nico | This sounds like it always just uses one key for a chat | 20:21 |
| Nico | I.e. multiple messages share the same key | 20:21 |
| Nico | Which is usually a big no no | 20:21 |
| poetaster | that depends. | 20:21 |
| poetaster | It's been a while since I looked at double ratchet, so I can't judge. | 20:22 |
| Nico | Usually you want at least some mechanism to rotate keys when a room member leaves, a way to verify, who should receive the e2ee keys, etc | 20:23 |
| Nico | And I don't see that mentioned anywhere | 20:23 |
| Nico | But maybe that is in some advanced section | 20:23 |
| poetaster | the have encrypted session keys, client keys and masters | 20:24 |
| Nico | Yes, but the session keys are usually not rotated and sent to every client without much verification? | 20:25 |
| poetaster | um, the matrix session keys are long lived. I've travelled out of country without my session key expiring. | 20:26 |
| poetaster | though, that may be a poor configuration of synapse? | 20:26 |
| Nico | No, they are not really | 20:26 |
| poetaster | Several days on the road, check into a hotel and fire up a client directly to chat? That's 'long lived'. | 20:27 |
| Nico | You have a master key, a self signing key, a user signing key, keys for each device, one time keys, olm sessions for to_device messaging and megolm keys to encrypt individual messages | 20:27 |
| Nico | megolm keys and olm keys ratchet forward, megolm keys are rotated after 7 days or 100 messages | 20:27 |
| Nico | So while some parts are long lived, they don't allow you to read the messages | 20:28 |
| Nico | And the keys to the messages are only shared with you via to_device messaging and you can choose, if you want to share only with users you verified or not | 20:28 |
| Nico | If you share your keys with arbitrary users, the End in End to End Encryption is not verified, so you can throw it all in the bin. Because you could just be talking to a MITM. | 20:29 |
| poetaster | I only use ONE server and I'm root on that. I only use ONE client. On one machine. No federation. All clients verified by hand (ie. visual inspection). | 20:30 |
| poetaster | I don't think you appreciate our threat model. | 20:30 |
| Nico | Well, if you rely on a trusted server, it is not E2EE, it is Encryption | 20:31 |
| poetaster | Sorry, I don't understand? | 20:31 |
| Nico | Because (at least the modern definition of) E2EE requires, that you only need to trust the ends, which usually is the clients, but not the server | 20:32 |
| Nico | If someone can capture the server and make it lie about membership to exfiltrate messages, that is not E2EE, that is just encrypted communication, without proper end to end security | 20:33 |
| poetaster | How are the images in matrix encrypted :-) | 20:33 |
| Nico | It might be fine for your threat model, just the naming is wrong in the rocket chat docs imo | 20:33 |
| Nico | images are encrypted using a random, per image AES key, that is then shared using a megolm encrypted message, of which the key is shared using olm encryted to device channels | 20:34 |
| poetaster | I was fine with OMEMO, but I'm not the judge in the end. I've just been tasked to set up some alternatives for evaluation. | 20:34 |
| Nico | If in the end you use Rocketchat or so, you have a very different threat model than I do :D | 20:35 |
| Nico | OMEMO is better than what I read about rocketchat right now, afaik | 20:35 |
| Nico | it is similar to the olm and signal protocols | 20:35 |
| poetaster | I'm not the person who is going to evaluate the crypto, or the threat model, for that matter. | 20:36 |
| Nico | Well, yeah, it doesn't matter in the end who evaluates it, I just think it is interesting :3 | 20:37 |
| poetaster | I'm just the person that builds the machines, in this case. I made it clear that I am not qualified to make a recommendation. | 20:37 |
| poetaster | It could be that your description of the image encryption in the media repo if detailed in the ticket/note on github migh make a difference. | 20:37 |
| Nico | Well, that only applies to encrypted images of course | 20:38 |
| poetaster | yeah, that's another issue. https://github.com/matrix-org/synapse/security/advisories/GHSA-3hfw-x7gx-437c | 20:38 |
| Nico | Here is the spec for it: https://spec.matrix.org/latest/client-server-api/#sending-encrypted-attachments | 20:39 |
| poetaster | I think that's the one that got our paranoids going. | 20:39 |
| Nico | To be fair, that was fixed and had a pretty limited impact | 20:39 |
| Nico | You basically had to be able to hit a file with a 25 char random string, which is very unlikely to ever download an actual file | 20:40 |
| poetaster | Ah, one of the paranoids just started testing if you could download images (with know values, of course) from 'the web' | 20:40 |
| Nico | I.e. you could never download /etc/passwd, because the file path needs to be 25 chars long | 20:41 |
| poetaster | And that's not going to convince the person who uses his own services over tor. | 20:41 |
| Nico | Well, yes, you can download known images from the web, but if they are encrypted, you can't view them | 20:41 |
| poetaster | unti you decrypt them :) | 20:41 |
| Nico | Sure, but if you hand people the decryption keys, them being able to download the image was your smallest problem | 20:42 |
| poetaster | I'm not sure what they were thinking. Like I said, I'm not the measure. I don't trust my users to use gpg either. | 20:44 |
| poetaster | They used to SHARE a private key for a NUMBER of email adresses. I refused to look at any mail having anything to do with it. | 20:44 |
| Nico | Oh well | 20:45 |
| poetaster | I explained, slowly and calmly, that what they were doing was a betrayal of the trust of the people they communicated with ... | 20:45 |
| Nico | Well, to be fair, I also share my GPG key between emails, but that's because one of them is just my old mail and I want to appear as the same person :D | 20:45 |
| poetaster | so, in a sense, I'm relieved they go all bat-shit paranoid after that disaster. | 20:45 |
| Nico | Well, if they then switch to worse encryption, because they think authentication is more important than encryption, I am not soooo sure ;p | 20:46 |
| poetaster | I'll mention it. But they just freaked out that you could anonymously download binaries from matrix. | 20:47 |
| poetaster | I did sort of roll my eyes. | 20:48 |
| Nico | Well, a lot of people freak out about that without understanding the impact | 20:48 |
| Nico | Which is one reason why I want to fix it | 20:48 |
| Nico | But I don't think it is an actual security issue | 20:48 |
| Nico | There is an issue with it, but I am not going to disclose that here and it is not about leaking data :D | 20:48 |
| poetaster | I don't think so either, but I think there must be a relatively painless way to mitigate. | 20:49 |
| Nico | I'm just going the push the one, that is painless for 90% of clients and use cases :3 | 20:50 |
| poetaster | I mean, for instance, a config for 'session' only access to binaries. | 20:50 |
| Nico | Well, http doesn't have sessions usually | 20:51 |
| poetaster | I hope you can get some mind share behind your client. I hate all the clients (except irc clients :) | 20:51 |
| poetaster | the persistance of a session can be propagated by many means :) | 20:52 |
| poetaster | or, maybe you don't want mind share for the client. that would means users and responding to tickets! | 20:53 |
| poetaster | damn it. didn't get any work done. off to bed! I have to get up at 6:15. | 20:54 |
| Nico | Good night :D | 20:54 |
| poetaster | night! | 20:56 |
Generated by irclog2html.py 2.17.1 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!